ReversingLabs TitaniumCloud v2

This Integration is part of the ReversingLabs TitaniumCloud Pack.

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

ReversingLabs TitaniumCloud provides threat analysis data from various ReversingLabs cloud services.

Configure ReversingLabs TitaniumCloud v2 on Cortex XSOAR

1. Navigate to Settings > Integrations > Servers & Services.

2. Search for ReversingLabs TitaniumCloud v2.

3. Click Add instance to create and configure a new integration instance.

   Parameter	Required
   ReversingLabs TitaniumCloud URL	True
   Credentials	True
   Password	True
   Reliability	False
   Verify certificates	False
   HTTP proxy address with the protocol and port number.	False
   HTTP proxy username	False
   HTTP proxy password	False
   HTTPS proxy address with the protocol and port number.	False
   HTTPS proxy username	False
   HTTPS proxy password	False

5. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

reversinglabs-titaniumcloud-file-reputation

---

Retrieve File Reputation data from TitaniumCloud

Base Command

reversinglabs-titaniumcloud-file-reputation

Input

Argument Name	Description	Required
hash	File hash.	Required

Context Output

Path	Type	Description
File.MD5	Unknown	Bad hash found
File.SHA1	Unknown	Bad hash SHA1
File.SHA256	Unknown	Bad hash SHA256
DBotScore.Score	Number	The actual score.
DBotScore.Type	String	The indicator type.
DBotScore.Indicator	String	The indicator that was tested.
DBotScore.Vendor	String	The vendor used to calculate the score.
ReversingLabs.file_reputation	Unknown

Command example

!reversinglabs-titaniumcloud-file-reputation hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example

{

"DBotScore": {

"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"Reliability": "C - Fairly reliable",

"Score": 3,

"Type": "file",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"File": {

"Hashes": [

{

"type": "MD5",

"value": "3133c2231fcee5d6b0b4c988a5201da1"

},

{

"type": "SHA1",

"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"

},

{

"type": "SHA256",

"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

}

],

"MD5": "3133c2231fcee5d6b0b4c988a5201da1",

"Malicious": {

"Description": "antivirus - Win32.Ransomware.Tox",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

},

"ReversingLabs": {

"file_reputation": {

"rl": {

"malware_presence": {

"classification": {

"family_name": "Tox",

"is_generic": false,

"platform": "Win32",

"type": "Ransomware"

},

"first_seen": "2015-05-30T22:04:00",

"last_seen": "2023-06-06T16:16:58",

"md5": "3133c2231fcee5d6b0b4c988a5201da1",

"query_hash": {

"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271"

},

"reason": "antivirus",

"scanner_count": 34,

"scanner_match": 32,

"scanner_percent": 94.11764526367188,

"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",

"status": "MALICIOUS",

"threat_level": 5,

"threat_name": "Win32.Ransomware.Tox",

"trust_factor": 5

}

}

}

}

}

Human Readable Output

ReversingLabs File Reputation for hash 21841b32c6165b27dddbd4d6eb3a672defe54271

Classification: MALICIOUS Classification reason: antivirus First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:16:58 AV scanner hits / total number of scanners: 32 / 34 AV scanner hit percentage: 94.11764526367188% MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 Threat name: Win32.Ransomware.Tox Threat level: 5

reversinglabs-titaniumcloud-av-scanners

---

Retrieve AV Scanner data from TitaniumCloud.

Base Command

reversinglabs-titaniumcloud-av-scanners

Input

Argument Name	Description	Required
hash	File hash.	Required

Context Output

Path	Type	Description
File.MD5	Unknown	Bad hash found
File.SHA1	Unknown	Bad hash SHA1
File.SHA256	Unknown	Bad hash SHA256
ReversingLabs.av_scanners	Unknown

Command example

!reversinglabs-titaniumcloud-av-scanners hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example

{

"DBotScore": {

"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"Score": 0,

"Type": "file",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"File": {

"Hashes": [

{

"type": "MD5",

"value": "3133c2231fcee5d6b0b4c988a5201da1"

},

{

"type": "SHA1",

"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"

},

{

"type": "SHA256",

"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

}

],

"MD5": "3133c2231fcee5d6b0b4c988a5201da1",

"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

},

"ReversingLabs": {

"av_scanners": {

"rl": {

"sample": {

"first_scanned_on": "2015-05-30T22:04:00",

"first_seen_on": "2015-05-30T22:04:00",

"last_scanned_on": "2023-06-06T16:15:00",

"last_seen_on": "2023-06-06T16:15:00",

"md5": "3133c2231fcee5d6b0b4c988a5201da1",

"ripemd160": "d26f686b6af13b9073f77a1ba5a7b610934dc625",

"sample_size": 636416,

"sample_type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed",

"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",

"sha384": "e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be",

"sha512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",

"single_scan": false,

"xref": [

{

"results": [

{

"result": "[TROJAN] Trojan/Win32.Toxic.R150440",

"scanner": "scanner1"

},

{

"result": "detected",

"scanner": "scanner2"

},

{

"result": "Win32:Malware-gen",

"scanner": "scanner3"

},

{

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C",

"scanner": "scanner4"

},

{

"result": "trojan",

"scanner": "scanner5"

},

{

"result": "PUA.Win.Packer.UpxProtector-1",

"scanner": "scanner6"

},

{

"result": "win/malicious_confidence_100",

"scanner": "scanner7"

},

{

"result": "malware.confidence_100",

"scanner": "scanner8"

},

{

"result": "Trojan.Encoder.1155",

"scanner": "scanner9"

},

{

"result": "malicious (moderate confidence)",

"scanner": "scanner10"

},

{

"result": "Detected",

"scanner": "scanner11"

},

{

"result": "W32/ToxKrypt.A!tr",

"scanner": "scanner12"

},

{

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C",

"scanner": "scanner13"

},

{

"result": "Trojan.Win32.Filecoder",

"scanner": "scanner15"

},

{

"result": "Trojan (0055e3ef1)",

"scanner": "scanner16"

},

{

"result": "Generic.Malware/Suspicious",

"scanner": "scanner17"

},

{

"result": "Ransom-Tox!11B48E409D96 (trojan)",

"scanner": "scanner18"

},

{

"result": "Ransom-Tox!11B48E409D96 (trojan)",

"scanner": "scanner19"

},

{

"result": "Artemis!3133C2231FCE (trojan)",

"scanner": "scanner20"

},

{

"result": "Ransom:Win32/Tocrypt.B",

"scanner": "scanner21"

},

{

"result": "Ransom:Win32/Tocrypt.B",

"scanner": "scanner22"

},

{

"result": "Trj/Genetic.gen",

"scanner": "scanner23"

},

{

"result": "Trj/Genetic.gen",

"scanner": "scanner24"

},

{

"result": "",

"scanner": "scanner25"

},

{

"result": "Ransom.Tocrypt!8.53B6",

"scanner": "scanner26"

},

{

"result": "Malware.Undefined!8.C",

"scanner": "scanner27"

},

{

"result": "DFI - Suspicious PE",

"scanner": "scanner28"

},

{

"result": "",

"scanner": "scanner29"

},

{

"result": "Mal/Generic-R",

"scanner": "scanner30"

},

{

"result": "Trojan.Gen.2",

"scanner": "scanner31"

},

{

"result": "Trojan.Gen.2",

"scanner": "scanner32"

},

{

"result": "TROJ_CRYPTOX.T",

"scanner": "scanner33"

},

{

"result": "TROJ_CRYPTOX.T",

"scanner": "scanner34"

},

{

"result": "SScope.Malware-Cryptor.Toxic",

"scanner": "scanner35"

}

],

"scanned_on": "2023-06-06T16:15:00",

"scanner_count": 37,

"scanner_match": 32,

"scanners": [

{

"name": "scanner1",

"timestamp": "2023-06-06T12:15:00",

"version": "scanner_version1"

},

{

"name": "scanner2",

"timestamp": "2023-06-06T14:55:00",

"version": "scanner_version2"

},

{

"name": "scanner3",

"timestamp": "2023-06-06T15:26:00",

"version": "scanner_version3"

},

{

"name": "scanner4",

"timestamp": "2023-06-06T15:44:00",

"version": "scanner_version4"

},

{

"name": "scanner5",

"timestamp": "2023-06-06T16:03:00",

"version": "scanner_version5"

},

{

"name": "scanner6",

"timestamp": "2023-06-06T09:09:00",

"version": "scanner_version6"

},

{

"name": "scanner7",

"timestamp": "2023-06-06T16:04:00",

"version": "scanner_version7"

},

{

"name": "scanner8",

"timestamp": "2023-06-06T16:04:00",

"version": "scanner_version8"

},

{

"name": "scanner9",

"timestamp": "2023-06-06T15:06:00",

"version": "scanner_version9"

},

{

"name": "scanner10",

"timestamp": "2023-06-06T16:04:00",

"version": "scanner_version10"

},

{

"name": "scanner11",

"timestamp": "2023-06-06T16:04:00",

"version": "scanner_version11"

},

{

"name": "scanner12",

"timestamp": "2023-06-06T15:06:00",

"version": "scanner_version12"

},

{

"name": "scanner13",

"timestamp": "2023-06-06T15:28:00",

"version": "scanner_version13"

},

{

"name": "scanner14",

"timestamp": "2023-06-06T15:25:00",

"version": "scanner_version14"

},

{

"name": "scanner15",

"timestamp": "2023-06-06T14:31:00",

"version": "scanner_version15"

},

{

"name": "scanner16",

"timestamp": "2023-06-06T15:44:00",

"version": "scanner_version16"

},

{

"name": "scanner17",

"timestamp": "2023-06-06T16:05:00",

"version": "scanner_version17"

},

{

"name": "scanner18",

"timestamp": "2023-06-06T15:46:00",

"version": "scanner_version18"

},

{

"name": "scanner19",

"timestamp": "2023-06-06T01:34:00",

"version": "scanner_version19"

},

{

"name": "scanner20",

"timestamp": "2023-06-06T15:46:00",

"version": "scanner_version20"

},

{

"name": "scanner21",

"timestamp": "2023-06-06T10:11:00",

"version": "scanner_version21"

},

{

"name": "scanner22",

"timestamp": "2023-06-06T12:28:00",

"version": "scanner_version22"

},

{

"name": "scanner23",

"timestamp": "2023-06-06T12:28:00",

"version": "scanner_version23"

},

{

"name": "scanner24",

"timestamp": "2023-06-06T15:00:00",

"version": "scanner_version24"

},

{

"name": "scanner25",

"timestamp": "2023-06-06T15:00:00",

"version": "scanner_version25"

},

{

"name": "scanner26",

"timestamp": "2023-06-05T23:53:00",

"version": "scanner_version26"

},

{

"name": "scanner27",

"timestamp": "2023-06-06T11:13:00",

"version": "scanner_version27"

},

{

"name": "scanner28",

"timestamp": "2023-06-06T11:13:00",

"version": "scanner_version28"

},

{

"name": "scanner29",

"timestamp": "2023-06-06T16:08:00",

"version": "scanner_version29"

},

{

"name": "scanner30",

"timestamp": "2023-06-06T16:08:00",

"version": "scanner_version30"

},

{

"name": "scanner31",

"timestamp": "2023-06-06T12:00:00",

"version": "scanner_version31"

},

{

"name": "scanner32",

"timestamp": "2023-06-06T11:53:00",

"version": "scanner_version32"

},

{

"name": "scanner33",

"timestamp": "2023-06-06T14:29:00",

"version": "scanner_version33"

},

{

"name": "scanner34",

"timestamp": "2023-06-06T11:53:00",

"version": "scanner_version34"

},

{

"name": "scanner35",

"timestamp": "2023-06-06T15:43:00",

"version": "scanner_version35"

},

{

"name": "scanner36",

"timestamp": "2023-06-06T15:43:00",

"version": "scanner_version36"

},

{

"name": "scanner37",

"timestamp": "2023-06-06T11:01:00",

"version": "scanner_version37"

}

]

}

]

}

}

}

}

}

Human Readable Output

ReversingLabs AV Scan results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271

First scanned on: 2015-05-30T22:04:00 First seen on: 2015-05-30T22:04:00 Last scanned on: 2023-06-06T16:15:00 Last seen on: 2023-06-06T16:15:00 Sample size: 636416 bytes Sample type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 SHA-512 hash: 205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f SHA-384 hash: e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be RIPEMD-160 hash: d26f686b6af13b9073f77a1ba5a7b610934dc625 Scanner count: 37 Scanner match: 32

Latest scan results

result	scanner
[TROJAN] Trojan/Win32.Toxic.R150440	scanner1
detected	scanner2
Win32:Malware-gen	scanner3
DeepScan:Generic.Ransom.WCryG.5BC9065C	scanner4
trojan	scanner5
PUA.Win.Packer.UpxProtector-1	scanner6
win/malicious_confidence_100	scanner7
malware.confidence_100	scanner8
Trojan.Encoder.1155	scanner9
malicious (moderate confidence)	scanner10
Detected	scanner11
W32/ToxKrypt.A!tr	scanner12
DeepScan:Generic.Ransom.WCryG.5BC9065C	scanner13
Trojan.Win32.Filecoder	scanner14
Trojan (0055e3ef1)	scanner15
Generic.Malware/Suspicious	scanner16
Ransom-Tox!11B48E409D96 (trojan)	scanner17
Ransom-Tox!11B48E409D96 (trojan)	scanner18
Artemis!3133C2231FCE (trojan)	scanner19
Ransom:Win32/Tocrypt.B	scanner20
Ransom:Win32/Tocrypt.B	scanner21
Trj/Genetic.gen	scanner22
Trj/Genetic.gen	scanner23
	scanner24
Ransom.Tocrypt!8.53B6	scanner25
Malware.Undefined!8.C	scanner26
DFI - Suspicious PE	scanner27
	scanner28
Mal/Generic-R	scanner29
Trojan.Gen.2	scanner30
Trojan.Gen.2	scanner31
TROJ_CRYPTOX.T	scanner32
TROJ_CRYPTOX.T	scanner33
SScope.Malware-Cryptor.Toxic	scanner34

reversinglabs-titaniumcloud-file-analysis

---

Retrieve File Analysis by hash data from TitaniumCloud.

Base Command

reversinglabs-titaniumcloud-file-analysis

Input

Argument Name	Description	Required
hash	File hash.	Required

Context Output

Path	Type	Description
File.MD5	Unknown	Bad hash found
File.SHA1	Unknown	Bad hash SHA1
File.SHA256	Unknown	Bad hash SHA256
ReversingLabs.file_analysis	Unknown

Command example

!reversinglabs-titaniumcloud-file-analysis hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example

{

"DBotScore": {

"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"Score": 0,

"Type": "file",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"File": {

"Hashes": [

{

"type": "MD5",

"value": "3133c2231fcee5d6b0b4c988a5201da1"

},

{

"type": "SHA1",

"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"

},

{

"type": "SHA256",

"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

}

],

"MD5": "3133c2231fcee5d6b0b4c988a5201da1",

"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

},

"InfoFile": {

"EntryID": "7642@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "text/plain",

"Name": "File Analysis report file for hash 21841b32c6165b27dddbd4d6eb3a672defe54271",

"Size": 422187,

"Type": "ASCII text, with very long lines"

},

"ReversingLabs": {

"file_analysis": {

"rl": {

"sample": {

"analysis": {

"entries": [

{

"analysis_type": "TC_REPORT",

"analysis_version": "3.0.1",

"record_time": "2021-06-17T14:15:17",

"tc_report": {

"info": {

"file": {

"file_subtype": "Exe",

"file_type": "PE"

},

"identification": {

"name": "UPX"

},

"validation": {

"valid": true

}

},

"interesting_strings": [

{

"category": "mailto",

"values": [

"O@0.0.0.2",

"d9@0.0.0.46",

"t@0.0.0.99"

]

}

],

"metadata": {

"application": {

"pe": {

"dos_header": {

"e_cblp": 3,

"e_cp": 0,

"e_cparhdr": 0,

"e_crlc": 4,

"e_cs": 64,

"e_csum": 0,

"e_ip": 0,

"e_lfanew": 128,

"e_lfarlc": 0,

"e_maxalloc": 0,

"e_minalloc": 65535,

"e_oemid": 0,

"e_oeminfo": 0,

"e_ovno": 0,

"e_res": "0000000000000000",

"e_res2": "0000000000000000000000000000000000000000",

"e_sp": 0,

"e_ss": 184,

"has_rich_header": true

},

"file_header": {

"characteristics": 783,

"machine": 332,

"number_of_sections": 3,

"number_of_symbols": 0,

"pointer_to_symbol_table": 0,

"size_of_optional_headers": 224,

"time_date_stamp": 1432851937,

"time_date_stamp_decoded": "Thu May 28 22:25:37 2015"

},

"imports": [

{

"apis": [

"CryptHashData"

],

"name": "ADVAPI32.dll"

},

{

"apis": [

"LoadLibraryA",

"GetProcAddress",

"VirtualProtect",

"VirtualAlloc",

"VirtualFree",

"ExitProcess"

],

"name": "KERNEL32.DLL"

},

{

"apis": [

"ShellExecuteA"

],

"name": "SHELL32.DLL"

},

{

"apis": [

"wsprintfA"

],

"name": "USER32.dll"

},

{

"apis": [

"InternetOpenA"

],

"name": "WININET.DLL"

},

{

"apis": [

"bind"

],

"name": "WS2_32.dll"

},

{

"apis": [

"_iob"

],

"name": "msvcrt.dll"

}

],

"optional_header": {

"address_of_entry_point": 2497408,

"base_of_code": 1880064,

"base_of_data": 2498560,

"checksum": 0,

"data_directories": [

{

"address": 0,

"size": 0

},

{

"address": 2515688,

"size": 480

},

{

"address": 2498560,

"size": 17128

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

},

{

"address": 2497904,

"size": 24

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

},

{

"address": 0,

"size": 0

}

],

"dll_characteristics": 0,

"file_alignment": 512,

"image_base": 4194304,

"is_checksum_valid": false,

"loader_flags": 0,

"major_image_version": 1,

"major_linker_version": 2,

"major_os_version": 4,

"major_subsystem_version": 4,

"minor_image_version": 0,

"minor_linker_version": 24,

"minor_os_version": 0,

"minor_subsystem_version": 0,

"number_of_rva_and_sizes": 16,

"section_alignment": 4096,

"size_of_code": 618496,

"size_of_headers": 4096,

"size_of_heap_commit": 4096,

"size_of_heap_reserve": 1048576,

"size_of_image": 2519040,

"size_of_initialized_data": 20480,

"size_of_stack_commit": 4096,

"size_of_stack_reserve": 2097152,

"size_of_uninitialized_data": 1875968,

"subsystem": 2,

"win32_version_value": 0

},

"resources": [

{

"code_page": 0,

"language_id": 1033,

"language_id_name": "English - United States",

"name": "1",

"offset": 618664,

"size": 16936,

"type": "RT_ICON"

},

{

"code_page": 0,

"language_id": 1033,

"language_id_name": "English - United States",

"name": "A",

"offset": 635604,

"size": 20,

"type": "RT_GROUP_ICON"

}

],

"sections": [

{

"address": 4096,

"flags": 3758096512,

"name": "UPX0",

"offset": 512,

"size": 0

},

{

"address": 1880064,

"flags": 3758096448,

"name": "UPX1",

"offset": 512,

"size": 617984

},

{

"address": 2498560,

"flags": 3221225536,

"name": ".rsrc",

"offset": 618496,

"size": 17920

}

]

}

}

},

"story": "This file (SHA1: 21841b32c6165b27dddbd4d6eb3a672defe54271) is a 32-bit portable executable application. Additionally, it was identified as UPX 0.60-3.x executable packer, and unpacking was successful. The application uses the Windows graphical user interface (GUI) subsystem, while the language used is English from United States. Cryptography related data was found in the file. This application has access to networking and running processes and has cryptography and security related capabilities. There is one extracted file."

}

}

]

},

"crc32": "8704451d",

"dynamic_analysis": {

"entries": [

{

"dynamic_analysis_report_joe_sandbox": {

"analysed_on": "2023-05-18T11:55:15",

"joe_sandbox_version": "34.0.0",

"summary": {

"mutexes": [

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",

"\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",

"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",

"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:168:WilStaging_02",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh",

"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",

"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",

"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:64:WilError_01",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",

"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",

"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:64:WilError_01",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",

"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:168:WilStaging_02",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",

"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",

"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:168:WilStaging_02",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",

"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:64:WilError_01",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",

"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem"

]

}

}

},

{

"dynamic_analysis_report": {

"analysed_on": "2021-03-04T09:12:25",

"cuckoo_version": "2.0",

"summary": {

"mutexes": [

"gcc-shmem-tdm2-mxattr_recursive_shmem",

"gcc-shmem-tdm2-_pthread_key_sch_shmem",

"gcc-shmem-tdm2-sjlj_once",

"gcc-shmem-tdm2-_pthread_key_dest_shmem",

"gcc-shmem-tdm2-pthr_root_shmem",

"gcc-shmem-tdm2-idListMax_shmem",

"gcc-shmem-tdm2-global_lock_spinlock",

"gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"gcc-shmem-tdm2-idListCnt_shmem",

"gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"gcc-shmem-tdm2-idList_shmem",

"gcc-shmem-tdm2-mutex_global_shmem",

"gcc-shmem-tdm2-rwl_global_shmem",

"gcc-shmem-tdm2-mutex_global_static_shmem",

"gcc-shmem-tdm2-_pthread_key_max_shmem",

"gcc-shmem-tdm2-idListNextId_shmem",

"gcc-shmem-tdm2-_pthread_tls_shmem",

"gcc-shmem-tdm2-_pthread_tls_once_shmem",

"toxcrypt",

"gcc-shmem-tdm2-fc_key",

"gcc-shmem-tdm2-once_global_shmem",

"gcc-shmem-tdm2-_pthread_key_lock_shmem",

"gcc-shmem-tdm2-init",

"gcc-shmem-tdm2-use_fc_key",

"gcc-shmem-tdm2-once_obj_shmem"

]

}

}

}

]

},

"imphash": "ff43c5463f31cbd4000b19e8beed1ef0",

"md5": "3133c2231fcee5d6b0b4c988a5201da1",

"relationships": {

"container_sample_sha1": [

"50267628309d0e320d6ed25b198bb9a9a6181535",

"0656564814da810938c100e7fef5bf14cc8fa691",

"21841b32c6165b27dddbd4d6eb3a672defe54271",

"f0d94e01b7c39bcd7fbf901811bfc7d8ea49bc11"

],

"parent_sample_sha1": [

"0656564814da810938c100e7fef5bf14cc8fa691",

"f0d94e01b7c39bcd7fbf901811bfc7d8ea49bc11",

"50267628309d0e320d6ed25b198bb9a9a6181535"

]

},

"ripemd160": "d26f686b6af13b9073f77a1ba5a7b610934dc625",

"sample_size": 636416,

"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",

"sha384": "e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be",

"sha512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",

"sources": {

"entries": [

{

"properties": [

{

"name": "file_name",

"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"

}

],

"record_time": "2021-06-17T14:14:37",

"tag": "reversing_labs"

},

{

"properties": [

{

"name": "file_name",

"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"

}

],

"record_time": "2021-04-19T11:08:27",

"tag": "external_feed"

},

{

"properties": [

{

"name": "file_name",

"value": "Tox.exe.0.dr"

},

{

"name": "cuckoo_parent",

"value": "0437e2a71065624b78d41701ba07aebb200f684f"

}

],

"record_time": "2020-12-09T22:13:13",

"tag": "reversing_labs"

},

{

"properties": [

{

"name": "file_name",

"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"

}

],

"record_time": "2020-01-29T08:39:40",

"tag": "reversing_labs"

},

{

"record_time": "2019-10-10T09:13:15",

"tag": "reversing_labs"

},

{

"record_time": "2018-08-01T09:01:06",

"tag": "reversing_labs"

},

{

"record_time": "2018-07-31T20:07:27",

"tag": "reversing_labs"

},

{

"record_time": "2018-07-29T19:12:10",

"tag": "reversing_labs"

},

{

"record_time": "2015-06-11T23:54:00",

"tag": "reversing_labs"

},

{

"record_time": "2015-05-31T18:03:33",

"tag": "reversing_labs"

}

]

},

"ssdeep": "12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl",

"xref": {

"entries": [

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2023-06-06T12:15:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2023-06-06T14:55:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2023-06-06T15:26:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2023-06-06T15:44:00",

"version": "bitdefender_pack.rar"

},

{

"name": "carbonblack",

"timestamp": "2023-06-06T16:03:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2023-06-06T09:09:00",

"version": "daily.cvd"

},

{

"name": "crowdstrike",

"timestamp": "2023-06-06T16:04:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2023-06-06T16:04:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2023-06-06T15:06:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2023-06-06T16:04:00",

"version": "endgame.exe"

},

{

"name": "ffri",

"timestamp": "2023-06-06T16:04:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2023-06-06T15:06:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2023-06-06T15:28:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2023-06-06T15:25:00",

"version": "gdata_pack.rar"

},

{

"name": "ikarus",

"timestamp": "2023-06-06T14:31:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2023-06-06T15:44:00",

"version": "K7Cmdline.zip"

},

{

"name": "malwarebytes",

"timestamp": "2023-06-06T16:05:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2023-06-06T15:46:00",

"version": "avvdat-10733.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2023-06-06T01:34:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2023-06-06T15:46:00",

"version": "avvdat-10733.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2023-06-06T10:11:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2023-06-06T12:28:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2023-06-06T12:28:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2023-06-06T15:00:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2023-06-06T15:00:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2023-06-05T23:53:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2023-06-06T11:13:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2023-06-06T11:13:00",

"version": "rame.zip"

},

{

"name": "sentinelone_online",

"timestamp": "2023-06-06T16:08:00",

"version": "not-available"

},

{

"name": "sonicwall",

"timestamp": "2023-06-06T16:08:00",

"version": "sonicwall.exe"

},

{

"name": "sophos_susi",

"timestamp": "2023-06-06T12:00:00",

"version": "vdl-dataseta.zip"

},

{

"name": "symantec",

"timestamp": "2023-06-06T11:53:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2023-06-06T14:29:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2023-06-06T11:53:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2023-06-06T15:43:00",

"version": "icrc$tbl.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2023-06-06T15:43:00",

"version": "hcoth1849195.zip"

},

{

"name": "vba32",

"timestamp": "2023-06-06T11:01:00",

"version": "vba32w-latest.7z"

}

]

},

"record_time": "2023-06-06T16:15:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.UpxProtector-1"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "malwarebytes",

"result": "Generic.Malware/Suspicious"

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Malware.Undefined!8.C"

},

{

"name": "sentinelone_online",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos_susi",

"result": "Mal/Generic-R"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2023-05-24T11:26:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2023-05-24T15:18:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2023-05-24T14:20:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2023-05-24T15:04:00",

"version": "bitdefender_pack.rar"

},

{

"name": "carbonblack",

"timestamp": "2023-05-24T15:20:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2023-05-24T08:55:00",

"version": "daily.cvd"

},

{

"name": "crowdstrike",

"timestamp": "2023-05-24T15:20:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2023-05-24T15:21:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2023-05-24T15:09:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2023-05-24T15:21:00",

"version": "endgame.exe"

},

{

"name": "ffri",

"timestamp": "2023-05-24T15:21:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2023-05-24T14:55:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2023-05-24T11:28:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2023-05-24T14:41:00",

"version": "gdata_pack.rar"

},

{

"name": "ikarus",

"timestamp": "2023-05-23T19:22:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2023-05-24T13:48:00",

"version": "K7Cmdline.zip"

},

{

"name": "malwarebytes",

"timestamp": "2023-05-24T15:22:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2023-05-23T14:36:00",

"version": "avvdat-10719.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2023-05-24T12:31:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2023-05-23T14:36:00",

"version": "avvdat-10719.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2023-05-24T12:41:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2023-05-24T03:59:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2023-05-24T03:59:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2023-05-24T14:56:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2023-05-24T14:56:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2023-05-24T03:17:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2023-05-24T10:51:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2023-05-24T10:51:00",

"version": "rame.zip"

},

{

"name": "sentinelone_online",

"timestamp": "2023-05-24T15:26:00",

"version": "not-available"

},

{

"name": "sonicwall",

"timestamp": "2023-05-24T15:26:00",

"version": "sonicwall.exe"

},

{

"name": "sophos_susi",

"timestamp": "2023-05-24T10:56:00",

"version": "vdl-dataseta.zip"

},

{

"name": "symantec",

"timestamp": "2023-05-23T11:47:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2023-05-24T14:03:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2023-05-23T11:47:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2023-05-24T15:24:00",

"version": "icrc$tbl.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2023-05-24T15:24:00",

"version": "icrc$hctbl.zip"

},

{

"name": "vba32",

"timestamp": "2023-05-24T12:46:00",

"version": "vba32w-latest.7z"

}

]

},

"record_time": "2023-05-24T15:33:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.UpxProtector-1"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "malwarebytes",

"result": "Generic.Malware/Suspicious"

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone_online",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2023-05-18T10:07:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2023-05-18T10:32:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2023-05-18T10:40:00",

"version": "avast_db.zip"

},

{

"name": "bitdefender",

"timestamp": "2023-05-18T09:58:00",

"version": "bitdefender_pack.rar"

},

{

"name": "carbonblack",

"timestamp": "2023-05-18T11:44:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2023-05-18T08:58:00",

"version": "daily.cvd"

},

{

"name": "crowdstrike",

"timestamp": "2023-05-18T11:45:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2023-05-18T11:45:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2023-05-18T09:49:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2023-05-18T11:45:00",

"version": "endgame.exe"

},

{

"name": "ffri",

"timestamp": "2023-05-18T11:45:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2023-05-18T10:57:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2023-05-18T10:30:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2023-05-18T10:49:00",

"version": "gdata_pack.rar"

},

{

"name": "ikarus",

"timestamp": "2023-05-18T10:07:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2023-05-18T10:54:00",

"version": "K7Cmdline.zip"

},

{

"name": "malwarebytes",

"timestamp": "2023-05-18T11:46:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2023-05-17T14:04:00",

"version": "avvdat-10713.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2023-05-16T23:54:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2023-05-17T14:04:00",

"version": "avvdat-10713.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2023-05-18T09:54:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2023-05-18T10:41:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2023-05-18T10:41:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2023-05-18T09:58:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2023-05-18T09:58:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2023-05-18T01:11:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2023-05-18T11:44:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2023-05-18T11:44:00",

"version": "rame.zip"

},

{

"name": "sentinelone_online",

"timestamp": "2023-05-18T11:48:00",

"version": "not-available"

},

{

"name": "sonicwall",

"timestamp": "2023-05-18T11:48:00",

"version": "sonicwall.exe"

},

{

"name": "sophos_susi",

"timestamp": "2023-05-18T02:19:00",

"version": "vdl-dataseta.zip"

},

{

"name": "symantec",

"timestamp": "2023-05-18T11:02:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2023-05-18T11:08:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2023-05-18T11:02:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2023-05-18T11:28:00",

"version": "icrc$tbl.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2023-05-18T09:26:00",

"version": "icrc$hctbl.zip"

},

{

"name": "vba32",

"timestamp": "2023-05-17T15:35:00",

"version": "vba32w-latest.7z"

}

]

},

"record_time": "2023-05-18T11:51:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.UpxProtector-1"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "malwarebytes",

"result": "Malware.AI.3162889180"

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.HLLP.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone_online",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos_susi",

"result": "Mal/Generic-R"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2023-05-18T06:06:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2023-05-18T08:32:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2023-05-18T08:35:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2023-05-18T07:54:00",

"version": "bitdefender_pack.rar"

},

{

"name": "carbonblack",

"timestamp": "2023-05-18T09:03:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2023-05-18T08:58:00",

"version": "daily.cvd"

},

{

"name": "crowdstrike",

"timestamp": "2023-05-18T09:03:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2023-05-18T09:03:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2023-05-18T07:38:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2023-05-18T09:04:00",

"version": "endgame.exe"

},

{

"name": "ffri",

"timestamp": "2023-05-18T09:05:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2023-05-18T08:54:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2023-05-18T08:26:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2023-05-18T08:43:00",

"version": "gdata_pack.rar"

},

{

"name": "ikarus",

"timestamp": "2023-05-17T19:59:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2023-05-18T06:53:00",

"version": "K7Cmdline.zip"

},

{

"name": "malwarebytes",

"timestamp": "2023-05-18T09:08:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2023-05-17T14:04:00",

"version": "avvdat-10713.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2023-05-16T23:54:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2023-05-17T14:04:00",

"version": "avvdat-10713.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2023-05-18T07:39:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2023-05-18T06:40:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2023-05-18T06:40:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2023-05-18T07:55:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2023-05-18T07:55:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2023-05-18T01:11:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2023-05-18T05:41:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2023-05-18T05:41:00",

"version": "rame.zip"

},

{

"name": "sentinelone_online",

"timestamp": "2023-05-18T09:12:00",

"version": "not-available"

},

{

"name": "sonicwall",

"timestamp": "2023-05-18T09:12:00",

"version": "sonicwall.exe"

},

{

"name": "sophos_susi",

"timestamp": "2023-05-18T02:19:00",

"version": "vdl-dataseta.zip"

},

{

"name": "symantec",

"timestamp": "2023-05-18T08:58:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2023-05-18T07:06:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2023-05-18T08:58:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2023-05-18T07:25:00",

"version": "icrc$tbl.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2023-05-18T07:25:00",

"version": "icrc$hctbl.zip"

},

{

"name": "vba32",

"timestamp": "2023-05-17T15:35:00",

"version": "vba32w-latest.7z"

}

]

},

"record_time": "2023-05-18T09:16:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.UpxProtector-1"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "malwarebytes",

"result": "Generic.Malware/Suspicious"

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone_online",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos_susi",

"result": "Mal/Generic-R"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2023-05-17T11:54:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2023-05-17T16:27:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2023-05-17T18:05:00",

"version": "avast_db.zip"

},

{

"name": "bitdefender",

"timestamp": "2023-05-17T17:24:00",

"version": "bitdefender_pack.rar"

},

{

"name": "carbonblack",

"timestamp": "2023-05-17T18:28:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2023-05-17T08:38:00",

"version": "daily.cvd"

},

{

"name": "crowdstrike",

"timestamp": "2023-05-17T18:29:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2023-05-17T18:29:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2023-05-17T18:18:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2023-05-17T18:30:00",

"version": "endgame.exe"

},

{

"name": "ffri",

"timestamp": "2023-05-17T18:30:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2023-05-17T16:28:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2023-05-17T18:04:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2023-05-17T17:56:00",

"version": "gdata_pack.rar"

},

{

"name": "ikarus",

"timestamp": "2023-05-17T13:55:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2023-05-17T16:48:00",

"version": "K7Cmdline.zip"

},

{

"name": "malwarebytes",

"timestamp": "2023-05-17T18:33:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2023-05-17T14:04:00",

"version": "avvdat-10713.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2023-05-16T23:54:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2023-05-17T14:04:00",

"version": "avvdat-10713.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2023-05-17T15:23:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2023-05-17T16:35:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2023-05-17T16:35:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2023-05-17T17:39:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2023-05-17T17:39:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2023-05-16T22:50:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2023-05-17T17:36:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2023-05-17T17:36:00",

"version": "rame.zip"

},

{

"name": "sentinelone_online",

"timestamp": "2023-05-17T18:38:00",

"version": "not-available"

},

{

"name": "sonicwall",

"timestamp": "2023-05-17T18:39:00",

"version": "sonicwall.exe"

},

{

"name": "sophos_susi",

"timestamp": "2023-05-17T12:15:00",

"version": "vdl-dataseta.zip"

},

{

"name": "symantec",

"timestamp": "2023-05-16T12:49:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2023-05-17T17:02:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2023-05-16T12:49:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2023-05-17T17:14:00",

"version": "icrc$tbl.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2023-05-17T17:14:00",

"version": "hcoth1844995.zip"

},

{

"name": "vba32",

"timestamp": "2023-05-17T15:35:00",

"version": "vba32w-latest.7z"

}

]

},

"record_time": "2023-05-17T18:49:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.UpxProtector-1"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "malwarebytes",

"result": "Generic.Malware/Suspicious"

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone_online",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos_susi",

"result": "Mal/Generic-R"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2023-05-17T11:54:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2023-05-17T16:27:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2023-05-17T16:00:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2023-05-17T15:20:00",

"version": "bitdefender_pack.rar"

},

{

"name": "carbonblack",

"timestamp": "2023-05-17T17:03:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2023-05-17T08:38:00",

"version": "daily.cvd"

},

{

"name": "crowdstrike",

"timestamp": "2023-05-17T17:03:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2023-05-17T17:03:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2023-05-17T16:07:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2023-05-17T17:03:00",

"version": "endgame.exe"

},

{

"name": "ffri",

"timestamp": "2023-05-17T17:03:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2023-05-17T16:28:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2023-05-17T16:01:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2023-05-17T15:50:00",

"version": "gdata_pack.rar"

},

{

"name": "ikarus",

"timestamp": "2023-05-17T13:55:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2023-05-17T16:48:00",

"version": "K7Cmdline.zip"

},

{

"name": "malwarebytes",

"timestamp": "2023-05-17T17:04:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2023-05-17T14:04:00",

"version": "avvdat-10713.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2023-05-16T23:54:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2023-05-17T14:04:00",

"version": "avvdat-10713.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2023-05-17T15:23:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2023-05-17T16:35:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2023-05-17T16:35:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2023-05-17T15:37:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2023-05-17T15:37:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2023-05-16T22:50:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2023-05-17T11:33:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2023-05-17T11:33:00",

"version": "rame.zip"

},

{

"name": "sentinelone_online",

"timestamp": "2023-05-17T17:06:00",

"version": "not-available"

},

{

"name": "sonicwall",

"timestamp": "2023-05-17T17:06:00",

"version": "sonicwall.exe"

},

{

"name": "sophos_susi",

"timestamp": "2023-05-17T12:15:00",

"version": "vdl-dataseta.zip"

},

{

"name": "symantec",

"timestamp": "2023-05-16T12:49:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2023-05-17T17:02:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2023-05-16T12:49:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2023-05-17T15:12:00",

"version": "icrc$tbl.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2023-05-17T13:11:00",

"version": "icrc$hctbl.zip"

},

{

"name": "vba32",

"timestamp": "2023-05-17T15:35:00",

"version": "vba32w-latest.7z"

}

]

},

"record_time": "2023-05-17T17:09:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.UpxProtector-1"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "malwarebytes",

"result": "Generic.Malware/Suspicious"

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Malware.Undefined!8.C"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone_online",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos_susi",

"result": "Mal/Generic-R"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2023-05-16T11:41:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2023-05-16T18:20:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2023-05-16T23:25:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2023-05-16T22:46:00",

"version": "bitdefender_pack.rar"

},

{

"name": "carbonblack",

"timestamp": "2023-05-16T23:32:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2023-05-16T22:30:00",

"version": "daily.cvd"

},

{

"name": "crowdstrike",

"timestamp": "2023-05-16T23:32:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2023-05-16T23:32:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2023-05-16T22:12:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2023-05-16T23:32:00",

"version": "endgame.exe"

},

{

"name": "ffri",

"timestamp": "2023-05-16T23:32:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2023-05-16T21:58:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2023-05-16T23:31:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2023-05-16T22:57:00",

"version": "gdata_pack.rar"

},

{

"name": "ikarus",

"timestamp": "2023-05-16T19:44:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2023-05-16T18:40:00",

"version": "K7Cmdline.zip"

},

{

"name": "malwarebytes",

"timestamp": "2023-05-16T23:33:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2023-05-16T15:59:00",

"version": "avvdat-10712.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2023-05-16T21:54:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2023-05-16T15:59:00",

"version": "avvdat-10712.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2023-05-16T22:30:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2023-05-16T20:28:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2023-05-16T20:28:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2023-05-16T23:17:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2023-05-16T23:17:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2023-05-16T22:50:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2023-05-16T23:26:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2023-05-16T23:26:00",

"version": "rame.zip"

},

{

"name": "sentinelone_online",

"timestamp": "2023-05-16T23:37:00",

"version": "not-available"

},

{

"name": "sonicwall",

"timestamp": "2023-05-16T23:37:00",

"version": "sonicwall.exe"

},

{

"name": "sophos_susi",

"timestamp": "2023-05-16T22:11:00",

"version": "vdl-dataseta.zip"

},

{

"name": "symantec",

"timestamp": "2023-05-16T12:49:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2023-05-16T22:56:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2023-05-16T12:49:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2023-05-16T23:00:00",

"version": "icrc$tbl.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2023-05-16T23:00:00",

"version": "icrc$hctbl.zip"

},

{

"name": "vba32",

"timestamp": "2023-05-16T19:26:00",

"version": "vba32w-latest.7z"

}

]

},

"record_time": "2023-05-16T23:38:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.UpxProtector-1"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "malwarebytes",

"result": "Generic.Malware/Suspicious"

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone_online",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos_susi",

"result": ""

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2022-06-08T11:05:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2022-06-08T10:50:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2022-06-08T11:55:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2022-06-08T08:50:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2022-06-08T12:42:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2022-06-08T08:15:00",

"version": "daily.cvd"

},

{

"name": "crowdstrike",

"timestamp": "2022-06-08T12:42:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2022-06-08T12:42:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "cyren",

"timestamp": "2022-06-08T11:40:00",

"version": "antivir-v2-z-202206081102.zip"

},

{

"name": "cyren_online",

"timestamp": "2022-06-08T11:40:00",

"version": "antivir-v2-z-202206081102.zip"

},

{

"name": "drweb",

"timestamp": "2022-06-08T11:45:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2022-06-08T12:42:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2022-06-08T12:42:00",

"version": "ensilo.exe"

},

{

"name": "ffri",

"timestamp": "2022-06-08T12:42:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2022-06-08T11:35:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2022-06-08T11:00:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2022-06-08T10:45:00",

"version": "gd_sig.zip"

},

{

"name": "ikarus",

"timestamp": "2022-06-08T08:15:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2022-06-08T08:30:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2022-01-29T06:55:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2022-01-29T06:55:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2022-06-08T12:42:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2022-06-07T14:05:00",

"version": "avvdat-10371.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2022-06-08T11:15:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2022-06-07T14:05:00",

"version": "avvdat-10371.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2022-06-08T03:05:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2022-06-08T09:00:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2022-06-08T09:00:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2022-06-08T11:55:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2022-06-08T11:55:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2022-06-08T11:25:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2022-06-08T09:40:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2022-06-08T09:40:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2022-06-08T12:43:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2022-06-08T12:43:00",

"version": "sonicwall.exe"

},

{

"name": "sophos_susi",

"timestamp": "2022-06-08T09:35:00",

"version": "ide_5.92.zip"

},

{

"name": "symantec",

"timestamp": "2022-06-08T11:55:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2022-06-08T10:35:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2022-06-08T11:55:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2022-06-08T11:00:00",

"version": "icrc$tbl.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2022-06-08T09:25:00",

"version": "icrc$hctbl.zip"

},

{

"name": "vba32",

"timestamp": "2022-06-08T09:50:00",

"version": "vba32w-latest.7z"

}

]

},

"record_time": "2022-06-08T12:43:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "cyren",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "cyren_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "Ransom-Tox!11B48E409D96"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos_susi",

"result": "Troj/ToxKrypt-A"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-06-17T11:40:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-06-17T12:45:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-06-17T13:25:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-06-17T12:20:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-06-17T14:15:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-06-16T12:45:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-06-17T11:45:00",

"version": "antivir-v2-z-202106171027.zip"

},

{

"name": "command_online",

"timestamp": "2021-06-17T11:45:00",

"version": "antivir-v2-z-202106171027.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-06-17T14:15:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-06-17T14:16:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-06-17T13:15:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-06-17T14:15:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-06-17T14:16:00",

"version": "ensilo.exe"

},

{

"name": "f_prot",

"timestamp": "2021-06-17T11:45:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-06-17T14:16:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-06-17T13:10:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-06-17T13:10:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-06-17T12:55:00",

"version": "bd.zip"

},

{

"name": "ikarus",

"timestamp": "2021-06-17T12:45:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-06-17T12:05:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-06-17T13:20:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-06-17T13:20:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-06-17T14:16:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-06-16T21:00:00",

"version": "avvdat-10017.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-06-17T13:15:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-06-16T21:00:00",

"version": "avvdat-10017.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-06-17T03:05:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-06-17T10:35:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-06-17T10:35:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-06-17T11:30:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-06-17T11:30:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-06-17T11:25:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-06-17T09:30:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-06-17T09:30:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-06-17T14:16:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-06-17T14:16:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-06-17T07:45:00",

"version": "ide_5.84.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-06-17T07:45:00",

"version": "ide_5.84.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-06-17T14:16:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-06-17T12:35:00",

"version": "CSE39VT-EN-93362-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-06-17T13:25:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-06-17T12:00:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-06-17T13:25:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-06-17T06:20:00",

"version": "ioth1678500.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-06-16T17:20:00",

"version": "hcoth1678395.zip"

},

{

"name": "vba32",

"timestamp": "2021-06-17T08:55:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-06-17T14:16:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-06-17T14:17:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Mytob.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": ""

},

{

"name": "rising_online",

"result": ""

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-04-19T08:00:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-04-19T06:10:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-04-19T10:25:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-04-19T09:50:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-04-19T11:09:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-04-18T19:15:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-04-19T09:20:00",

"version": "antivir-v2-z-202104190807.zip"

},

{

"name": "command_online",

"timestamp": "2021-04-19T09:20:00",

"version": "antivir-v2-z-202104190807.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-04-19T11:09:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-04-19T11:09:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-04-19T10:15:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-04-19T11:09:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-04-19T11:09:00",

"version": "ensilo.exe"

},

{

"name": "f_prot",

"timestamp": "2021-04-19T09:20:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-04-19T11:09:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-04-19T09:55:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-04-19T10:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-04-19T10:20:00",

"version": "gd_sig.zip"

},

{

"name": "ikarus",

"timestamp": "2021-04-19T08:20:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-04-19T08:40:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-04-19T10:20:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-04-19T10:20:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-04-19T11:09:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-04-18T14:05:00",

"version": "avvdat-9958.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-04-19T09:45:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-04-18T14:05:00",

"version": "avvdat-9958.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-04-19T03:05:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-04-19T07:05:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-04-19T07:05:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-04-19T06:40:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-04-19T06:40:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-04-18T12:25:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-04-19T09:45:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-04-19T09:45:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-04-19T11:09:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-04-19T11:09:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-04-19T02:25:00",

"version": "ide_5.83.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-04-19T02:25:00",

"version": "ide_5.83.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-04-19T11:09:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-04-19T10:00:00",

"version": "CSE39VT-EN-91944-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-04-19T10:20:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-04-19T10:10:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-04-19T10:20:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-04-19T06:30:00",

"version": "ioth1666500.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-04-18T15:15:00",

"version": "hcoth1666395.zip"

},

{

"name": "vba32",

"timestamp": "2021-04-19T09:00:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-04-19T11:09:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-04-19T11:10:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-04-14T08:00:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-04-14T07:55:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-04-14T10:25:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-04-14T08:15:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-04-14T11:17:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-04-13T14:45:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-04-14T09:40:00",

"version": "antivir-v2-z-202104140841.zip"

},

{

"name": "command_online",

"timestamp": "2021-04-14T09:40:00",

"version": "antivir-v2-z-202104140841.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-04-14T11:17:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-04-14T11:17:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-04-14T09:45:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-04-14T11:17:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-04-14T11:17:00",

"version": "ensilo.exe"

},

{

"name": "f_prot",

"timestamp": "2021-04-14T09:45:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-04-14T11:17:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-04-14T09:55:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-04-14T10:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-04-14T10:25:00",

"version": "gd_sig.zip"

},

{

"name": "ikarus",

"timestamp": "2021-04-14T08:10:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-04-14T08:25:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-04-14T09:55:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-04-14T09:55:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-04-14T11:17:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-04-13T14:05:00",

"version": "avvdat-9953.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-04-14T10:25:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-04-13T14:05:00",

"version": "avvdat-9953.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-04-14T03:10:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-04-14T09:00:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-04-14T09:00:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-04-13T11:30:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-04-13T11:30:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-04-14T08:35:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-04-14T09:45:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-04-14T09:45:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-04-14T11:17:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-04-14T11:17:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-04-14T00:55:00",

"version": "ide_5.83.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-04-14T00:55:00",

"version": "ide_5.83.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-04-14T11:17:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-04-14T08:40:00",

"version": "CSE39VT-EN-91822-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-04-14T10:20:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-04-14T08:55:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-04-14T10:20:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-04-14T06:20:00",

"version": "ioth1665500.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-04-13T15:05:00",

"version": "hcoth1665395.zip"

},

{

"name": "vba32",

"timestamp": "2021-04-14T09:05:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-04-14T11:17:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-04-14T11:18:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Pluto.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-04-07T11:20:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-04-07T10:50:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-04-07T13:25:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-04-07T11:10:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-04-07T14:26:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-04-06T15:15:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-04-07T13:15:00",

"version": "antivir-v2-z-202104071215.zip"

},

{

"name": "command_online",

"timestamp": "2021-04-07T13:15:00",

"version": "antivir-v2-z-202104071215.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-04-07T14:26:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-04-07T14:26:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-04-07T13:15:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-04-07T14:26:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-04-07T14:26:00",

"version": "ensilo.exe"

},

{

"name": "esetnod32",

"timestamp": "2021-04-05T08:30:00",

"version": "mineset64.zip"

},

{

"name": "f_prot",

"timestamp": "2021-04-07T13:20:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-04-07T14:26:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-04-07T12:10:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-04-07T13:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-04-07T12:35:00",

"version": "gd_sig.zip"

},

{

"name": "ikarus",

"timestamp": "2021-04-07T12:40:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-04-07T11:05:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-04-07T12:45:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-04-07T12:45:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-04-07T14:26:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-04-07T12:55:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-04-07T12:25:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-04-07T13:10:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-04-07T13:10:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-04-07T11:45:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-04-07T11:45:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-04-07T10:55:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-04-07T09:45:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-04-07T09:45:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-04-07T14:27:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-04-07T14:27:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-04-07T07:55:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-04-07T07:55:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-04-07T14:27:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-04-07T12:00:00",

"version": "CSE39VT-EN-91658-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-04-07T13:20:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-04-07T13:05:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-04-07T13:20:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-04-07T08:15:00",

"version": "ioth1664100.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-04-06T14:40:00",

"version": "hcoth1663995.zip"

},

{

"name": "vba32",

"timestamp": "2021-04-07T09:00:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-04-07T14:27:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-04-07T14:27:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "esetnod32",

"result": "Win32/Filecoder.Tox.A trojan (variant)"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-04-06T11:20:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-04-06T21:10:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-04-06T21:55:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-04-06T21:10:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-04-06T22:28:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-04-06T15:15:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-04-06T20:45:00",

"version": "antivir-v2-z-202104061939.zip"

},

{

"name": "command_online",

"timestamp": "2021-04-06T20:45:00",

"version": "antivir-v2-z-202104061939.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-04-06T22:28:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-04-06T22:28:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-04-06T21:45:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-04-06T22:28:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-04-06T22:28:00",

"version": "ensilo.exe"

},

{

"name": "esetnod32",

"timestamp": "2021-04-05T08:30:00",

"version": "mineset64.zip"

},

{

"name": "f_prot",

"timestamp": "2021-04-06T20:45:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-04-06T22:28:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-04-06T20:55:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-04-06T21:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-04-06T21:40:00",

"version": "bd.zip"

},

{

"name": "ikarus",

"timestamp": "2021-04-06T18:35:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-04-06T17:35:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-04-06T21:00:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-04-06T21:00:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-04-06T22:28:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-04-06T21:55:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-04-06T12:25:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-04-06T17:45:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-04-06T17:45:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-04-06T11:15:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-04-06T11:15:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-04-06T21:30:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-04-06T21:45:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-04-06T21:45:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-04-06T22:28:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-04-06T22:29:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-04-06T15:25:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-04-06T15:25:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-04-06T22:29:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-04-06T20:30:00",

"version": "CSE39VT-EN-91642-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-04-06T21:50:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-04-06T21:20:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-04-06T21:50:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-04-06T16:10:00",

"version": "ioth1663900.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-04-06T14:40:00",

"version": "hcoth1663995.zip"

},

{

"name": "vba32",

"timestamp": "2021-04-06T09:00:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-04-06T22:29:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-04-06T22:29:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "esetnod32",

"result": "Win32/Filecoder.Tox.A trojan (variant)"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-04-06T11:20:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-04-06T16:00:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-04-06T17:25:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-04-06T15:35:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-04-06T17:57:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-04-06T15:15:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-04-06T17:05:00",

"version": "antivir-v2-z-202104061600.zip"

},

{

"name": "command_online",

"timestamp": "2021-04-06T17:05:00",

"version": "antivir-v2-z-202104061600.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-04-06T17:57:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-04-06T17:57:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-04-06T17:15:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-04-06T17:57:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-04-06T17:57:00",

"version": "ensilo.exe"

},

{

"name": "esetnod32",

"timestamp": "2021-04-05T08:30:00",

"version": "mineset64.zip"

},

{

"name": "f_prot",

"timestamp": "2021-04-06T17:05:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-04-06T17:57:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-04-06T16:20:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-04-06T17:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-04-06T16:30:00",

"version": "gd_sig.zip"

},

{

"name": "ikarus",

"timestamp": "2021-04-06T12:40:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-04-06T15:35:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-04-06T16:10:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-04-06T16:10:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-04-06T17:57:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-04-06T16:55:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-04-06T12:25:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-04-06T15:45:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-04-06T15:45:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-04-06T11:15:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-04-06T11:15:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-04-06T07:50:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-04-06T15:50:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-04-06T15:50:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-04-06T17:58:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-04-06T17:58:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-04-06T15:25:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-04-06T15:25:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-04-06T17:58:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-04-06T16:25:00",

"version": "CSE39VT-EN-91638-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-04-06T17:20:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-04-06T16:50:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-04-06T17:20:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-04-06T16:10:00",

"version": "ioth1663900.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-04-06T14:40:00",

"version": "hcoth1663995.zip"

},

{

"name": "vba32",

"timestamp": "2021-04-06T09:00:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-04-06T17:58:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-04-06T17:58:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "esetnod32",

"result": "Win32/Filecoder.Tox.A trojan (variant)"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-04-06T11:20:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-04-06T16:00:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-04-06T17:25:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-04-06T15:35:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-04-06T17:52:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-04-06T15:15:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-04-06T17:05:00",

"version": "antivir-v2-z-202104061600.zip"

},

{

"name": "command_online",

"timestamp": "2021-04-06T17:05:00",

"version": "antivir-v2-z-202104061600.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-04-06T17:52:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-04-06T17:53:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-04-06T17:15:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-04-06T17:53:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-04-06T17:53:00",

"version": "ensilo.exe"

},

{

"name": "esetnod32",

"timestamp": "2021-04-05T08:30:00",

"version": "mineset64.zip"

},

{

"name": "f_prot",

"timestamp": "2021-04-06T17:05:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-04-06T17:53:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-04-06T16:20:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-04-06T17:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-04-06T16:30:00",

"version": "gd_sig.zip"

},

{

"name": "ikarus",

"timestamp": "2021-04-06T12:40:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-04-06T15:35:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-04-06T16:10:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-04-06T16:10:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-04-06T17:53:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-04-06T16:55:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-04-06T12:25:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-04-06T15:45:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-04-06T15:45:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-04-06T11:15:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-04-06T11:15:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-04-06T07:50:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-04-06T15:50:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-04-06T15:50:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-04-06T17:53:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-04-06T17:53:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-04-06T15:25:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-04-06T15:25:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-04-06T17:53:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-04-06T16:25:00",

"version": "CSE39VT-EN-91638-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-04-06T17:20:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-04-06T16:50:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-04-06T17:20:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-04-06T16:10:00",

"version": "ioth1663900.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-04-06T14:40:00",

"version": "hcoth1663995.zip"

},

{

"name": "vba32",

"timestamp": "2021-04-06T09:00:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-04-06T17:53:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-04-06T17:53:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "esetnod32",

"result": "Win32/Filecoder.Tox.A trojan (variant)"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-04-06T11:20:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-04-06T16:00:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-04-06T17:25:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-04-06T15:35:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-04-06T17:50:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-04-06T15:15:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-04-06T17:05:00",

"version": "antivir-v2-z-202104061600.zip"

},

{

"name": "command_online",

"timestamp": "2021-04-06T17:05:00",

"version": "antivir-v2-z-202104061600.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-04-06T17:50:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-04-06T17:51:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-04-06T17:15:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-04-06T17:51:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-04-06T17:51:00",

"version": "ensilo.exe"

},

{

"name": "esetnod32",

"timestamp": "2021-04-05T08:30:00",

"version": "mineset64.zip"

},

{

"name": "f_prot",

"timestamp": "2021-04-06T17:05:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-04-06T17:51:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-04-06T16:20:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-04-06T17:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-04-06T16:30:00",

"version": "gd_sig.zip"

},

{

"name": "ikarus",

"timestamp": "2021-04-06T12:40:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-04-06T15:35:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-04-06T16:10:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-04-06T16:10:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-04-06T17:51:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-04-06T16:55:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-04-06T12:30:00",

"version": "avvdat-9946.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-04-06T12:25:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-04-06T15:45:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-04-06T15:45:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-04-06T11:15:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-04-06T11:15:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-04-06T07:50:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-04-06T15:50:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-04-06T15:50:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-04-06T17:51:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-04-06T17:51:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-04-06T15:25:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-04-06T15:25:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-04-06T17:51:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-04-06T16:25:00",

"version": "CSE39VT-EN-91638-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-04-06T17:20:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-04-06T16:50:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-04-06T17:20:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-04-06T16:10:00",

"version": "ioth1663900.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-04-06T14:40:00",

"version": "hcoth1663995.zip"

},

{

"name": "vba32",

"timestamp": "2021-04-06T09:00:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-04-06T17:51:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-04-06T17:51:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "esetnod32",

"result": "Win32/Filecoder.Tox.A trojan (variant)"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": ""

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-03-12T07:55:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-03-12T08:00:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-03-12T09:55:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-03-12T09:55:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-03-12T10:39:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-03-10T10:00:00",

"version": "bytecode.cvd"

},

{

"name": "command",

"timestamp": "2021-03-12T09:35:00",

"version": "antivir-v2-z-202103120821.zip"

},

{

"name": "command_online",

"timestamp": "2021-03-12T09:35:00",

"version": "antivir-v2-z-202103120821.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-03-12T10:40:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-03-12T10:41:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-03-12T09:45:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-03-12T10:42:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-03-12T10:42:00",

"version": "ensilo.exe"

},

{

"name": "esetnod32",

"timestamp": "2021-03-12T09:40:00",

"version": "mineset64.zip"

},

{

"name": "f_prot",

"timestamp": "2021-03-12T09:40:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-03-12T10:43:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-03-12T09:25:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-03-12T09:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-03-12T08:05:00",

"version": "bd.zip"

},

{

"name": "ikarus",

"timestamp": "2021-03-12T09:10:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-03-12T08:05:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-03-12T09:00:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-03-12T09:00:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-03-12T10:45:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-03-11T14:10:00",

"version": "avvdat-9920.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-03-12T09:15:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-03-11T14:10:00",

"version": "avvdat-9920.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-03-12T04:05:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-03-12T09:10:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-03-12T09:10:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-03-11T12:35:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-03-11T12:35:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-03-12T08:15:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-03-12T09:50:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-03-12T09:50:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-03-12T10:47:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-03-12T10:47:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-03-12T08:05:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-03-12T08:05:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-03-12T10:47:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-03-12T09:45:00",

"version": "CSE39VT-EN-91030-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-03-12T09:50:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-03-12T08:45:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-03-12T09:50:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-03-12T08:20:00",

"version": "itbl2114200400.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-03-11T16:15:00",

"version": "hcoth1658795.zip"

},

{

"name": "vba32",

"timestamp": "2021-03-12T09:15:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-03-12T10:49:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-03-12T10:52:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "esetnod32",

"result": "Win32/Filecoder.Tox.A trojan (variant)"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": "TrojanRansom.Crypren"

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": ""

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-03-11T11:30:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-03-11T07:55:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-03-11T11:55:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-03-11T08:00:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-03-11T12:32:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-03-10T10:00:00",

"version": "bytecode.cvd"

},

{

"name": "command",

"timestamp": "2021-03-11T11:10:00",

"version": "antivir-v2-z-202103111002.zip"

},

{

"name": "command_online",

"timestamp": "2021-03-11T11:10:00",

"version": "antivir-v2-z-202103111002.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-03-11T12:34:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-03-11T12:34:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-03-11T11:45:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-03-11T12:35:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-03-11T12:35:00",

"version": "ensilo.exe"

},

{

"name": "esetnod32",

"timestamp": "2021-03-11T09:20:00",

"version": "mineset64.zip"

},

{

"name": "f_prot",

"timestamp": "2021-03-11T11:10:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-03-11T12:35:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-03-11T09:10:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-03-11T11:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-03-11T11:35:00",

"version": "gd_sig.zip"

},

{

"name": "ikarus",

"timestamp": "2021-03-11T09:10:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-03-11T11:05:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-03-11T11:35:00",

"version": "database.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-03-11T11:35:00",

"version": "database.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-03-11T12:39:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-03-10T15:05:00",

"version": "avvdat-9919.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-03-11T11:15:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-03-10T15:05:00",

"version": "avvdat-9919.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-03-11T04:00:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-03-11T11:45:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-03-11T11:45:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-03-10T12:00:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-03-10T12:00:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-03-11T09:15:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-03-11T09:45:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-03-11T09:45:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-03-11T12:42:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-03-11T12:42:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-03-11T08:55:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-03-11T08:55:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-03-11T12:42:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-03-11T11:00:00",

"version": "CSE39VT-EN-91008-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-03-11T11:50:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-03-11T11:20:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-03-11T11:50:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-03-11T10:30:00",

"version": "itbl2114000700.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-03-10T17:50:00",

"version": "hcoth1658595.zip"

},

{

"name": "vba32",

"timestamp": "2021-03-11T09:30:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-03-11T12:44:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-03-11T12:47:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "esetnod32",

"result": "Win32/Filecoder.Tox.A trojan (variant)"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": "TrojanRansom.Crypren"

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": ""

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-03-04T11:20:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-03-04T13:45:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-03-04T13:55:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-03-04T13:35:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-03-04T14:40:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-03-04T07:20:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-03-04T12:25:00",

"version": "antivir-v2-z-202103041126.zip"

},

{

"name": "command_online",

"timestamp": "2021-03-04T12:25:00",

"version": "antivir-v2-z-202103041126.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-03-04T14:40:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-03-04T14:40:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-03-04T13:45:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-03-04T14:40:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-03-04T14:40:00",

"version": "ensilo.exe"

},

{

"name": "esetnod32",

"timestamp": "2021-03-04T12:50:00",

"version": "mineset64.zip"

},

{

"name": "f_prot",

"timestamp": "2021-03-04T12:25:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-03-04T14:40:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-03-04T12:45:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-03-04T13:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-03-04T13:35:00",

"version": "gd_sig.zip"

},

{

"name": "ikarus",

"timestamp": "2021-03-04T13:40:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-03-04T11:05:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-02-03T05:40:00",

"version": "kdb-i386-cumul.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-02-03T05:40:00",

"version": "kdb-i386-cumul.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-03-04T14:41:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-03-03T15:05:00",

"version": "avvdat-9912.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-03-04T13:45:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-03-03T15:05:00",

"version": "avvdat-9912.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-03-04T13:50:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-03-04T13:35:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-03-04T13:35:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-03-04T12:20:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-03-04T12:20:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-03-04T11:50:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-03-04T09:45:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-03-04T09:45:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-03-04T14:41:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-03-04T14:41:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-03-04T05:35:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-03-04T05:35:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-03-04T14:41:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-03-04T13:00:00",

"version": "CSE39VT-EN-90842-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-03-04T13:50:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-03-04T13:55:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-03-04T13:50:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-03-04T12:55:00",

"version": "itbl2112601000.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-03-03T16:25:00",

"version": "hcoth1657195.zip"

},

{

"name": "vba32",

"timestamp": "2021-03-04T09:00:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-03-04T14:41:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-03-04T14:42:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "esetnod32",

"result": "Win32/Filecoder.Tox.A trojan (variant)"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": "TrojanRansom.Crypren"

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": ""

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

},

{

"info": {

"scanners": [

{

"name": "ahnlab",

"timestamp": "2021-03-04T07:55:00",

"version": "ahnscan-console.zip"

},

{

"name": "antivir",

"timestamp": "2021-03-04T07:55:00",

"version": "vdf_fusebundle.zip"

},

{

"name": "avast",

"timestamp": "2021-03-04T08:55:00",

"version": "avast_stream.zip"

},

{

"name": "bitdefender",

"timestamp": "2021-03-04T07:40:00",

"version": "bdc.zip"

},

{

"name": "carbonblack",

"timestamp": "2021-03-04T09:07:00",

"version": "carbonblack.exe"

},

{

"name": "clamav",

"timestamp": "2021-03-04T07:20:00",

"version": "daily.cvd"

},

{

"name": "command",

"timestamp": "2021-03-04T08:00:00",

"version": "antivir-v2-z-202103040702.zip"

},

{

"name": "command_online",

"timestamp": "2021-03-04T08:00:00",

"version": "antivir-v2-z-202103040702.zip"

},

{

"name": "crowdstrike",

"timestamp": "2021-03-04T09:07:00",

"version": "crowdstrike_v1.exe"

},

{

"name": "crowdstrike_online",

"timestamp": "2021-03-04T09:07:00",

"version": "crowdstrike_scan_result_lookup.exe"

},

{

"name": "drweb",

"timestamp": "2021-03-04T08:45:00",

"version": "drweb-500-wcl.zip"

},

{

"name": "endgame",

"timestamp": "2021-03-04T09:07:00",

"version": "endgame.exe"

},

{

"name": "ensilo",

"timestamp": "2021-03-04T09:07:00",

"version": "ensilo.exe"

},

{

"name": "esetnod32",

"timestamp": "2021-03-04T04:40:00",

"version": "mineset64.zip"

},

{

"name": "f_prot",

"timestamp": "2021-03-04T08:00:00",

"version": "antivir.def"

},

{

"name": "ffri",

"timestamp": "2021-03-04T09:07:00",

"version": "ffri.exe"

},

{

"name": "fireeye_online",

"timestamp": "2021-03-04T08:10:00",

"version": "fireeye_pack.rar"

},

{

"name": "fortinet",

"timestamp": "2021-03-04T08:15:00",

"version": "vir_high"

},

{

"name": "gdata",

"timestamp": "2021-03-04T08:10:00",

"version": "bd.zip"

},

{

"name": "ikarus",

"timestamp": "2021-03-03T19:45:00",

"version": "t3sigs.vdb"

},

{

"name": "k7computing",

"timestamp": "2021-03-04T08:05:00",

"version": "K7Cmdline.zip"

},

{

"name": "kaspersky",

"timestamp": "2021-02-03T05:40:00",

"version": "kdb-i386-cumul.zip"

},

{

"name": "kaspersky_online",

"timestamp": "2021-02-03T05:40:00",

"version": "kdb-i386-cumul.zip"

},

{

"name": "malwarebytes",

"timestamp": "2021-03-04T09:08:00",

"version": "mbbr.exe"

},

{

"name": "mcafee",

"timestamp": "2021-03-03T15:05:00",

"version": "avvdat-9912.zip"

},

{

"name": "mcafee_beta",

"timestamp": "2021-03-04T08:45:00",

"version": "avvwin_netware_betadat.zip"

},

{

"name": "mcafee_online",

"timestamp": "2021-03-03T15:05:00",

"version": "avvdat-9912.zip"

},

{

"name": "mcafeegwedition_online",

"timestamp": "2021-03-04T04:05:00",

"version": "mfegw-cmd-scanner-windows.zip"

},

{

"name": "microsoft",

"timestamp": "2021-03-04T05:50:00",

"version": "mpam-fe.exe"

},

{

"name": "microsoft_online",

"timestamp": "2021-03-04T05:50:00",

"version": "mpam-fe.exe"

},

{

"name": "panda",

"timestamp": "2021-03-03T11:45:00",

"version": "panda_pack.rar"

},

{

"name": "panda_online",

"timestamp": "2021-03-03T11:45:00",

"version": "panda_pack.rar"

},

{

"name": "quickheal",

"timestamp": "2021-03-04T07:15:00",

"version": "qhadvdef.zip"

},

{

"name": "rising",

"timestamp": "2021-03-04T03:45:00",

"version": "rame.zip"

},

{

"name": "rising_online",

"timestamp": "2021-03-04T03:45:00",

"version": "rame.zip"

},

{

"name": "sentinelone",

"timestamp": "2021-03-04T09:08:00",

"version": "sentinelone.exe"

},

{

"name": "sonicwall",

"timestamp": "2021-03-04T09:08:00",

"version": "sonicwall.exe"

},

{

"name": "sophos",

"timestamp": "2021-03-04T05:35:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_online",

"timestamp": "2021-03-04T05:35:00",

"version": "ide_5.82.zip"

},

{

"name": "sophos_susi",

"timestamp": "2021-03-04T09:08:00",

"version": "susicli.exe"

},

{

"name": "sunbelt",

"timestamp": "2021-03-04T07:35:00",

"version": "CSE39VT-EN-90836-F.sbr.sgn"

},

{

"name": "symantec",

"timestamp": "2021-03-04T08:50:00",

"version": "streamset.zip"

},

{

"name": "symantec_beta",

"timestamp": "2021-03-04T06:15:00",

"version": "symrapidreleasedefscore15-v5i32.exe"

},

{

"name": "symantec_online",

"timestamp": "2021-03-04T08:50:00",

"version": "streamset.zip"

},

{

"name": "trendmicro",

"timestamp": "2021-03-04T08:40:00",

"version": "itbl2112600600.zip"

},

{

"name": "trendmicro_consumer",

"timestamp": "2021-03-03T16:25:00",

"version": "hcoth1657195.zip"

},

{

"name": "vba32",

"timestamp": "2021-03-03T09:20:00",

"version": "vba32w-latest.7z"

},

{

"name": "watchguard",

"timestamp": "2021-03-04T09:08:00",

"version": "WWHS64.exe"

}

]

},

"record_time": "2021-03-04T09:09:00",

"scanners": [

{

"name": "ahnlab",

"result": "[TROJAN] Trojan/Win32.Toxic.R150440"

},

{

"name": "antivir",

"result": "detected"

},

{

"name": "avast",

"result": "Win32:Malware-gen"

},

{

"name": "bitdefender",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "carbonblack",

"result": "trojan"

},

{

"name": "clamav",

"result": "PUA.Win.Packer.Upx-49"

},

{

"name": "command",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "command_online",

"result": "W32/Filecoder.JKUY-0927"

},

{

"name": "crowdstrike",

"result": "win/malicious_confidence_100"

},

{

"name": "crowdstrike_online",

"result": "malware.confidence_100"

},

{

"name": "drweb",

"result": "Trojan.Encoder.1155"

},

{

"name": "endgame",

"result": "malicious (moderate confidence)"

},

{

"name": "ensilo",

"result": "Malicious-High"

},

{

"name": "esetnod32",

"result": "Win32/Filecoder.Tox.A trojan (variant)"

},

{

"name": "f_prot",

"result": "W32/Filecoder.E"

},

{

"name": "ffri",

"result": "Detected"

},

{

"name": "fireeye_online",

"result": "Generic.mg.3133c2231fcee5d6"

},

{

"name": "fortinet",

"result": "W32/ToxKrypt.A!tr"

},

{

"name": "gdata",

"result": "Generic.Ransom.WCryG.7651CF3C"

},

{

"name": "ikarus",

"result": "Trojan.Win32.Filecoder"

},

{

"name": "k7computing",

"result": "Trojan (0055e3ef1)"

},

{

"name": "kaspersky",

"result": "detected"

},

{

"name": "kaspersky_online",

"result": "detected"

},

{

"name": "malwarebytes",

"result": ""

},

{

"name": "mcafee",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_beta",

"result": "Ransom-Tox!11B48E409D96 (trojan)"

},

{

"name": "mcafee_online",

"result": "Artemis!3133C2231FCE (trojan)"

},

{

"name": "mcafeegwedition_online",

"result": "BehavesLike.Win32.Dropper.jc"

},

{

"name": "microsoft",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "microsoft_online",

"result": "Ransom:Win32/Tocrypt.B"

},

{

"name": "panda",

"result": "Trj/Genetic.gen"

},

{

"name": "panda_online",

"result": "Trj/Genetic.gen"

},

{

"name": "quickheal",

"result": "TrojanRansom.Crypren"

},

{

"name": "rising",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "rising_online",

"result": "Ransom.Tocrypt!8.53B6"

},

{

"name": "sentinelone",

"result": "DFI - Suspicious PE"

},

{

"name": "sonicwall",

"result": ""

},

{

"name": "sophos",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_online",

"result": "Troj/ToxKrypt-A"

},

{

"name": "sophos_susi",

"result": ""

},

{

"name": "sunbelt",

"result": "Trojan.Win32.Generic!BT"

},

{

"name": "symantec",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_beta",

"result": "Trojan.Gen.2"

},

{

"name": "symantec_online",

"result": "Trojan.Gen.2"

},

{

"name": "trendmicro",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "trendmicro_consumer",

"result": "TROJ_CRYPTOX.T"

},

{

"name": "vba32",

"result": "SScope.Malware-Cryptor.Toxic"

},

{

"name": "watchguard",

"result": "AboveThreshold563.008318"

}

]

}

],

"first_seen": "2015-05-30T22:04:00",

"last_seen": "2023-06-06T16:15:00",

"sample_type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed"

}

}

}

}

}

}

Human Readable Output

ReversingLabs File Analysis results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271

File type: PE File subtype: Exe Sample type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed Sample size: 636416 bytes Extended description: This file (SHA1: 21841b32c6165b27dddbd4d6eb3a672defe54271) is a 32-bit portable executable application. Additionally, it was identified as UPX 0.60-3.x executable packer, and unpacking was successful. The application uses the Windows graphical user interface (GUI) subsystem, while the language used is English from United States. Cryptography related data was found in the file. This application has access to networking and running processes and has cryptography and security related capabilities. There is one extracted file. First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:15:00 MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 SHA-384 hash: e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be SHA-512 hash: 205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f SSDEEP hash: 12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl RIPEMD-160 hash: d26f686b6af13b9073f77a1ba5a7b610934dc625

reversinglabs-titaniumcloud-rha1-functional-similarity

---

Retrieve a list of functionally similar hashes to the provided one.

Base Command

reversinglabs-titaniumcloud-rha1-functional-similarity

Input

Argument Name	Description	Required
hash	File hash.	Required
result_limit	Maximum number of results to be returned. Default is 5000. Default is 5000.	Optional

Context Output

Path	Type	Description
ReversingLabs.functional_similarity	Unknown

Command example

!reversinglabs-titaniumcloud-rha1-functional-similarity hash=21841b32c6165b27dddbd4d6eb3a672defe54271 result_limit=2

Context Example

{

"InfoFile": {

"EntryID": "7677@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "text/plain",

"Name": "RHA1 Functional Similarity report file for hash 21841b32c6165b27dddbd4d6eb3a672defe54271",

"Size": 1303,

"Type": "ASCII text"

},

"ReversingLabs": {

"functional_similarity": [

{

"classification": "MALICIOUS",

"first_seen": "2015-06-01T19:11:00.592000",

"last_seen": "2021-07-27T09:29:09.915000",

"malware_family": "Tox",

"malware_type": "Ransomware",

"md5": "0e3e231c255a5eefefd20d70c247d5f0",

"platform": "Win32",

"sample_available": true,

"sample_size": 636416,

"sample_type": "PE/Exe/UPX",

"sha1": "03823b9fab3931d7c634fd3c2d40a89555c783af",

"sha256": "5cf1f17aef32603d3ec7c9af88c23122dd259b4303b7b8282a0e204cb4d1f1a4",

"threat_level": 5,

"threat_name": "Win32.Ransomware.Tox",

"trust_factor": 5

},

{

"classification": "MALICIOUS",

"first_seen": "2015-05-29T00:18:00",

"last_seen": "2021-08-06T10:26:56.085000",

"malware_family": "Tox",

"malware_type": "Ransomware",

"md5": "f4fa4d7c774eaba895ed005f3c84a8b3",

"platform": "Win32",

"sample_available": true,

"sample_size": 636416,

"sample_type": "PE/Exe/UPX",

"sha1": "0649cbb97387cb2ff5d1ed2f5c238b0914a2b63a",

"sha256": "354371ec3b0b2bc03e567dbef57e9211e700381f3f39fe3604fc26abfd16a641",

"threat_level": 5,

"threat_name": "Win32.Ransomware.Tox",

"trust_factor": 5

}

]

}

}

Human Readable Output

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-rha1-analytics

---

Retrieve the number of hashes functionally similar to the provided one grouped by classification.

Base Command

reversinglabs-titaniumcloud-rha1-analytics

Input

Argument Name	Description	Required
hash	File hash.	Required

Context Output

Path	Type	Description
File.SHA1	Unknown	File SHA1
File.SHA256	Unknown	File SHA256
File.MD5	Unknown	File MD5
DBotScore.Score	Number	The actual score.
DBotScore.Type	String	The indicator type.
DBotScore.Indicator	String	The indicator that was tested.
DBotScore.Vendor	String	The vendor used to calculate the score.
ReversingLabs.rha1_analytics	Unknown

Command example

!reversinglabs-titaniumcloud-rha1-analytics hash=21841b32c6165b27dddbd4d6eb3a672defe54271

Context Example

{

"DBotScore": {

"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"Reliability": "C - Fairly reliable",

"Score": 3,

"Type": "file",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"File": {

"Hashes": [

{

"type": "MD5",

"value": "3133c2231fcee5d6b0b4c988a5201da1"

},

{

"type": "SHA1",

"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"

},

{

"type": "SHA256",

"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

}

],

"MD5": "3133c2231fcee5d6b0b4c988a5201da1",

"Malicious": {

"Description": "Win32.Ransomware.Tox",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

},

"ReversingLabs": {

"rha1_analytics": {

"rl": {

"rha1_counters": {

"rha1_first_seen": "2015-05-26T03:53:56",

"rha1_last_seen": "2020-04-20T00:42:11",

"rha1_type": "pe01",

"sample_counters": {

"known": 0,

"malicious": 144,

"suspicious": 0,

"total": 144

},

"sample_metadata": {

"classification": "MALICIOUS",

"first_seen": "2015-05-30T22:04:00",

"last_seen": "2023-06-06T16:16:58.328000",

"malware_family": "Tox",

"malware_type": "Ransomware",

"md5": "3133c2231fcee5d6b0b4c988a5201da1",

"platform": "Win32",

"sample_available": true,

"sample_size": 636416,

"sample_type": "PE/Exe/UPX",

"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",

"threat_level": 5,

"threat_name": "Win32.Ransomware.Tox",

"trust_factor": 5

},

"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271"

}

}

}

}

}

Human Readable Output

ReversingLabs RHA1 Analytics results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271

Sample counters

KNOWN: 0 MALICIOUS: 144 SUSPICIOUS: 0 TOTAL: 144

Sample metadata

Classification: MALICIOUS MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:16:58.328000 Sample available: True Sample size: 636416 bytes Sample type: PE/Exe/UPX Threat name: Win32.Ransomware.Tox Threat level: 5

reversinglabs-titaniumcloud-uri-statistics

---

Retrieve the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command

reversinglabs-titaniumcloud-uri-statistics

Input

Argument Name	Description	Required
uri	URI string.	Required

Context Output

Path	Type	Description
IP.Address	Unknown	IP address
Domain.Name	Unknown	Domain name
URL.Data	Unknown	The URL
Email.To	Unknown	Destination email address
ReversingLabs.uri_statistics	Unknown

Command example

!reversinglabs-titaniumcloud-uri-statistics uri=127.0.0.1

Context Example

{

"DBotScore": {

"Indicator": "127.0.0.1",

"Score": 0,

"Type": "ip",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"IP": {

"Address": "127.0.0.1"

},

"ReversingLabs": {

"uri_statistics": {

"rl": {

"uri_state": {

"counters": {

"known": 48600,

"malicious": 163967,

"suspicious": 602

},

"ipv4": "127.0.0.1",

"sha1": "4b84b15bff6ee5796152495a230e45e3d7e947d9",

"uri_type": "ipv4"

}

}

}

}

}

Human Readable Output

ReversingLabs URI Statistics results for URI 127.0.0.1

Sample counters

KNOWN: 48600 MALICIOUS: 163967 SUSPICIOUS: 602 SHA-1 hash: 4b84b15bff6ee5796152495a230e45e3d7e947d9 URI type: ipv4 IPv4: 127.0.0.1

reversinglabs-titaniumcloud-uri-index

---

Retrieve a list of all available file hashes associated with a given URI.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command

reversinglabs-titaniumcloud-uri-index

Input

Argument Name	Description	Required
uri	URI string.	Required
result_limit	Maximum number of results to be returned. Default is 5000. Default is 5000.	Optional

Context Output

Path	Type	Description
ReversingLabs.uri_index	Unknown

Command example

!reversinglabs-titaniumcloud-uri-index uri=8.8.4.4 result_limit=2

Context Example

{

"InfoFile": {

"EntryID": "7686@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Extension": "4",

"Info": "application/x-troff-man",

"Name": "URI Index report file for URI 8.8.4.4",

"Size": 98,

"Type": "ASCII text"

},

"ReversingLabs": {

"uri_index": [

"007525ef3ee9d4c969fd893f6c4f3d35ce2ee914",

"03c30532b3f750bc0232f560c4b51c53521df21b"

]

}

}

Human Readable Output

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-advanced-search

---

Search for hashes using multi-part search criteria.

Base Command

reversinglabs-titaniumcloud-advanced-search

Input

Argument Name	Description	Required
query	Query string.	Required
result_limit	Maximum number of results to be returned. Default is 5000. Default is 5000.	Optional

Context Output

Path	Type	Description
ReversingLabs.advanced_search	Unknown

Command example

!reversinglabs-titaniumcloud-advanced-search query="av-count:5 available:TRUE" result_limit="2"

Context Example

{

"InfoFile": {

"EntryID": "7619@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "text/plain",

"Name": "Advanced Search report file",

"Size": 1050,

"Type": "ASCII text"

},

"ReversingLabs": {

"advanced_search": [

{

"antivirus": 5,

"available": true,

"classification": "KNOWN",

"filecount": 0,

"firstseen": "2023-06-06T20:16:04Z",

"lastseen": "2023-06-06T21:56:23Z",

"md5": "6b9b845c5e5f3bff5dde0420370b7f3c",

"sampletype": "Text/HTML/HTML",

"sha1": "e80869fa3a921f81941ccbde147ab38c65caa986",

"sha256": "462be991903270c3246396d216dfe5c79394a91053bf452ac2ce64519d0be613",

"size": 160159,

"threatlevel": 0,

"trustfactor": 5

},

{

"antivirus": 5,

"available": true,

"classification": "KNOWN",

"filecount": 0,

"firstseen": "2023-06-06T19:59:17Z",

"lastseen": "2023-06-06T23:56:32Z",

"md5": "5f25da1c21e80f040c803ea4356b736d",

"sampletype": "Text/HTML/HTML",

"sha1": "a969d353815f2bc77286033d45adf1073ed81716",

"sha256": "82fc5c39e0c409a4b49e6324bab04011eab60a31314d8b140092ca4306448280",

"size": 160159,

"threatlevel": 0,

"trustfactor": 5

}

]

}

}

Human Readable Output

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-expression-search

---

Search provides samples first seen on a particular date, filtered by search criteria.

Base Command

reversinglabs-titaniumcloud-expression-search

Input

Argument Name	Description	Required
query	Query string.	Required
date	Search date.	Optional
result_limit	Maximum number of results to be returned Default is 5000. Default is 5000.	Optional

Context Output

Path	Type	Description
ReversingLabs.expression_search	Unknown

Command example

!reversinglabs-titaniumcloud-expression-search query="threat_level>=3 status=malicious malware_family=CVE-2017-11882" result_limit="2"

Context Example

{

"InfoFile": {

"EntryID": "7637@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "text/plain",

"Name": "Expression Search report file",

"Size": 1412,

"Type": "ASCII text"

},

"ReversingLabs": {

"expression_search": [

{

"first_seen": "2023-06-06 00:00:40",

"last_seen": "2023-06-06 00:28:05",

"malware_family": "CVE-2017-11882",

"malware_type": "Exploit",

"md5": "a9e8baef620a4a76c4207d9b48df8a37",

"platform": "Document",

"sample_available": "False",

"sample_size": "23799",

"sample_type": "Document/None/PDF",

"sha1": "d8df002404ae6783f5bb317d2b95657e411e6782",

"sha256": "33dda8b06e8de914090e405008910ba0a4c25a51ead127b2efe6cc1b795bf307",

"status": "MALICIOUS",

"subplatform": "Office",

"threat_level": 5,

"threat_name": "Document-Office.Exploit.CVE-2017-11882",

"trust_factor": 5

},

{

"first_seen": "2023-06-06 00:00:53",

"last_seen": "2023-06-06 00:32:06",

"malware_family": "CVE-2017-11882",

"malware_type": "Exploit",

"md5": "e2548e75542aca394e492f59aa6c080e",

"platform": "Document",

"sample_available": "False",

"sample_size": "23799",

"sample_type": "Document/None/PDF",

"sha1": "a14df376580500edf6f829030ec4153fd629225d",

"sha256": "f8a86c99ffa0b6aa2bc3b54747778852995717954d75ae3c033bd6d23b3aa6e4",

"status": "MALICIOUS",

"subplatform": "Office",

"threat_level": 5,

"threat_name": "Document-Office.Exploit.CVE-2017-11882",

"trust_factor": 5

}

]

}

}

Human Readable Output

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-file-download

---

Download files associated with a SHA1, MD5 or SHA256 hash.

Base Command

reversinglabs-titaniumcloud-file-download

Input

Argument Name	Description	Required
hash	File hash.	Required

Context Output

There is no context output for this command.

Command example

!reversinglabs-titaniumcloud-file-download hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example

{

"File": {

"EntryID": "7647@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "application/x-dosexec",

"MD5": "3133c2231fcee5d6b0b4c988a5201da1",

"Name": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",

"SHA512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",

"SSDeep": "12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl",

"Size": 636416,

"Type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed"

}

}

Human Readable Output

Requested sample is available for download under the name 21841b32c6165b27dddbd4d6eb3a672defe54271

reversinglabs-titaniumcloud-file-upload

---

Upload a file using a byte stream with a SHA1 hash of the file provided in the request.

Base Command

reversinglabs-titaniumcloud-file-upload

Input

Argument Name	Description	Required
entryId	File entry ID.	Required

Context Output

There is no context output for this command.

reversinglabs-titaniumcloud-url-report

---

Return a URL analysis report.

Base Command

reversinglabs-titaniumcloud-url-report

Input

Argument Name	Description	Required
url	URL string.	Required

Context Output

Path	Type	Description
URL.Data	Unknown	The URL
DBotScore.Score	Number	The actual score.
DBotScore.Type	String	The indicator type.
DBotScore.Indicator	String	The indicator that was tested.
DBotScore.Vendor	String	The vendor used to calculate the score.
ReversingLabs.url_report	Unknown

Command example

!reversinglabs-titaniumcloud-url-report url="http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt"

Context Example

{

"DBotScore": {

"Indicator": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"Reliability": "C - Fairly reliable",

"Score": 3,

"Type": "url",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"ReversingLabs": {

"url_report": {

"rl": {

"analysis": {

"analysis_count": 3,

"analysis_history": [

{

"analysis_id": "168359658951508c",

"analysis_time": "2023-05-09T01:42:13",

"availability_status": "online",

"domain": "classicairjordanshoes.com",

"http_response_code": 200,

"serving_ip_address": "37.72.184.59"

},

{

"analysis_id": "16841931093501b5",

"analysis_time": "2023-05-15T23:24:35",

"availability_status": "online",

"domain": "classicairjordanshoes.com",

"http_response_code": 200,

"serving_ip_address": "37.72.184.59"

},

{

"analysis_id": "16844028829801b5",

"analysis_time": "2023-05-18T09:40:39",

"availability_status": "online",

"domain": "classicairjordanshoes.com",

"http_response_code": 200,

"serving_ip_address": "37.72.184.59"

}

],

"first_analysis": "2023-05-09T01:42:13",

"last_analysis": {

"analysis_id": "16844028829801b5",

"analysis_time": "2023-05-18T09:40:39",

"availability_status": "online",

"domain": "classicairjordanshoes.com",

"http_response_code": 200,

"serving_ip_address": "37.72.184.59"

},

"statistics": {

"known": 0,

"malicious": 3,

"suspicious": 0,

"total": 3,

"unknown": 0

},

"top_threats": [

{

"files_count": 3,

"threat_level": 5,

"threat_name": "Document-HTML.Trojan.RedirBA"

}

]

},

"classification": "malicious",

"requested_url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"third_party_reputations": {

"sources": [

{

"detection": "undetected",

"source": "phishing_database",

"update_time": "2023-06-06T15:08:12"

},

{

"detection": "undetected",

"source": "cyren",

"update_time": "2023-06-07T05:08:53"

},

{

"detection": "undetected",

"source": "cyradar",

"update_time": "2023-06-07T06:59:53"

},

{

"detection": "undetected",

"source": "netstar",

"update_time": "2023-06-07T12:51:41"

},

{

"detection": "undetected",

"source": "malsilo",

"update_time": "2023-06-07T11:07:56"

},

{

"detection": "undetected",

"source": "mute",

"update_time": "2023-06-07T09:39:35"

},

{

"detection": "undetected",

"source": "adminus_labs",

"update_time": "2023-06-07T13:02:50"

},

{

"detection": "undetected",

"source": "apwg",

"update_time": "2023-06-07T01:21:26"

},

{

"detection": "undetected",

"source": "0xSI_f33d",

"update_time": "2023-06-07T05:21:24"

},

{

"detection": "undetected",

"source": "threatfox_abuse_ch",

"update_time": "2023-06-07T07:20:28"

},

{

"detection": "undetected",

"source": "alphamountain",

"update_time": "2023-06-07T12:47:18"

},

{

"detection": "undetected",

"source": "phishstats",

"update_time": "2023-06-07T04:15:13"

},

{

"detection": "undetected",

"source": "comodo_valkyrie",

"update_time": "2023-06-06T14:40:10"

},

{

"detection": "undetected",

"source": "alien_vault",

"update_time": "2023-06-07T00:37:00"

},

{

"detection": "undetected",

"source": "osint",

"update_time": "2023-06-07T00:30:40"

},

{

"detection": "undetected",

"source": "openphish",

"update_time": "2023-06-07T09:50:56"

},

{

"detection": "undetected",

"source": "mrg",

"update_time": "2023-06-07T12:56:18"

},

{

"detection": "undetected",

"source": "phishtank",

"update_time": "2023-06-07T10:35:22"

},

{

"detection": "undetected",

"source": "crdf",

"update_time": "2023-06-07T12:44:52"

},

{

"detection": "undetected",

"source": "urlhaus",

"update_time": "2023-06-07T09:59:17"

}

],

"statistics": {

"clean": 0,

"malicious": 0,

"total": 20,

"undetected": 20

}

}

}

}

},

"URL": {

"Data": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"Malicious": {

"Description": "MALICIOUS",

"Vendor": "ReversingLabs TitaniumCloud v2"

}

}

}

Human Readable Output

ReversingLabs URL Threat Intelligence report for URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt

Requested URL: http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt Classification: MALICIOUS First analysis: 2023-05-09T01:42:13 Analysis count: 3

Last analysis

Analysis ID: 16844028829801b5 Analysis time: 2023-05-18T09:40:39 Final URL: None Availability status: online Domain: classicairjordanshoes.com Serving IP Address: 37.72.184.59

Statistics

KNOWN: 0 SUSPICIOUS: 0 MALICIOUS: 3 UNKNOWN: 0 TOTAL: 3

Analysis history

analysis_id	analysis_time	availability_status	domain	http_response_code	serving_ip_address
168359658951508c	2023-05-09T01:42:13	online	classicairjordanshoes.com	200	37.72.184.59
16841931093501b5	2023-05-15T23:24:35	online	classicairjordanshoes.com	200	37.72.184.59
16844028829801b5	2023-05-18T09:40:39	online	classicairjordanshoes.com	200	37.72.184.59

Third party statistics

TOTAL: 20 MALICIOUS: 0 CLEAN: 0 UNDETECTED: 20

Third party sources

detection	source	update_time
undetected	phishing_database	2023-06-06T15:08:12
undetected	cyren	2023-06-07T05:08:53
undetected	cyradar	2023-06-07T06:59:53
undetected	netstar	2023-06-07T12:51:41
undetected	malsilo	2023-06-07T11:07:56
undetected	mute	2023-06-07T09:39:35
undetected	adminus_labs	2023-06-07T13:02:50
undetected	apwg	2023-06-07T01:21:26
undetected	0xSI_f33d	2023-06-07T05:21:24
undetected	threatfox_abuse_ch	2023-06-07T07:20:28
undetected	alphamountain	2023-06-07T12:47:18
undetected	phishstats	2023-06-07T04:15:13
undetected	comodo_valkyrie	2023-06-06T14:40:10
undetected	alien_vault	2023-06-07T00:37:00
undetected	osint	2023-06-07T00:30:40
undetected	openphish	2023-06-07T09:50:56
undetected	mrg	2023-06-07T12:56:18
undetected	phishtank	2023-06-07T10:35:22
undetected	crdf	2023-06-07T12:44:52
undetected	urlhaus	2023-06-07T09:59:17

reversinglabs-titaniumcloud-analyze-url

---

Analyze a given URL.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command

reversinglabs-titaniumcloud-analyze-url

Input

Argument Name	Description	Required
url	URL string.	Required

Context Output

Path	Type	Description
ReversingLabs.analyze_url	Unknown

Command example

!reversinglabs-titaniumcloud-analyze-url url="http://34.150.1.150/hBQ"

Context Example

{

"ReversingLabs": {

"analyze_url": {

"rl": {

"analysis_id": "1686150309665089",

"requested_url": "http://34.150.1.150/hBQ",

"status": "started"

}

}

}

}

Human Readable Output

ReversingLabs Analyze URL response for URL http://34.150.1.150/hBQ

Status: started Analysis ID: 1686150309665089 Requested URL: http://34.150.1.150/hBQ

reversinglabs-titaniumcloud-submit-for-dynamic-analysis

---

Submit an existing sample for dynamic analysis.

Base Command

reversinglabs-titaniumcloud-submit-for-dynamic-analysis

Input

Argument Name	Description	Required
sha1	Sample SHA-1 hash.	Required
platform	Desired platform; See the API documentation for possible values.	Required

Context Output

Path	Type	Description
ReversingLabs.detonate_sample_dynamic	Unknown

Command example

!reversinglabs-titaniumcloud-submit-for-dynamic-analysis sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 platform=windows10

Context Example

{

"ReversingLabs": {

"detonate_sample_dynamic": {

"rl": {

"analysis_id": "bd4819f0-0327-4579-b72e-08ebfeeae49a",

"requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"status": "started"

}

}

}

}

Human Readable Output

ReversingLabs submit sample 21841b32c6165b27dddbd4d6eb3a672defe54271 for Dynamic Analysis

Status: started Requested hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 Analysis ID: bd4819f0-0327-4579-b72e-08ebfeeae49a

reversinglabs-titaniumcloud-get-dynamic-analysis-results

---

Retrieve dynamic analysis results.

Base Command

reversinglabs-titaniumcloud-get-dynamic-analysis-results

Input

Argument Name	Description	Required
sha1	Sample SHA-1 hash.	Required

Context Output

Path	Type	Description
File.MD5	String	MD5 hash.
File.SHA1	String	SHA1 hash.
File.SHA256	String	SHA256 hash.
DBotScore.Score	Number	The actual score.
DBotScore.Type	String	The indicator type.
DBotScore.Indicator	String	The indicator that was tested.
DBotScore.Vendor	String	The vendor used to calculate the score.
ReversingLabs.dynamic_analysis_results	Unknown	The dynamic analysis results.

Command example

!reversinglabs-titaniumcloud-get-dynamic-analysis-results sha1=21841b32c6165b27dddbd4d6eb3a672defe54271

Context Example

{

"DBotScore": {

"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"Score": 0,

"Type": "file",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"File": {

"Hashes": [

{

"type": "SHA1",

"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"

}

],

"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271"

},

"InfoFile": {

"EntryID": "7660@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "text/plain",

"Name": "Dynamic analysis report file for sample 21841b32c6165b27dddbd4d6eb3a672defe54271",

"Size": 1001542,

"Type": "ASCII text, with very long lines"

},

"ReversingLabs": {

"dynamic_analysis_results": {

"rl": {

"report": {

"analysis_duration": 213,

"analysis_id": "9665584d-57d9-4f8a-b63b-5c762b37fc33",

"analysis_time": "2023-05-18T11:55:15",

"behavioral": [

{

"file_actions": [

{

"action_type": "file_created",

"file_name": "Start Menu",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "WS2_32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WININET.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Startup",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINDOWS",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Roaming",

"file_path": "C:\\Users\\user\\AppData",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.done.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "win32u.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTBASE.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cfgmgr32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shcore.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "USER32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ADVAPI32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "GDI32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bcryptPrimitives.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntdll.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msvcp_win.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SspiCli.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Programs",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "combase.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "windows.storage.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "apphelp.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Startup",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "RPCRT4.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ucrtbase.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KERNEL32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sysmain.sdb",

"file_path": "C:\\WINDOWS\\AppPatch",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "user",

"file_path": "C:\\Users",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "SHELL32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sechost.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shlwapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gdi32full.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "kernel.appcore.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "powrprof.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "FLTLIB.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "profapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KERNELBASE.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Tox.exe",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msvcrt.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "\\KnownDlls32\\msvcp_win.dll"

},

{

"module_name": "\\KnownDlls32\\RPCRT4.dll"

},

{

"module_name": "\\KnownDlls32\\WS2_32.dll"

},

{

"module_name": "\\KnownDlls32\\USER32.dll"

},

{

"module_name": "\\KnownDlls32\\combase.dll"

},

{

"module_name": "\\KnownDlls32\\profapi.dll"

},

{

"module_name": "\\KnownDlls32\\windows.storage.dll"

},

{

"module_name": "\\KnownDlls32\\FLTLIB.DLL"

},

{

"module_name": "\\KnownDlls32\\KERNEL32.DLL"

},

{

"module_name": "\\KnownDlls32\\kernel.appcore.dll"

},

{

"module_name": "\\KnownDlls32\\KERNELBASE.dll"

},

{

"module_name": "\\KnownDlls32\\win32u.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\apphelp.dll"

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"

},

{

"module_name": "\\KnownDlls32\\IMM32.DLL"

},

{

"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"

},

{

"module_name": "\\KnownDlls32\\kernel32.dll"

},

{

"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"

},

{

"module_name": "\\KnownDlls32\\powrprof.dll"

},

{

"module_name": "\\KnownDlls32\\msvcrt.dll"

},

{

"module_name": "\\KnownDlls\\wow64.dll"

},

{

"module_name": "\\KnownDlls32\\sechost.dll"

},

{

"module_name": "unknown"

},

{

"module_name": "\\KnownDlls\\wow64log.dll"

},

{

"module_name": "\\KnownDlls32\\apphelp.dll"

},

{

"module_name": "\\KnownDlls\\wow64cpu.dll"

},

{

"module_name": "\\KnownDlls32\\cfgmgr32.dll"

},

{

"module_name": "\\KnownDlls\\wow64win.dll"

},

{

"module_name": "\\KnownDlls32\\ucrtbase.dll"

},

{

"module_name": "\\KnownDlls32\\GDI32.dll"

},

{

"module_name": "\\KnownDlls32\\WININET.DLL"

},

{

"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"

},

{

"module_name": "\\KnownDlls32\\SspiCli.dll"

},

{

"module_name": "\\KnownDlls32\\shlwapi.dll"

},

{

"module_name": "\\KnownDlls32\\shcore.dll"

},

{

"module_name": "\\KnownDlls32\\SHELL32.DLL"

},

{

"module_name": "C:\\Windows\\apppatch\\sysmain.sdb"

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection"

},

{

"module_name": "\\KnownDlls32\\CRYPTBASE.dll"

},

{

"module_name": "\\KnownDlls32\\gdi32full.dll"

},

{

"module_name": "\\KnownDlls32\\ADVAPI32.dll"

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",

"status": "object name exists"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:64:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:168:WilStaging_02",

"status": "success or wait"

}

],

"process": {

"name": "Tox.exe",

"parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" "

},

"process_actions": [

{

"action_type": "process_queried",

"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",

"status": "success or wait"

},

{

"action_type": "process_terminated",

"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",

"status": "success or wait"

}

],

"registry_actions": [

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "buffer overflow"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Tox.exe",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\NULL",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found",

"value": ""

}

]

},

{

"file_actions": [

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "R000000000013.clb",

"file_path": "C:\\WINDOWS\\Registration",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Startup",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",

"status": "object name collision"

},

{

"action_type": "file_created",

"file_name": "Start Menu",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "uxtheme.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WININET.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ole32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.done.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "user",

"file_path": "C:\\Users",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "Desktop",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINDOWS",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Roaming",

"file_path": "C:\\Users\\user\\AppData",

"status": "object name collision"

},

{

"action_type": "file_created",

"file_name": "Programs",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "dwmapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TextInputFramework.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntmarta.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CoreUIComponents.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CoreMessaging.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wintypes.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "StaticCache.dat",

"file_path": "C:\\Windows\\Fonts",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "staticcache.dat",

"file_path": "C:\\Windows\\Fonts",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "USER32.dll.mui",

"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "\\KnownDlls32\\windows.storage.dll"

},

{

"module_name": "\\KnownDlls32\\OLEAUT32.dll"

},

{

"module_name": "\\KnownDlls32\\powrprof.dll"

},

{

"module_name": "\\KnownDlls32\\msvcrt.dll"

},

{

"module_name": "\\KnownDlls32\\combase.dll"

},

{

"module_name": "unknown"

},

{

"module_name": "\\KnownDlls\\wow64cpu.dll"

},

{

"module_name": "\\KnownDlls32\\clbcatq.dll"

},

{

"module_name": "\\KnownDlls32\\ucrtbase.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll"

},

{

"module_name": "C:\\Windows\\Registration\\R000000000013.clb"

},

{

"module_name": "\\KnownDlls32\\RPCRT4.dll"

},

{

"module_name": "\\KnownDlls32\\FLTLIB.DLL"

},

{

"module_name": "\\KnownDlls32\\KERNEL32.DLL"

},

{

"module_name": "\\KnownDlls32\\cfgmgr32.dll"

},

{

"module_name": "\\KnownDlls32\\uxtheme.dll"

},

{

"module_name": "\\KnownDlls32\\SHELL32.DLL"

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection"

},

{

"module_name": "\\KnownDlls32\\shcore.dll"

},

{

"module_name": "\\KnownDlls32\\WS2_32.dll"

},

{

"module_name": "\\KnownDlls32\\kernel.appcore.dll"

},

{

"module_name": "\\KnownDlls32\\win32u.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll"

},

{

"module_name": "\\KnownDlls32\\IMM32.DLL"

},

{

"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"

},

{

"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"

},

{

"module_name": "\\KnownDlls32\\sechost.dll"

},

{

"module_name": "\\KnownDlls\\wow64win.dll"

},

{

"module_name": "\\KnownDlls32\\GDI32.dll"

},

{

"module_name": "\\KnownDlls32\\SspiCli.dll"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__"

},

{

"module_name": "\\KnownDlls32\\msvcp_win.dll"

},

{

"module_name": "\\KnownDlls32\\USER32.dll"

},

{

"module_name": "\\KnownDlls32\\KERNELBASE.dll"

},

{

"module_name": "\\KnownDlls32\\profapi.dll"

},

{

"module_name": "\\KnownDlls32\\kernel32.dll"

},

{

"module_name": "\\KnownDlls\\wow64.dll"

},

{

"module_name": "\\KnownDlls\\wow64log.dll"

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"

},

{

"module_name": "\\KnownDlls32\\shlwapi.dll"

},

{

"module_name": "\\KnownDlls32\\WININET.DLL"

},

{

"module_name": "\\KnownDlls32\\CRYPTBASE.dll"

},

{

"module_name": "\\KnownDlls32\\gdi32full.dll"

},

{

"module_name": "\\KnownDlls32\\ADVAPI32.dll"

},

{

"module_name": "\\KnownDlls32\\ole32.dll"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1"

},

{

"module_name": "C:\\Windows\\Fonts\\StaticCache.dat"

},

{

"module_name": "\\KnownDlls32\\ntmarta.dll"

},

{

"module_name": "\\KnownDlls32\\CoreMessaging.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\ole32.dll"

},

{

"module_name": "\\KnownDlls32\\dwmapi.dll"

},

{

"module_name": "\\Sessions\\1\\Windows\\ThemeSection"

},

{

"module_name": "\\KnownDlls32\\MSCTF.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\TextInputFramework.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\en-US\\user32.dll.mui"

},

{

"module_name": "C:\\Windows\\SysWOW64\\ntmarta.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\CoreMessaging.dll"

},

{

"module_name": "\\KnownDlls32\\TextInputFramework.dll"

},

{

"module_name": "\\KnownDlls32\\wintypes.dll"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory"

},

{

"module_name": "\\KnownDlls32\\CoreUIComponents.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\dwmapi.dll"

},

{

"module_name": "\\Windows\\Theme2337474972",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\Windows\\Theme3085020103",

"module_tag": ""

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",

"status": "object name exists"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:168:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:64:WilError_01",

"status": "success or wait"

}

],

"process": {

"name": "rl_file.exe",

"parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" "

},

"process_actions": [

{

"action_type": "process_queried",

"path": "C:\\Users\\user\\Desktop\\rl_file.exe",

"status": "success or wait"

},

{

"action_type": "process_terminated",

"path": "C:\\Users\\user\\Desktop\\rl_file.exe",

"status": "success or wait"

}

],

"registry_actions": [

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\NULL",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\App Management",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\Compatibility\\rl_file.exe",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\App Management",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Input",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",

"status": "success or wait",

"value": ""

}

]

},

{

"file_actions": [

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-white_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-black_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mk-MK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-white_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cs-CZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "248aaea9.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sr-Cyrl-BA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-GT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.done.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "History",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "294af3d2.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "USER32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ms-MY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "it-IT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ZA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "edputil.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-AT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "294af3d2.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-TN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ro-RO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-RE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "da083887.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uxtheme.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "chrome_shutdown_ms.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "af-ZA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UsageLogs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "DeviceDiagnostic.debugreport.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-BH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "2ab80eb2.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-black_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ucrtbase.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-black_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Temp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "DefaultLayouts.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "DefaultLayouts.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "versionlist.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Feeds",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-black_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Feeds Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Chrome",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "it-IT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Credentials",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "tox.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-YE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Converged_v21033[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Converged_v21033[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "active-update.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hi-IN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-ML",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-419",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "BrowserMetrics",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTBASE.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-black_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "DeviceDiagnostic.debugreport.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ActiveSync",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "settings-tipset[2].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "favicon[3].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dd_vcredistMSI1AE4.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dd_vcredistUI7855.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-IE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-GT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "c43bb7d1.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "au-descriptor-1.8.0_301-b09.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "2ab80eb2.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "LogoImages",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "3534848bb9f4cb71",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "favicon[1].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "results.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-BZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Windows",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-FR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-SN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-MA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sl-SI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "lv-LV",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "BDN4269.tmp.dir",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "favicon[2].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shlwapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OLEAUT32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-black_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "InputPersonalization",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "favicon[3].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "end of file"

},

{

"action_type": "file_opened",

"file_name": "id-ID",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-RE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "eu-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-white_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ID",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "favicon[2].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bcrypt.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WININET.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Windows",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "705bcfd6.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "294af3d2.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-MY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "GDI32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ha-Latn-NG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rsaenh.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDrive.VisualElementsManifest.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sl-SI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hu-HU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msvcp_win.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TokenBroker",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sv-FI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ru-RU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "imagestore",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "2ab80eb2.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-black_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dd_vcredistUI7869.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTSP.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Media Player",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Startup",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "es-HN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v2.0_32",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLDAPI.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MicrosoftEdge",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-SA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dd_vcredistMSI7869.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "DefaultLayouts.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sq-AL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "System",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ResultReport.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Event Viewer",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.decrypt.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_written",

"file_name": "dd_vcredistMSI7855.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hu-HU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-OM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-black_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "User",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dd_vcredistMSI7855.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_read",

"file_name": "brndlog.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WS2_32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-black_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "favicon[3].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fa-IR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "win32u.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dd_vcredistMSI7869.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "510dd5a4.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sk-SK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "5fc0968a.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Microsoft",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dd_vcredistMSI7869.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Firefox",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-SN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MountPointManager",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Converged_v21033[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-HK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "kernel.appcore.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-BE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-GB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-white_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gl-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "12.0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "c:",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DeviceDiagnostic.debugreport.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-white_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "favicon[1].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "end of file"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Converged_v21033[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "GameDVR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-029",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dd_vcredistUI7869.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-MX",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "4254396c.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WidevineCdm",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sk-SK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bg-BG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UserProfileRoaming",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Vault",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KERNELBASE.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-DZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-white_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tr-TR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "Converged_v21033[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-FR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KERNEL32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-white_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "input",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "favicon[2].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "desktop.ini",

"file_path": "C:\\Users",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "af-ZA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-QA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-EG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "c43bb7d1.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sysmain.sdb",

"file_path": "C:\\WINDOWS\\AppPatch",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDrive.VisualElementsManifest.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "294af3d2.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-NZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-black_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDrive",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-IQ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "248aaea9.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "aeb763fb.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "apphelp.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-KW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-EC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ZW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-LY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CrashReports",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hy-AM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "favicon[3].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "end of file"

},

{

"action_type": "file_opened",

"file_name": "Low",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tr-TR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "eu-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Recovery",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-white_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "msapplication.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "favicon[1].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "brndlog.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-SG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fi-FI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hr-BA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dd_vcredistMSI19D2.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-VE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pt-PT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "versionlist.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nb-NO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "setup",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-black_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-MX",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Groove",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-MA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "user",

"file_path": "C:\\Users",

"status": "object name collision"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nl-BE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ka-GE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "clbcatq.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AppData",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "favicon[1].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-UY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-black_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "8fce0f3.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "au-descriptor-1.8.0_301-b09.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-black_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "History.IE5",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-SG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-black_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-LB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dd_vcredistUI19D2.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "favicon[1].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-DO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dd_vcredistMSI19D2.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sechost.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DBG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-black_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "acrocef_low",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ZA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "8fce0f3.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "a5ea21[1].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-EC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-white_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "da083887.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "desktop.ini",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-black_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dd_vcredistUI19D2.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uk-UA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sw-KE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-AR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-IN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dd_vcredistMSI19D2.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DBG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pnacl",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-UY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shcore.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sr-Cyrl-RS",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-AE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msdtadmin",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-white_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v4.0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sr-Cyrl-ME",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Vault",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-white_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "iecompatdata.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "1833c4e9.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "510dd5a4.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bg-BG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Low",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OriginTrials",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Unistore",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "it-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ResultReport.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dd_vcredistMSI1AE4.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "favicon[2].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ResultReport.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-JM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-white_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dd_vcredistUI1AE4.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "favicon[3].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Microsoft",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Mozilla",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "History",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-KW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dd_vcredistMSI1AE4.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-NZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "msapplication.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "510dd5a4.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-white_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-black_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "b11b460a.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PROPSYS.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Internet Explorer",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "5fc0968a.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cfgmgr32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-MA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AudioDiagnostic.debugreport.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "et-EE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "1833c4e9.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "update100[1].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fi-FI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msapplication.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ResultReport.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Converged_v21033[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "favicon[2].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "end of file"

},

{

"action_type": "file_opened",

"file_name": "combase.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Tox.exe",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PeerDistRepub",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-DO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pl-PL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "b11b460a.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dd_vcredistUI1AE4.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "RPCRT4.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "705bcfd6.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-NI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DefaultLayouts.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "kk-KZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "results.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "rl_file.exe:Zone.Identifier",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "he-IL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "da-DK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-white_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "248aaea9.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-black_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "a5ea21[1].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PenWorkspace",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rl_file.exe",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Crashpad",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "acrord32_sbx",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ro-MD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-GB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Google",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-LB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "et-EE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "settings-tipset[2].xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-IN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "5fc0968a.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Windows.StateRepositoryPS.dll",

"file_path": "C:\\Windows\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-OM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Packages",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "chrome_shutdown_ms.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-black_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gl-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-JO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "248aaea9.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "1033",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "aeb763fb.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hy-AM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bcryptPrimitives.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "favicon[1].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KsecDD",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WER",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "DefaultLayouts.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-white_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nl-NL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Default",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "8fce0f3.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-JO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dd_vcredistUI1AE4.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "unknown",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-JM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dd_vcredistMSI7855.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Tiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-TT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dd_vcredistMSI7855.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "iecompatdata.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "294af3d2.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "update100[1].xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Converged_v21033[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "el-GR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-HT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "AudioDiagnostic.debugreport.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dd_vcredistMSI1AE4.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msvcrt.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Office",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-white_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Sync Playlists",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-BO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-HT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "au-descriptor-1.8.0_301-b09.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntdll.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sv-SE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-IQ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-LU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "5fc0968a.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "lv-LV",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "msapplication.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "brndlog.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "user",

"file_path": "C:\\Users",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "c43bb7d1.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-black_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "active-update.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\308046B0AF4A39CB",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dd_vcredistMSI7869.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "it-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Feeds",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "510dd5a4.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mk-MK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-LI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "windows.storage.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gdi32full.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "settings-tipset[2].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe_ADMLogs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-YE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nl-BE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UsageLogs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "1833c4e9.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "705bcfd6.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "AudioDiagnostic.debugreport.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-US",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "kk-KZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Desktop",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-white_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "aeb763fb.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v4.0_32",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sr-Latn-ME",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "he-IL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-white_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rl_file.exe:Zone.Identifier",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-white_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-AE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tox.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "4254396c.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-AU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dd_vcredistUI7855.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v4.0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-AU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "AudioDiagnostic.debugreport.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "b11b460a.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Credentials",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "active-update.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v2.0_32",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Local",

"file_path": "C:\\Users\\user\\AppData",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Chrome",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Caches",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "ca-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SHELL32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-black_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "b11b460a.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bn-BD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PROPSYS.dll.mui",

"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "GameDVR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-DZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "da083887.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "favicon[1].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-white_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dd_vcredistUI7855.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pt-BR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-MC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ConnectedDevicesPlatform",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Microsoft Help",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Publishers",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "active-update.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-QA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-AR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "User Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "favicon[2].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sw-KE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "da083887.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "iertutil.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cversions.1.db",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-NI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ms-MY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "iecompatdata.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-LU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-TN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pt-BR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "desktop.ini",

"file_path": "C:\\Users",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dd_vcredistUI7869.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TokenBroker",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ro-MD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-SA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "versionlist.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "a5ea21[1].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-MC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-black_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hr-BA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "oleaut32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dd_vcredistUI7855.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "2550435360",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Caches",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pl-PL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "a5ea21[1].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"status": "end of file"

},

{

"action_type": "file_written",

"file_name": "favicon[1].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CrashReports",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fa-IR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "favicon[2].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "end of file"

},

{

"action_type": "file_deleted",

"file_name": "favicon[1].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Safe Browsing",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-black_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nb-NO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-white_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "lt-LT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "id-ID",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dd_vcredistUI1AE4.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "c43bb7d1.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "update100[1].xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "el-GR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "510dd5a4.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-EG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "History.IE5",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hr-HR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dd_vcredistUI1AE4.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-black_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "versionlist.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-SY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "favicon[2].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Converged_v21033[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Temp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "input",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-HK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dd_vcredistMSI1AE4.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-white_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ms-BN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "1833c4e9.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sv-FI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Start Menu",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "ca-ES-valencia",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Comms",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINDOWS",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dd_vcredistUI7855.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-IE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "favicon[3].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "8fce0f3.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-white_scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.contrast-black_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nl-NL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-white_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-DE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ResultReport.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ole32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dd_vcredistMSI7869.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\TokenBroker",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-white_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Comms",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cs-CZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-TT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-MY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "8fce0f3.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-US",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ro-RO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "favicon[3].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ID",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "results.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "rl_file.exe",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "favicon[2].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hi-IN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bn-BD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "1833c4e9.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "iecompatdata.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-SV",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PepperFlash",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "results.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveSmallTile.scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "versionlist.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-LU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "FLTLIB.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v4.0_32",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dd_vcredistUI19D2.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDrive",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-BH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "aeb763fb.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "248aaea9.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "powrprof.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Feeds Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ShaderCache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Roaming",

"file_path": "C:\\Users\\user\\AppData",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "Users",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "R000000000013.clb",

"file_path": "C:\\WINDOWS\\Registration",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "profapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "4254396c.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_shutdown_ms.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "chrome_shutdown_ms.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dd_vcredistUI19D2.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "settings-tipset[2].xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "AudioDiagnostic.debugreport.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dd_vcredistUI19D2.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ADVAPI32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "da-DK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-MA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Tox.exe",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dd_vcredistMSI19D2.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "favicon[3].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Unistore",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-black_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-black_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Programs",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "de-DE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-HN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "results.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-SY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "D3DSCache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "da083887.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uz-Latn-UZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-LU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Office",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UsageLogs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0_32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-ML",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Vault",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-BO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-black_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dd_vcredistMSI7855.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "L.user",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ConnectedDevicesPlatform",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sr-Latn-BA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "favicon[3].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pt-PT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "chrome_shutdown_ms.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-VE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dd_vcredistUI7869.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "b11b460a.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "active-update.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\308046B0AF4A39CB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ZW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-white_scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dd_vcredistUI7869.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "brndlog.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "c43bb7d1.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "favicon[3].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WinTypes.dll",

"file_path": "C:\\Windows\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Google",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "D3DSCache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "desktop.ini",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "favicon[1].png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "end of file"

},

{

"action_type": "file_opened",

"file_name": "fr-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "update100[1].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uk-UA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-BZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveMedTile.scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-BE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "3D Objects",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-white_scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "msapplication.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "History.IE5",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ms-BN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "705bcfd6.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ka-GE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MEIPreload",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Converged_v21033[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "aeb763fb.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "12.0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PlayReady",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UnistoreDB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDrive.VisualElementsManifest.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sv-SE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nn-NO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TaskSchedulerConfig",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TabRoaming",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ElevatedDiagnostics",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-SV",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "User",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "C:",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "favicon[2].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "brndlog.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.scale-200.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Internet Explorer",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\PlayReady",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Low",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "update100[1].xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ru-RU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "settings-tipset[2].xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "2ab80eb2.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-029",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sq-AL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "Converged_v21033[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "2ab80eb2.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-LY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hr-HR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "4254396c.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveMedTile.contrast-white_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "az-Latn-AZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "updates",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PlayReady",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ActionCenterCache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SspiCli.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "urlmon.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sr-Latn-RS",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "705bcfd6.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDriveSmallTile.contrast-white_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.scale-100.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dd_vcredistMSI19D2.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-AT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nn-NO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "VirtualStore",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UnistoreDB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ca-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "iecompatdata.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "logs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "5fc0968a.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "4254396c.jpg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-LI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.contrast-black_scale-125.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WindowsApps",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OneDriveMedTile.scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveMedTile.contrast-black_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "lt-LT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DBG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "a5ea21[1].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ElevatedDiagnostics",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OneDriveSmallTile.scale-150.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CR_28192.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "b8aa184e[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "main.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "8cafcc5f[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "7d19123f[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "10379681[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "27a24753[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "windows-systemtoast-securityandmaintenance_249_0.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "69958a21[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "a0d3923c[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "8cafcc5f[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "43db4db3[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "69958a21[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "11ee0799[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "page_embed_script.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "e3f307cb[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "5e0abf48[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "359d2aee[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "a2f17337[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "1bf12095[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dbef2181[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "1bf12095[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "5e0abf48[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "69958a21[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "a2f17337[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "craw_window.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OldConvergedLogin_PCore[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "a2f17337[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "a2f17337[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "b8275b23[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "2743db28[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "3417f6c5[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "424a9e57[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "1bf12095[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "page_embed_script.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "a2f17337[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "eventpage_bin_prod.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "53c747e0[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "fd45bf1d[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "3a8048a4[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "b8275b23[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "craw_window.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "48a99eae[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "7d19123f[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OldConvergedLogin_PCore[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "b8aa184e[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IECompatData.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "045d3532[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "SettingsCache.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dbef2181[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "5e0abf48[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "known_providers_download_v1[1].xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "181f4d7eabe2d441119af774407152dd.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "69958a21[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OldConvergedLogin_PCore[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "8636b4dd[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "craw_background.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "a2f17337[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "045d3532[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "03cedd2d[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "7d19123f[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "2743db28[2].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "page_embed_script.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "0c3a2f0b[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OldConvergedLogin_PCore[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "craw_window.css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "IECompatData.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OldConvergedLogin_PCore[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OldConvergedLogin_PCore[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "craw_window.css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "0c3a2f0b[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "page_embed_script.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "page_embed_script.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "8636b4dd[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "a9486108724e44ae4e34492b400fcd5c.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "69958a21[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "main.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "96c26e78[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "craw_window.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "359d2aee[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "8cafcc5f[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "2743db28[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "424a9e57[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "8cafcc5f[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "IECompatData.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "main.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "SettingsCache.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "03cedd2d[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "craw_window.css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "a2f17337[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "a0d3923c[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "424a9e57[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "page_embed_script.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "5e0abf48[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "eventpage_bin_prod.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "1bf12095[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "page_embed_script.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "craw_background.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dbef2181[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "2743db28[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "main.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "0c3a2f0b[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "045d3532[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "69958a21[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dbef2181[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "a2f17337[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "2743db28[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "96c26e78[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "a0d3923c[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "eventpage_bin_prod.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "eventpage_bin_prod.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "3417f6c5[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "main.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "b8275b23[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "69958a21[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "a9486108724e44ae4e34492b400fcd5c.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "b8aa184e[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "eventpage_bin_prod.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "eventpage_bin_prod.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "b8aa184e[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "windows-systemtoast-securityandmaintenance_249_0.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "OldConvergedLogin_PCore[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "27a24753[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "craw_background.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "main.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "e3f307cb[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "FlightingLogging.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "43db4db3[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "windows-systemtoast-securityandmaintenance_244_0.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "10379681[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "0c3a2f0b[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "f60c0b47[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ConvergedLoginPaginatedStrings.EN[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "known_providers_download_v1[1].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "5e0abf48[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "e3f307cb[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "03cedd2d[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "known_providers_download_v1[1].xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ConvergedLoginPaginatedStrings.EN[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "windows-systemtoast-securityandmaintenance_249_0.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ConvergedLoginPaginatedStrings.EN[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "424a9e57[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "9db0f1a3[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "2743db28[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "main.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "SettingsCache.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "eventpage_bin_prod.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "b8275b23[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "b8aa184e[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "craw_window.css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OneDriveSmallTile.contrast-white_scale-400.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "3417f6c5[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "359d2aee[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "FlightingLogging.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "windows-systemtoast-securityandmaintenance_244_0.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "43db4db3[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "craw_background.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "craw_window.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "OldConvergedLogin_PCore[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "2743db28[2].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "9db0f1a3[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "48a99eae[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "b8275b23[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "b8aa184e[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "eventpage_bin_prod.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "69958a21[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ConvergedLoginPaginatedStrings.EN[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "craw_window.css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "craw_background.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "page_embed_script.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "43db4db3[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "69958a21[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "2743db28[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "craw_background.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "a0d3923c[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "3a8048a4[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "IECompatData.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "53c747e0[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "craw_window.css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "9db0f1a3[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "431acc73d0187c752f5885ebf2df90c0.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "96c26e78[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fd45bf1d[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "main.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "2743db28[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "craw_window.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "045d3532[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "a9486108724e44ae4e34492b400fcd5c.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "page_embed_script.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "424a9e57[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "3a8048a4[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "fd45bf1d[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "7d19123f[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "11ee0799[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "10379681[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "69958a21[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "48a99eae[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "48a99eae[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "f60c0b47[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "OldConvergedLogin_PCore[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "craw_window.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "main.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "eventpage_bin_prod.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "craw_background.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "9db0f1a3[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "3a8048a4[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "03cedd2d[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "8cafcc5f[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "3a8048a4[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "43db4db3[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "FlightingLogging.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "b8aa184e[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "known_providers_download_v1[1].xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "3a8048a4[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "8636b4dd[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "SettingsCache.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "27a24753[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "69958a21[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "IECompatData.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "8636b4dd[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "96c26e78[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "a0d3923c[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "b8275b23[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "craw_window.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "69958a21[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "03cedd2d[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "3417f6c5[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "10379681[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "main.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "b8275b23[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "b8aa184e[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "craw_background.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "a2f17337[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "181f4d7eabe2d441119af774407152dd.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "431acc73d0187c752f5885ebf2df90c0.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "OldConvergedLogin_PCore[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "10379681[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "69958a21[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "f60c0b47[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "96c26e78[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "f60c0b47[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "2743db28[2].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "48a99eae[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "9db0f1a3[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "2743db28[2].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "main.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "11ee0799[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "2743db28[2].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "craw_window.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "fd45bf1d[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ConvergedLoginPaginatedStrings.EN[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "3a8048a4[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "8636b4dd[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "53c747e0[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "FlightingLogging.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "27a24753[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "3a8048a4[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "7d19123f[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fd45bf1d[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "3a8048a4[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "11ee0799[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "3a8048a4[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "b8275b23[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "045d3532[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "craw_window.css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "359d2aee[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "359d2aee[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "b8aa184e[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ConvergedLoginPaginatedStrings.EN[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dbef2181[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "2743db28[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "e3f307cb[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "main.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "FlightingLogging.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "craw_window.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "craw_window.css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "3417f6c5[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "b8275b23[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "eventpage_bin_prod.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "craw_background.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "f60c0b47[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "craw_window.css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "181f4d7eabe2d441119af774407152dd.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "2743db28[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "69958a21[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "431acc73d0187c752f5885ebf2df90c0.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "53c747e0[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "windows-systemtoast-securityandmaintenance_244_0.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "craw_background.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "2743db28[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "known_providers_download_v1[1].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SettingsCache.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "69958a21[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "1bf12095[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "b8275b23[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "0c3a2f0b[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "b8aa184e[2].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "53c747e0[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "craw_window.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "main.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "main.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "11ee0799[1].css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "a2f17337[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "page_embed_script.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "main.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "e3f307cb[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "27a24753[1].js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "C:\\Windows\\SysWOW64\\oleaut32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\msvcp_win.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\SspiCli.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\RPCRT4.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\WS2_32.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\USER32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\combase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\win32u.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\windows.storage.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\propsys.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\OLEAUT32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\PROPSYS.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\iertutil.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\rsaenh.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\KERNELBASE.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\FLTLIB.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\Windows.StateRepositoryPS.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\apphelp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\IMM32.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\CRYPTSP.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\imm32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\kernel32.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\kernel.appcore.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\bcryptPrimitives.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\powrprof.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\bcrypt.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\msvcrt.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\CLDAPI.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\rsaenh.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wow64.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\bcrypt.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\iertutil.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\sechost.dll",

"module_tag": ""

},

{

"module_name": "unknown",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wow64log.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\apphelp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wow64cpu.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\edputil.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wow64win.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\clbcatq.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\UrlZonesSM_user",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\shlwapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\ucrtbase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\profapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\KERNEL32.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\cldapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\GDI32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\cryptsp.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\WININET.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\wininet.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\WinTypes.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\urlmon.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\en-US\\propsys.dll.mui",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\cfgmgr32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\edputil.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\uxtheme.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\shcore.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\SHELL32.DLL",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\urlmon.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\apppatch\\sysmain.sdb",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Registration\\R000000000013.clb",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\CRYPTBASE.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\gdi32full.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\ADVAPI32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\ole32.dll",

"module_tag": ""

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",

"status": "object name exists"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex",

"status": "object name exists"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:168:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:64:WilError_01",

"status": "success or wait"

}

],

"process": {

"name": "rl_file.exe",

"parameters": "C:\\Users\\user\\Desktop\\rl_file.exe"

},

"process_actions": [

{

"action_type": "process_created",

"path": "C:\\Users\\user\\Desktop\\rl_file.exe",

"status": "success or wait"

},

{

"action_type": "process_queried",

"path": "C:\\Users\\user\\Desktop\\rl_file.exe",

"status": "success or wait"

}

],

"registry_actions": [

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000323-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0000032A-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\rl_file.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AllFilesystemObjects",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{75847177-f077-4171-bd2c-a6bb2164fbd0}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE\\Diagnosis",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{1649D1CF-DEAF-4A68-ABE8-5C9F68572FD1}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\AppCompat",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1649d1cf-deaf-4a68-abe8-5c9f68572fd1}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\ZoneMap\\Ranges\\",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InProcServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Folder",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\feature_localmachine_lockdown",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InProcServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\internet explorer\\main",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\shell\\open",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\DebugInformation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000323-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Application",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000339-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{75847177-F077-4171-BD2C-A6BB2164FBD0}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\internet explorer\\main",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\rl_file.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0000032A-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000339-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc\\Extensions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\CurVer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile",

"status": "object name not found",

"value": ""

}

]

}

],

"classification": "MALICIOUS",

"configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11",

"dropped_files": [

{

"classification": "MALICIOUS",

"file_name": "Tox.exe",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",

"md5": "3133c2231fcee5d6b0b4c988a5201da1",

"sample_size": 636416,

"sample_type": "PE/Exe",

"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

},

{

"classification": "UNKNOWN",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",

"md5": "949ba0554f8e29dc24f5ce71d9f40d3f",

"sample_size": 3448,

"sample_type": "Binary/None",

"sha1": "1c2e7072945f9d41022daac5cdd3e5c33389e071",

"sha256": "65523544b3e2f9f46be3b68953b5102d9ad460197df40a90c8b0786c0a31cae5"

},

{

"classification": "MALICIOUS",

"file_name": "8cafcc5f[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "db4573f2f3a6e88768f63363c607f1e8",

"sample_size": 125376,

"sample_type": "Binary/None",

"sha1": "fec7efbaf193949fde393c5c67afcc1258a2acd0",

"sha256": "c97ebcb9fbb1622f66accf54f49dca2280a5e5333768e06d4e519c7af7ae5ec1"

},

{

"classification": "UNKNOWN",

"file_name": "page_embed_script.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"md5": "78a8376cbfee1ce15bc796f1735cb7bf",

"sample_size": 288,

"sample_type": "Binary/None",

"sha1": "f08ec4eab6d493a6a6d16463453687398dcc5985",

"sha256": "f7eb7d4ef9e7c55af90438324800982a3a2a9f41f560392422506b27b5cae173"

},

{

"classification": "UNKNOWN",

"file_name": "a5ea21[1].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"md5": "07c6dbf463f0f2e51ca5f4e45ef48664",

"sample_size": 40,

"sample_type": "Binary/None",

"sha1": "50a848872bd0f812d8c6a5987a6a8866c2177ff0",

"sha256": "5ce56c888038a0426005eb80abe4155bbde043756b7cbbed11503039c2581217"

},

{

"classification": "UNKNOWN",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"md5": "eeaff059138cd55441bc34fdfc919ec0",

"sample_size": 3440,

"sample_type": "Binary/None",

"sha1": "e6d48862f83c7213a9cc13ba7ecc4781a7d82eed",

"sha256": "5dcae96033ba95485ad2c885d17fe6102c837397618c3182dbd73abeadc969f2"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "76f184bb00db4b20a96e9d563e2ff705",

"sample_size": 1432,

"sample_type": "Binary/None",

"sha1": "ebeea1be590a282f398e1392161c8de981c49dfe",

"sha256": "52ca52b2a99febe5da76237787d5b2b392c6d6de5a85a2200c68e9d7be276021"

},

{

"classification": "UNKNOWN",

"file_name": "craw_window.css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",

"md5": "e62cde757b51b2e48c65bc9362839d03",

"sample_size": 1784,

"sample_type": "Binary/None",

"sha1": "ff5c6e346fe9b830f102f7e50074a150a7bf2f0d",

"sha256": "e9c67e89801811bf137e71a712399bd8cfa6ebe8f7597f472e923a2857a3f762"

},

{

"classification": "MALICIOUS",

"file_name": "1833c4e9.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "69243748084c8a26e494271ba83bf5a3",

"sample_size": 47424,

"sample_type": "Binary/None",

"sha1": "37684ede0d616ad8687de86213efdd4c6be81f66",

"sha256": "9e1b0b7121277ebc42f31661a477f709b64dd1d591398e6c2785db83ae7bedd6"

},

{

"classification": "MALICIOUS",

"file_name": "2ab80eb2.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "bbba22e6526ba13f686aafdb97a25bb6",

"sample_size": 30080,

"sample_type": "Binary/None",

"sha1": "9232a097b1754d9f2823c5cb75557497230e7c6d",

"sha256": "6d22a69fe61549203fc699a797effcea301d269239c666fb378468d6bdcb2cd5"

},

{

"classification": "MALICIOUS",

"file_name": "OldConvergedLogin_PCore[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"md5": "96727038666752f23f42dcb7b5f076f2",

"sample_size": 440736,

"sample_type": "Binary/None",

"sha1": "b10bc9db352525cc3e6532004b626a11550d1ef9",

"sha256": "b552a244537ad35398cb9b70c240ab777040e55f03d5c7a11914ed33955d65a1"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "96e93a1dfa1661f0a545102014e45bae",

"sample_size": 632,

"sample_type": "Binary/None",

"sha1": "77c3c7e12d723d0923b6e575c74da53db228541a",

"sha256": "39e47018eb2b323a5d6591812645072eb016aa8c94604ca6c578baa40e98d62b"

},

{

"classification": "UNKNOWN",

"file_name": "active-update.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",

"md5": "cef18d6fd2b9ea9da4de885ea1f501ea",

"sample_size": 1088,

"sample_type": "Binary/None",

"sha1": "d91fc1d1bfddf1eeed4a8c00e7d16733b5f49ffa",

"sha256": "403f3c0b05d07145b70657d819277672063a3740123463e714492232a874f94a"

},

{

"classification": "UNKNOWN",

"file_name": "c43bb7d1.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "22694bf7c107f414a88eef68a7287f04",

"sample_size": 3328,

"sample_type": "Binary/None",

"sha1": "7d019d40e477a9abe75cceee30eab76ee3c0d539",

"sha256": "4c748d62d99d39a92c08b94f53dc2394c6199736326b7ec0ef4d3667cad85fa3"

},

{

"classification": "UNKNOWN",

"file_name": "a2f17337[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"md5": "63265af0a660bb52c6a93ad52cdd5b15",

"sample_size": 368,

"sample_type": "Binary/None",

"sha1": "eff7a570dda957caca3a5bb5a12e04fd13d85262",

"sha256": "3ebb9cfae53cdbf4f1c4b2b69cd94159bae8facc8b0d67b5f78238a6441af3e3"

},

{

"classification": "UNKNOWN",

"file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"md5": "c61ae23f6d2810fe1aee411eac4769c8",

"sample_size": 1304,

"sample_type": "Binary/None",

"sha1": "d570ac147327fc99774190a1f61e22cd212f7f89",

"sha256": "c96e0eac6c7802b43071e217200b2f804db9638949eb6458dc2a7ec0dc5574d2"

},

{

"classification": "UNKNOWN",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"md5": "1a7aef1670a219808431da5e55e187e9",

"sample_size": 5024,

"sample_type": "Binary/None",

"sha1": "dbf8a14e21312e11c2c151c75d8c72ca55bad836",

"sha256": "af145c976b575c5349639b57d64d2fbe1245db1c46f29417aafb4cc1e9e9c96a"

},

{

"classification": "UNKNOWN",

"file_name": "msapplication.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",

"md5": "c91f7e0d191fe1b31cd9e068caf34558",

"sample_size": 416,

"sample_type": "Binary/None",

"sha1": "600ebcf7d39a17de1e173d2d696e74043584f6a9",

"sha256": "b061e21a60c2b1f40d3685d5cc44c24caddb5b43fab12606c8131b0181b36df3"

},

{

"classification": "MALICIOUS",

"file_name": "dd_vcredistMSI7869.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "262f3902763b06ad02e57cd11166b352",

"sample_size": 424352,

"sample_type": "Binary/None",

"sha1": "d000b3c1925cb78f19a0e4f1cfd7f8ed13917a16",

"sha256": "9c4e62f086214923e23fcca47f67498f68df7c8f61ee541c45034259c4a123b3"

},

{

"classification": "MALICIOUS",

"file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"md5": "239e00d6977d179678075874598f377d",

"sample_size": 23112,

"sample_type": "Binary/None",

"sha1": "56ddee0650eb3250c090b5c1e377e59a19752db5",

"sha256": "89ce04019debb827fed2c4e800300304c3a078046689f2d915dc58aa5a032c6b"

},

{

"classification": "MALICIOUS",

"file_name": "1bf12095[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",

"md5": "e91c28dc017f3297d168f49c5ad86749",

"sample_size": 217832,

"sample_type": "Binary/None",

"sha1": "be13adcea83feec2bda41e82c31afb9e5dbdaa78",

"sha256": "71d6d2beecda8079d82e0985a6458dc300138254a0e039972df1e6f482df07aa"

},

{

"classification": "UNKNOWN",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",

"md5": "8e2f9ff3a6eb780f163d876a4493c2ee",

"sample_size": 6744,

"sample_type": "Binary/None",

"sha1": "45e7cbdbd57deda347f88b87ae02865b1b709199",

"sha256": "345f5f4d8fdb2c489874eb467df654ddc240ee13f55d1251c08d0b1814dab57b"

},

{

"classification": "UNKNOWN",

"file_name": "3a8048a4[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"md5": "3a68dfa10af07adeca23a58a30312d2f",

"sample_size": 6688,

"sample_type": "Binary/None",

"sha1": "f2bf3cff675dbe2c618f03bf6561b52ba8e1968d",

"sha256": "0374e29d2202e50454746618bb3ca5678b9742d34b97722962c367d508d2375d"

},

{

"classification": "MALICIOUS",

"file_name": "7d19123f[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "59851c448a4a073ff6fa9cd9d4d606a4",

"sample_size": 95448,

"sample_type": "Binary/None",

"sha1": "4a60246b7c24f52e14e9d98e4c43904fefc67b30",

"sha256": "47b636339d67d315a4d7f647204a630f44bbc4a5466f555b1d7f849d89d25796"

},

{

"classification": "UNKNOWN",

"file_name": "favicon[1].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"md5": "f3b1a72895a05384dd2bc527813651a7",

"sample_size": 40,

"sample_type": "MZ/DOS",

"sha1": "1cf20dc1ec4fbea198822ca79c32082f9b6e9986",

"sha256": "1438ab63e3516dbf7fb87eecda3b4cca0da0a7e18950304581cdb5e938bf2686"

},

{

"classification": "UNKNOWN",

"file_name": "705bcfd6.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "ba1a0ed090c1fcf508cf2b3872aa6989",

"sample_size": 6864,

"sample_type": "Binary/None",

"sha1": "230194fa9e048d4720287e6a2535259975dbfd08",

"sha256": "17740617b346d3e67312f2ba01a70a89b60cd8b8bb27ac8cd4d242d75198911d"

},

{

"classification": "MALICIOUS",

"file_name": "craw_window.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"md5": "981113ec7eb738152c4549dd770c7d06",

"sample_size": 265832,

"sample_type": "Binary/None",

"sha1": "c6223cb14c21eb7eaccbeca19e03b5007dbbe9f5",

"sha256": "e653477fdeec302de7254f9715a87105a4950d8ab62bec073db68bc91e7b9383"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "96a3d0ea1b838c7eae3a4795e2d3bb18",

"sample_size": 576,

"sample_type": "MZ/DOS",

"sha1": "ad1e61af95bad249c657df359d32c21b01100b7b",

"sha256": "5277db5d7835bb725801563ebbd675fbcc1d70729dd103437fde388dee8d8aa4"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "15ab653bc7720bb7ed0f19c8a26534c3",

"sample_size": 840,

"sample_type": "Binary/None",

"sha1": "c24d1ff9feb5398b0c1c9f793cd42bfdfc38e598",

"sha256": "14a6a1f10d9121e38507238e82f94c266c29789afddf71f0413d2979f52fb1b6"

},

{

"classification": "UNKNOWN",

"file_name": "favicon[3].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"md5": "0ee824fd13122ebd201d2ee9c3dbcfeb",

"sample_size": 40,

"sample_type": "Binary/None",

"sha1": "97ad6030b4773a8b7bfdcabaa71f6b73497df199",

"sha256": "626b1d6edfe07a7691432ed27aa144d27f9e4bef242ae75ed52239d0974cd390"

},

{

"classification": "UNKNOWN",

"file_name": "FlightingLogging.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",

"md5": "41b3fa8d1ec44a5ef24c0ae580e475c5",

"sample_size": 592,

"sample_type": "Binary/None",

"sha1": "d5d22bb03085fe85f393782feec0450dcd2e764d",

"sha256": "16113f571340e94639ef90cf4aeb47321102345fdee45fd585826a7a9c4c7f40"

},

{

"classification": "MALICIOUS",

"file_name": "Converged_v21033[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"md5": "9780019e8eeece8eeef305a830d1ce27",

"sample_size": 95952,

"sample_type": "Binary/None",

"sha1": "f01a8d40a5bceed9f57bea23718256087a40186f",

"sha256": "fc46a655c45c7d81f52e3bc1a183bef99b188b90720629500fd3b6d3a7272fbc"

},

{

"classification": "UNKNOWN",

"file_name": "craw_window.css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",

"md5": "55792199a2d034671f1c53d07259d903",

"sample_size": 1784,

"sample_type": "Binary/None",

"sha1": "bdd88f2ccc46c7cf28103bc890b5606f8ac3d213",

"sha256": "39d4f9c8dbe9e6937be3d89f4cef63812267e4637c11674f9080d7fba01d5600"

},

{

"classification": "MALICIOUS",

"file_name": "9db0f1a3[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "0238ef826a07fba232a1c2d2a85c925a",

"sample_size": 602776,

"sample_type": "Binary/None",

"sha1": "6483ff3e2772cdf76f2cd42ca6fbeceefef2cd11",

"sha256": "7d4e80b40e9d60cbf5eef552c67de1bfa7c92c9a79a3f90f363662fb6be4cb64"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "34f9effcf15b5d9024eac98c1949fc16",

"sample_size": 568,

"sample_type": "Binary/None",

"sha1": "7b02c7f4556225f372287618e3ff106c823b7a2e",

"sha256": "c5a5bb7fef76d5d08e3268e0b4878c2505ed0199b605534861a6515bf78a0f10"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "d75944f683f11b95b7bf4af112e27cb5",

"sample_size": 3576,

"sample_type": "Binary/None",

"sha1": "6dffe111ed011b6113032c777ffdf0c03716211f",

"sha256": "5bf86a0650586d243f02bd8e311b66b28c957a20f62cab327e30a7d7d4c26bec"

},

{

"classification": "UNKNOWN",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"md5": "c1219038364d783af4d36168b44564d4",

"sample_size": 4400,

"sample_type": "Binary/None",

"sha1": "80ec255a6f61d2e3537b7fbb14e17a7933f4a86d",

"sha256": "574484a87104a7e4cac31593eed5ede17b15ff6ab50577ee1ca4142a095d1f31"

},

{

"classification": "UNKNOWN",

"file_name": "aeb763fb.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "6eb6947ee33408d5304d723261fd84b5",

"sample_size": 11008,

"sample_type": "Binary/None",

"sha1": "b2b441f97062dffd2de4bebe6b916676e9dc887f",

"sha256": "b87ebaa2bd92d2eaf88fae26fc7afb602bf0d941b929c756e4bb8010ab376b55"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "5fcdbc5ff3d4a169869a0e05fbfff1db",

"sample_size": 3264,

"sample_type": "Binary/None",

"sha1": "72aef388bda0e55752c0bd12173c9ed7e53153e8",

"sha256": "870332619c3d0843cf701643f627c77c2da756b70eaee2aab791ce221c15eb16"

},

{

"classification": "UNKNOWN",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"md5": "935bf747c27c9076f53c9122bd89c396",

"sample_size": 200,

"sample_type": "Binary/None",

"sha1": "1ec0fc4890af3a14b5a82085e765f2065565a683",

"sha256": "247f6d66c9010bd9d40a35914fcf8280e4f5f8d2b022e42bd2bb80a19a32b447"

},

{

"classification": "MALICIOUS",

"file_name": "0c3a2f0b[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "e7aee7adafeb069be0f0eca63557d06b",

"sample_size": 17488,

"sample_type": "Binary/None",

"sha1": "5ac62172528b725e4f125e1ce9f6e5bb6cc14637",

"sha256": "0a66b70be34e9c9a91b6687586fbec04fba6502ba63b63eebfbf991713de15bc"

},

{

"classification": "UNKNOWN",

"file_name": "favicon[2].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"md5": "9fd12d1f546213fa9fb56d811fc6733b",

"sample_size": 40,

"sample_type": "Binary/None",

"sha1": "c8527ee841ae3ac9c87ab9ceb41595e85fc387c7",

"sha256": "d3de682693639cb4973d2c051f56f8e166eebf88650bd608046e400f2adce744"

},

{

"classification": "MALICIOUS",

"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "f1b84725c606be70377ccdaafd8f9987",

"sample_size": 282672,

"sample_type": "MZ/DOS",

"sha1": "0d6a91a9336839e641e426cac352a163af2699d1",

"sha256": "1496a0d2ad712cc91ffe7a7676f77cbf1d7e563690b622b21e547050b24e8099"

},

{

"classification": "MALICIOUS",

"file_name": "craw_background.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"md5": "572611e65e675c06df25b8b9e9bc9972",

"sample_size": 544680,

"sample_type": "Binary/None",

"sha1": "8f41732d61c789d38efbf3625fe521e5a0698578",

"sha256": "bfaafb3d3a52260fdf08722d1200a664f317b6416ac9f3e27fc7e036b49eaa0d"

},

{

"classification": "MALICIOUS",

"file_name": "27a24753[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "ec9976585cd7a7004ab0c694c555645b",

"sample_size": 51128,

"sample_type": "MZ/DOS",

"sha1": "d573108be58563176f95737e773b43ffacfd608d",

"sha256": "85d9a94ab35fb1781a0e3ab7d7fa555dccf0cbcec83c2ba63cd38dbced51dafc"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "247d8435213797e046e04542a847086e",

"sample_size": 3264,

"sample_type": "Binary/None",

"sha1": "c469b0ac04db1e34bf8ee389ef116a32b35b424a",

"sha256": "b1b95a75abe1c41ec890e5e49e6bbb56eb3eec7f3515b1a623bff5a8cc7fc85c"

},

{

"classification": "MALICIOUS",

"file_name": "43db4db3[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "389f3114d26e841ff94c382d1ebd90d6",

"sample_size": 50056,

"sample_type": "Binary/None",

"sha1": "51c35183d8b8df135aaf0e7644ca295aec397e22",

"sha256": "2e943d6c7ca2822981c24f7fba74f9163ab946f78286643c41935d81ac69e88e"

},

{

"classification": "UNKNOWN",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"md5": "451196cd8196be321b42de5235a3ba4a",

"sample_size": 184,

"sample_type": "Binary/None",

"sha1": "0f1bf87249c279f1c0ebbbaf530c4418cb04e034",

"sha256": "d19297c9dc4ef556dc0154f45449bf2df31bf328728361992f92e6aba1119900"

},

{

"classification": "UNKNOWN",

"file_name": "8fce0f3.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "4e84a4dfbd89b3c7d95c7db50eaecf94",

"sample_size": 4304,

"sample_type": "Binary/None",

"sha1": "5009e1f3e850f11c6ed67ad5eef2b28ca2991035",

"sha256": "d353b9c16661e02a4ebcbff2b2ce0d2cad7a61b886c7120a3abba23315045c70"

},

{

"classification": "MALICIOUS",

"file_name": "dd_vcredistUI7855.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "afd55a4bb073b78b938caec26331328c",

"sample_size": 48776,

"sample_type": "Binary/None",

"sha1": "ce13f4a96e4ff0c8adf200d3daecbf89423f890c",

"sha256": "53eab4144250f1b4a5bdcdad2fa24a50ffcba91f7771fa5864103175cfb39357"

},

{

"classification": "UNKNOWN",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",

"md5": "93d73ad36b24abc404ee16e856c98e0c",

"sample_size": 2048,

"sample_type": "Binary/None",

"sha1": "381ec2722edb4a96517b34fa027231c545b76600",

"sha256": "95856cc9e8f9e76dcf619432261836ee55070c3c85de2d91270e99da1466c06e"

},

{

"classification": "UNKNOWN",

"file_name": "dd_vcredistUI19D2.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "a8c35e68f70762fa6b68d862872fcbc9",

"sample_size": 16488,

"sample_type": "Binary/None",

"sha1": "d773ea536cbc14a839b897d0fd1ea2b6a05df2da",

"sha256": "7dfdda2fdb85b1d9c9ab41fe90ec288a322d4ab315e4bd6c1f9c0cd5eb54c769"

},

{

"classification": "UNKNOWN",

"file_name": "main.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",

"md5": "8ad83bdb282a752774ce2c649f58c6b6",

"sample_size": 136,

"sample_type": "Binary/None",

"sha1": "29246027450a8321d6b58bf6dcf806908a6a248b",

"sha256": "b85080fb4d9e5b8e80ad84beb70575c86e561dffb7e3a1f5b8dd75aeffa5140c"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "4c9cf795c25f7d3ef2a0e16f14df0c4b",

"sample_size": 1536,

"sample_type": "Binary/None",

"sha1": "3b36a6166bb0229a2d724197f666709cfb388c3b",

"sha256": "9654f6e16e208fd22ee8cc7d3a79e95d00aa1d5715b424f1ddaf4e1101ea1d1d"

},

{

"classification": "MALICIOUS",

"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"md5": "cd3bf48fe89eaab163521494811e8e3a",

"sample_size": 2152,

"sample_type": "Binary/None",

"sha1": "052dfddb6942c075ab580d9a4b4400fee705ec26",

"sha256": "32b00e3d2df12c68de72f21b0f12e1396123b185fa7650ac4ba3686377e4ec8f"

},

{

"classification": "MALICIOUS",

"file_name": "eventpage_bin_prod.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"md5": "5f05faaa8ca8b9f63d66686fa8f6a2d2",

"sample_size": 67840,

"sample_type": "Binary/None",

"sha1": "24cda9620a69dd3f2c8ddc8eda8cb6c25ba35527",

"sha256": "a22ab5067e71e8515ef53f213c18c8ea6fffdc40907f6ebaf3173f7eae62f0f0"

},

{

"classification": "UNKNOWN",

"file_name": "5fc0968a.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "5e518df1358f3c40a7b57580eb7257dd",

"sample_size": 4992,

"sample_type": "Binary/None",

"sha1": "ae37f94443a1e6712b253a2d703c988bb483fd0d",

"sha256": "9fb39f5b62b17fcde2062ba2376ef2da2ba374cdd45e2c00462255aec60d61af"

},

{

"classification": "MALICIOUS",

"file_name": "96c26e78[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "37114fef115cb2ed08cd0f9b345f1e32",

"sample_size": 43168,

"sample_type": "Binary/None",

"sha1": "bb819a6224ca85de5812f6ff927b7f130bc68d57",

"sha256": "a6a5d21058a3c3d597b79b9a73766613392fc89a7d4cf1b3bc00d0a20f9aa970"

},

{

"classification": "MALICIOUS",

"file_name": "f60c0b47[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "5a9c32cd6aa4a8059fe10b7eb2db952a",

"sample_size": 145336,

"sample_type": "Binary/None",

"sha1": "0d4b62a96c330b95c9f500aaec284fb16b058755",

"sha256": "532f10c33703d669cbbf121fa3df1ac171598462d5b2355587dc4fa4bb387b55"

},

{

"classification": "MALICIOUS",

"file_name": "dd_vcredistMSI19D2.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "046f80b68972d227bc9761cbb3b328af",

"sample_size": 594368,

"sample_type": "Binary/None",

"sha1": "5b4bb44e4fa62b70fb0a9ce1c7b3506c8a003dbf",

"sha256": "f2179daae61a0156c9b8660219fb79e937bacbb7f5b1804a439b9b0c3a63c24a"

},

{

"classification": "MALICIOUS",

"file_name": "dd_vcredistMSI7855.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "b79bfca58696d6c4e617f9f24188379e",

"sample_size": 437288,

"sample_type": "Binary/None",

"sha1": "845e71c1a5062801cc5251bdd4495c4cb2d41a87",

"sha256": "b997a76aa655b6522ff1552903852ba0f2a841bc437a1ac435040942692ad335"

},

{

"classification": "UNKNOWN",

"file_name": "results.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"md5": "2be26715fff522c284757591383563f5",

"sample_size": 408,

"sample_type": "Binary/None",

"sha1": "a5782d3406871597a93ca5db6e553f494a6ceb9f",

"sha256": "40f23832591bccdf371281ca477d0c8565f6936a3dba60f5a1480843cf0ae46c"

},

{

"classification": "UNKNOWN",

"file_name": "versionlist.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",

"md5": "d092fa8ca010bb11e39acbd03e662757",

"sample_size": 15888,

"sample_type": "Binary/None",

"sha1": "063790bb844fea1d7df7fe3371dd48368a659201",

"sha256": "2944acc8a14a38b3b296b8c8b60aacf345791cd45ae53b113680cc14e0d0109c"

},

{

"classification": "MALICIOUS",

"file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"md5": "1e6bdf606f79b90d31db13b27ccb90a4",

"sample_size": 23280,

"sample_type": "Binary/None",

"sha1": "28a7c5940a6a9e4847bbc1e15044aad6939c3ca8",

"sha256": "cfc933e6a9a22b13be626c1b89817ae3902010056297fc98b426f620d6186d8d"

},

{

"classification": "UNKNOWN",

"file_name": "dd_vcredistUI1AE4.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "0fdf5855b9f6b532d2fbcf7d484661fb",

"sample_size": 17704,

"sample_type": "Binary/None",

"sha1": "9038a5bcd8cbb6e55608d8a3778aaf6c6b19bf53",

"sha256": "8c1a4f3fe574ad92a8403dd2377e5ad14f7e92e5b02193515a55186ad44d8d1d"

},

{

"classification": "UNKNOWN",

"file_name": "4254396c.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "16369b79366cb7d430fcc726c3453e68",

"sample_size": 7168,

"sample_type": "Binary/None",

"sha1": "d6f775178d4b9bbec785239b736812507aa5756c",

"sha256": "11cdcbad487130180708f1d7eec185abf32c7cf11c6f7682fb8303867ab04ad5"

},

{

"classification": "MALICIOUS",

"file_name": "craw_background.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",

"md5": "59615a45baf4b6f17eb8becbb83180b7",

"sample_size": 1125672,

"sample_type": "Binary/None",

"sha1": "ea5320776b1d876fe06fbd613444b265269e9100",

"sha256": "34e01a6383ba30d207db4acd8460cc639c92d8d706db34bfc51d41a268d9366d"

},

{

"classification": "UNKNOWN",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",

"md5": "7df0aefb5e3a9891d4d0324bb55160bf",

"sample_size": 600,

"sample_type": "Binary/None",

"sha1": "f192a94ad0f034a845cc70d0a0f9e9e6247d8cbb",

"sha256": "759ec4130d4e540008e6251e045f74045a9740f165550ea030f8dcb91f7c583d"

},

{

"classification": "UNKNOWN",

"file_name": "iecompatdata.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",

"md5": "e4f592dcc034071595e3f158a5eebb26",

"sample_size": 3088,

"sample_type": "Binary/None",

"sha1": "4a633bbbbcee2cfa86529b1579216edf84e4b90b",

"sha256": "849e396249ee666d9c6494c3a6d30eecb1bb5f6ffec21e9f247b7ced6d8ed8c6"

},

{

"classification": "MALICIOUS",

"file_name": "359d2aee[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "31110da299b757c6ec7830fa2c9b0bbb",

"sample_size": 45552,

"sample_type": "Binary/None",

"sha1": "e8044ce1811f2bd09ae762f7d430b07e6763bccb",

"sha256": "92d8aee5cb4ed2c4d656555b950f99da3e0dad58f8ec9b59ec8c8e45c3bb3268"

},

{

"classification": "UNKNOWN",

"file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",

"md5": "f2acf779e0e88b1af4e4e0e260352215",

"sample_size": 6912,

"sample_type": "Binary/None",

"sha1": "6325305921a90fbbd03a4c5ec36dd2690b71c066",

"sha256": "a6a87c90f3c3d71fc92ae42aa8e0a698e5844e8dc8a7664f71c725de6149f75e"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "37fc5a635536e0154fd470188398495d",

"sample_size": 1816,

"sample_type": "Binary/None",

"sha1": "4e9032f05c6aa1f644505d52221fb03b5e170cbc",

"sha256": "bd0a110924f0dfafeddf9928cb597341c705de9d16241a009df812794c470cb9"

},

{

"classification": "MALICIOUS",

"file_name": "294af3d2.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "b302731aed58e4c0010e8eeaa9bb0526",

"sample_size": 28424,

"sample_type": "Binary/None",

"sha1": "91a96684fb2e6a595a65ff0c3dacd98e29b745fe",

"sha256": "dcc24bf4ca2d5b5b9b3759231d40acc398ae21b9e57a962d34adf27eac13273e"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "0b7dd69e946bf68b5973a2bae2bbb1ba",

"sample_size": 456,

"sample_type": "Binary/None",

"sha1": "54eb411141ee6e92d3b58356a0529d78b1037871",

"sha256": "2fce72876814d37c34f79ffac69af154a341805c6a9b2bcb7e27762fe17a17bd"

},

{

"classification": "MALICIOUS",

"file_name": "OldConvergedLogin_PCore[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",

"md5": "f1c950df414b39a4234487ec4a049117",

"sample_size": 495688,

"sample_type": "Binary/None",

"sha1": "15e55a75ede32d5bcde9134ca91fe328d252afec",

"sha256": "3aceb6bd2c8923d9de905245b911809fbcffffec1057001d999d651f50150de1"

},

{

"classification": "UNKNOWN",

"file_name": "69958a21[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"md5": "4e7f63d8ea0e2874dc8ad0a92200bea6",

"sample_size": 19744,

"sample_type": "Binary/None",

"sha1": "c0c04507730528eb3f24f854cba1158190907515",

"sha256": "e1f9dd09dbb932d1fdf48b7127f0d41617478884b4b2c1535fd56d11b2564d94"

},

{

"classification": "MALICIOUS",

"file_name": "DefaultLayouts.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",

"md5": "4fdcf5ab2ab77b52ef1d78429f0b9680",

"sample_size": 117984,

"sample_type": "Binary/None",

"sha1": "21e58b701c576c50dc23b1ac32cc397b17a071e3",

"sha256": "74740695bfe7f01229b9cf0974c8befc0d57d4fb7b48c0dcadd895a95c4b670e"

},

{

"classification": "UNKNOWN",

"file_name": "b8aa184e[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"md5": "4812e4a1a8fb84956fd58127ed8656eb",

"sample_size": 8088,

"sample_type": "Binary/None",

"sha1": "b248228ff726952e4ed1dcb878a6b9ff9db2df87",

"sha256": "81a33ec80de85d61b11fe8bfdc6bfe8d0a8a4ac5e2397b77aca89f23b02be63c"

},

{

"classification": "UNKNOWN",

"file_name": "AudioDiagnostic.debugreport.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"md5": "a3118a7583c761552f8a572c9beb4020",

"sample_size": 1928,

"sample_type": "Binary/None",

"sha1": "e6bc3034f7ccc9d7945aa54cc2db8a8921b5b5fc",

"sha256": "8ae64eff7b15b210bf84e00dca58ae97d7ee89b989112d944fcfff9aa09a0c1d"

},

{

"classification": "MALICIOUS",

"file_name": "2743db28[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"md5": "677adc6c52f023021e74ca4668fa07dd",

"sample_size": 60608,

"sample_type": "Binary/None",

"sha1": "4f9fb27b3c52b87e94365f5080d951890784fa0d",

"sha256": "594047be386159fb08e3f5e14694b1fc43aaffddb87da7009f7bf459bf0a6327"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "77bd7d79a8085eb77940a02509ee42c2",

"sample_size": 640,

"sample_type": "Binary/None",

"sha1": "621608c0b7837ef66088cf257dabe63b5c7eb1dc",

"sha256": "a810391f3eda00f4c046dbc7935583c81058488a83b8b7f7d0a0141f2ef5dded"

},

{

"classification": "MALICIOUS",

"file_name": "69958a21[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"md5": "d650c03d787d50179ce996c40fbe51b6",

"sample_size": 19744,

"sample_type": "Binary/None",

"sha1": "3eaf0b29378ec1a3955524a179c5716189a5b684",

"sha256": "530b9bad325f95bd9fef6bbdd84f1d57ac7c3630c1d99c4a32cc7ca1c3f51d75"

},

{

"classification": "MALICIOUS",

"file_name": "dbef2181[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "4def1df093b64417f134feb8ed537632",

"sample_size": 202280,

"sample_type": "MZ/DOS",

"sha1": "22578a8f9dcbe963f9e917be803600157e63316d",

"sha256": "48d80ed7eab7ce55cc26b6656e85d2bf42df26c57436c37d451dfbb58edd91f5"

},

{

"classification": "UNKNOWN",

"file_name": "settings-tipset[2].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"md5": "5c7b93e262e1148a1610a460248282ac",

"sample_size": 13088,

"sample_type": "Binary/None",

"sha1": "6aa768dd4287cdc2acd709c84ac2358670867531",

"sha256": "ae7474ec4d1d223883075d9ba1ae5b61410a636607a20ac1a67e8a4835a68594"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "9c3769d42552d74cd9563e4397df953f",

"sample_size": 568,

"sample_type": "Binary/None",

"sha1": "79144194348d946c474a2a41bf0443d2271bd1b0",

"sha256": "c04607bf7a99b076554c90dbbd31211d917f917b07aa502602dc11dc304be426"

},

{

"classification": "UNKNOWN",

"file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",

"md5": "042f3f7051400be6225403c38d5ca761",

"sample_size": 6912,

"sample_type": "Binary/None",

"sha1": "9eace6a447c9ccb26e04b6d891fe38b6ab65baa2",

"sha256": "44c145e6e295db5de7e8f32075efdf855cb6efb0eca6d846647ce81abea62dd0"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "a10124346cd37ab580fff5885cef7f64",

"sample_size": 1760,

"sample_type": "Binary/None",

"sha1": "19ccb040e728e8088d2a9f151efe2debc4266fc8",

"sha256": "c7e9e31f02efe55cc86a1ee337451fbac66ea9523083cecad9f86159fcaf4ae8"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "498426e565663659c128d8c54e567ad0",

"sample_size": 1032,

"sample_type": "Binary/None",

"sha1": "a0d8945bc01b472c2a30f99d6895b99c6b53bd56",

"sha256": "e7c1806d95847e9a7a6431919174a6d0e459b8254897eaece0f4ed806ceca2d7"

},

{

"classification": "MALICIOUS",

"file_name": "craw_window.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"md5": "7ea1fe84f8e7e1031eb4c5a0226ec129",

"sample_size": 261360,

"sample_type": "MZ/DOS",

"sha1": "15ee2e40ece2a798b1546d7ab1d8d663d7433cde",

"sha256": "ae808cfd2b4b72211081d61c51f7357ae48100c736245b4c6997f415c679576c"

},

{

"classification": "UNKNOWN",

"file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "7ef45d1855f09d9384592a98d9497d36",

"sample_size": 6872,

"sample_type": "Binary/None",

"sha1": "9cf7f8283d53fea7d6194bd7d419cc45cfe882ef",

"sha256": "7691ddc4b20872cc4fe578a3d2bd2bde762e25d28e31a113f8fdab300f7865ad"

},

{

"classification": "UNKNOWN",

"file_name": "favicon[2].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",

"md5": "929e48893dc76ab164266341a0869742",

"sample_size": 40,

"sample_type": "Binary/None",

"sha1": "e4a741ad48ac4f02af884afcebd3337775adc003",

"sha256": "fc4628e372e5a9fcbcc6cde7ea5a93490defaacbed27b920fb3cfc1d3f15b413"

},

{

"classification": "UNKNOWN",

"file_name": "510dd5a4.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "f4c019ff11de2e2ecb6d2d7b61791295",

"sample_size": 4824,

"sample_type": "Binary/None",

"sha1": "e05386026212cb23df3048c5ca0f84b215f15eeb",

"sha256": "2b8d29e1b059318cae19e4673dc96740766aed3e527054d8f745c5a8a7b1345b"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "ba40cf8c5ea609d6922bdb1a2acaf162",

"sample_size": 888,

"sample_type": "Binary/None",

"sha1": "a8927145e363b241c40ea6a56923edf4d5afc0be",

"sha256": "7680aa3c3d5fc4844a42360608c1bfc1c3f308ce2b05056df863ab1d43ce4d34"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "fc1bc750e18d84dc0a7768e8c5e460f8",

"sample_size": 456,

"sample_type": "Binary/None",

"sha1": "c142ee490d65e9e5cbb3528011ebdeda4ddb6a99",

"sha256": "39f3d2243aa846422aba64d09d2cd892cd71640a683b416275138db9d249506f"

},

{

"classification": "MALICIOUS",

"file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"md5": "252bb7de542545dfb4cce9c798f26708",

"sample_size": 216,

"sample_type": "Binary/None",

"sha1": "18a852ac71eb44fae7f0cbc5df0c921f83c88eb7",

"sha256": "5143c004a913bc2ee5a5a47c7a9c2602c1591e61d6d2ad79149c1b96418d96c6"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "fdbe2f8e6bb0bc6f13e9ba7de127b938",

"sample_size": 840,

"sample_type": "Binary/None",

"sha1": "7f640b86ecb8b90ad8ccba86279709b10fadbd02",

"sha256": "fa1a99b5adadf817366970a495796083f891c8c75b68a91d2ade31471420473c"

},

{

"classification": "UNKNOWN",

"file_name": "11ee0799[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "11d24636f4f8690e8a4b21b8dc8b9263",

"sample_size": 6736,

"sample_type": "Binary/None",

"sha1": "2165c2bce110c048cd023d3ee5dbf7f2e2472015",

"sha256": "977165d2068a5e16ce2786a0df02926c2066afa78d82d020757c029a9942e408"

},

{

"classification": "MALICIOUS",

"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"md5": "31aac22eff6e46771d211a5d49223d86",

"sample_size": 480,

"sample_type": "Binary/None",

"sha1": "b0c50ab7d36cd113fd6778e31a6caf66a341914f",

"sha256": "a44c985a385a38870430bb3a1acefa4c88fc0a0e347af70d2c44c0ebf793a9b7"

},

{

"classification": "UNKNOWN",

"file_name": "045d3532[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "80b95150365d9945113ae84132ca4656",

"sample_size": 6624,

"sample_type": "Binary/None",

"sha1": "cbbe8513449c0e6c99c83b5c48f7aa094cd4533b",

"sha256": "234180167dd909b27f14590c5b886395fbd94043123968350d2ecd18965e7e56"

},

{

"classification": "UNKNOWN",

"file_name": "ResultReport.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",

"md5": "8ca04f866369ff8e654adba9a883bfaa",

"sample_size": 13240,

"sample_type": "Binary/None",

"sha1": "8ea767bdcbde3f642507d5b095b738f2000ec6f2",

"sha256": "320411c627b6769592dd16c3c5f50743a3e1d83de7b6d749678200ff8431f206"

},

{

"classification": "MALICIOUS",

"file_name": "8636b4dd[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "93146a2a52df6698a2a2affb6a68cce1",

"sample_size": 94864,

"sample_type": "Binary/None",

"sha1": "25a945fc24b40bdeecfb7b3637c604b755bf46f2",

"sha256": "c27953331b91537c59b3ac27df83b7725fe7cf0a80d427a34b9aec4e977bc840"

},

{

"classification": "MALICIOUS",

"file_name": "2743db28[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "06502812d1f19fbd8e89cb26df9cd202",

"sample_size": 60608,

"sample_type": "Binary/None",

"sha1": "60eb7b5e82a6ea51e7a093f6d688c70a1222bce1",

"sha256": "8d2e250d12981c3fdcec9588b811bbdd5975b75a9129f97eb7c0ba951c38929a"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "e8706bfdcb263e00a8e0e39a5c30138a",

"sample_size": 856,

"sample_type": "Binary/None",

"sha1": "e91983447c0b061c85155918a8bbbbc4b8987ee0",

"sha256": "acb3935d288b844ee7c369c33cdca40aa1f4fcdc5ea6e3515bb3bb7806d1b8b6"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "57dd04e6549c40d01e720bdabc1043f0",

"sample_size": 840,

"sample_type": "Binary/None",

"sha1": "3772e998860eaddd2d7deef800fabeb9e7c2fd05",

"sha256": "ddb99874f5f70307fcc29de98d91d7fd5007ae0ed236175ecf80a052c00dcc6a"

},

{

"classification": "MALICIOUS",

"file_name": "10379681[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "e07cf30bc6dcf8b3ca40b118ca1dfb13",

"sample_size": 186360,

"sample_type": "Binary/None",

"sha1": "452f6fd4b74073d44a21137f4bb8bef9647af4eb",

"sha256": "cda8f3e1341c03ed4b722b07352f338d5f1413a28880377e3f20d6d44e0a338f"

},

{

"classification": "UNKNOWN",

"file_name": "page_embed_script.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"md5": "a7436bf8f31a3eee05f1e31a7f91de97",

"sample_size": 272,

"sample_type": "Binary/None",

"sha1": "ed603dd763a7a54781635ac09c3442c64720df6d",

"sha256": "33f4d0b61f9e3e9db9a9b66af44bd6294bc9fcd09d2ba1cbaa38d0f9b2768f4d"

},

{

"classification": "UNKNOWN",

"file_name": "update100[1].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"md5": "055979ca19e35a07ff5368ed745a4b34",

"sample_size": 440,

"sample_type": "Binary/None",

"sha1": "90dcbf789fce28217831968fd6e660d33aa0a3b8",

"sha256": "bf0c22c59b3cde7b98b981a156d409ecde6a1ee16f2fb1b5c6072816155198b5"

},

{

"classification": "UNKNOWN",

"file_name": "b11b460a.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "4edb7f04e98a708a840903a468578e72",

"sample_size": 6696,

"sample_type": "Binary/None",

"sha1": "616ef5737391057802f647d711be1032e50dda86",

"sha256": "962078dc3a9344f67d20094030d41097e6fa6769fc16308c5a3d21e07fafb612"

},

{

"classification": "UNKNOWN",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",

"md5": "3a65714dbdc3bf377717b92670488c04",

"sample_size": 4400,

"sample_type": "Binary/None",

"sha1": "557bcd5e61b743fe6364c37d0ec1e984baaa0005",

"sha256": "62da8741a0412f792d166c932818d8819c567c8655ac4cd6a4ee1bf757862719"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "7465b00a991482c48ab94a7d9b1a7f12",

"sample_size": 1032,

"sample_type": "Binary/None",

"sha1": "866d84683251060f63132a8b6f17c1b8963342b6",

"sha256": "d79e4ee7b51d36f426da2812764def96374d2a100e9e854001e4a5cb6e0621f9"

},

{

"classification": "MALICIOUS",

"file_name": "dd_vcredistUI7869.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "1b8e0116f32bfdb2677d3a4a706c42e1",

"sample_size": 48760,

"sample_type": "Binary/None",

"sha1": "1c12f99eb64bbaa35a7a7077d1e6f3416af1a6c7",

"sha256": "e4eea66b1a39ae947bcdbdf2ee70511f0c4c928939f6bea368b8b5bae6fb4857"

},

{

"classification": "UNKNOWN",

"file_name": "main.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"md5": "a17307f63fa8051f2410c364483a005c",

"sample_size": 136,

"sample_type": "Binary/None",

"sha1": "3ae5d8d7ebbd15d106e922cc24e24ceffb633bdc",

"sha256": "633d899390a88d215a707f9ac8d2f420bbbee9b42509085a67d2df2ca639521b"

},

{

"classification": "UNKNOWN",

"file_name": "favicon[1].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"md5": "151b9771e5c54de479ef601172d1cb8a",

"sample_size": 40,

"sample_type": "Binary/None",

"sha1": "f5ef9b6332f22e06cc92a66a3fe0556d852ecde3",

"sha256": "95ea22b51823ba7a0782b2d1621e52bc61ec59cd77c8520e7048f90021805fec"

},

{

"classification": "UNKNOWN",

"file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"md5": "47ee05edcd2985f2f9b37b46995e91f8",

"sample_size": 16832,

"sample_type": "Binary/None",

"sha1": "9c950970bbe53af6a2e4105509bf63f929004967",

"sha256": "54f1d70272f65be6f30475d09d0296118ac7535304b64be0fb8e56a8379d2262"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "a4cdfded9999609b13f567b9abdca09e",

"sample_size": 1432,

"sample_type": "Binary/None",

"sha1": "d39f80120e4b89d1ec8473b5c7c3691621f4c052",

"sha256": "5f88cd5e9a2da00c86dac5fe1e521f4d414b57141d512eaf158210d2b35a52d7"

},

{

"classification": "MALICIOUS",

"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "12bc084aa65cea691856687bd24be209",

"sample_size": 267704,

"sample_type": "Binary/None",

"sha1": "82fdd277a9c934b54fb7ecd15d0690de230f1f21",

"sha256": "671e294fee1958b2e4a3488b7b23b48444b1a412d5b658612c107cd5d45ce44a"

},

{

"classification": "UNKNOWN",

"file_name": "brndlog.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",

"md5": "2dce03d6f12b9aa2ceced062fe2a4f4c",

"sample_size": 6616,

"sample_type": "Binary/None",

"sha1": "7e4878709b7399709794b5c1599be4b0b6b2aa58",

"sha256": "4ee13fc40d486d58ba4c1a822d7ca7ab7d9c8e71acce2545df3bba027f9d1e77"

},

{

"classification": "MALICIOUS",

"file_name": "dd_vcredistMSI1AE4.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "420cdaa2ff2acab7627fdc0301f16539",

"sample_size": 575880,

"sample_type": "Binary/None",

"sha1": "5ab1fe1328bf46a87082f9cf53376d203dc7cf82",

"sha256": "33294bd0818565341fafd9597df9798ce4ffbaab53ba8c8fa8c9a2037ab3a3da"

},

{

"classification": "UNKNOWN",

"file_name": "e3f307cb[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "4a8d7af27b5ba442db67c064f43038fb",

"sample_size": 18792,

"sample_type": "Binary/None",

"sha1": "ae857cd9c3fc36d3e5e33f39c8704e083cddc61b",

"sha256": "9d7a91015126bffc9539927c9d6db88cb10c1f39f95b2fa32b56ed3079c175b6"

},

{

"classification": "MALICIOUS",

"file_name": "a0d3923c[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "e0718a483e7d768283b0e0ac3640ceca",

"sample_size": 50056,

"sample_type": "Binary/None",

"sha1": "315dffff6bcbcf45afdd69db8fbfc7d9cb5699d7",

"sha256": "c9b3c9a43d035e4df20434b961be4e7145d707b4e74ab50ecad7dee2f51e5570"

},

{

"classification": "UNKNOWN",

"file_name": "48a99eae[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "12f9a9e22d69c62af264f3334cf3388d",

"sample_size": 15936,

"sample_type": "Binary/None",

"sha1": "3a706bd69071705a75b8cfe181338c0631754753",

"sha256": "e4ee33d6bf0e3c9f11e3c7f6c3d9e583a4c8a97197e22333360329d179ae9c5c"

},

{

"classification": "MALICIOUS",

"file_name": "53c747e0[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "80b14bb0b0f538dbd63f16d7d7a1e84a",

"sample_size": 121792,

"sample_type": "Binary/None",

"sha1": "b8c134781f78505e3cd9b6fe28102931454ff373",

"sha256": "919a3c467dace737d06216bfa6bd204ab3a579bf718b2715465957a041bddb63"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "042765ea2c848946cd6cf46805cf1910",

"sample_size": 888,

"sample_type": "Binary/None",

"sha1": "ccd2737dbd16a4b3b8169e603494573fff504615",

"sha256": "b8f6c6edc87ed84caaf7650de7ef8e48ce64be8b967821399f1c0df7151cdce0"

},

{

"classification": "UNKNOWN",

"file_name": "3a8048a4[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"md5": "7f580de257940186f6f546e58130b4da",

"sample_size": 6688,

"sample_type": "Binary/None",

"sha1": "079c8d881d119c48663fc40ec070318bdc4e91cb",

"sha256": "72bd6c36682e755ae05b71e1c0b728b0d402bdf177c0ba51fa797569106c7c60"

},

{

"classification": "UNKNOWN",

"file_name": "b8aa184e[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"md5": "fc99216ba55779d2f15cdd70889ecdb7",

"sample_size": 8088,

"sample_type": "Binary/None",

"sha1": "dab18bca7b7a0165ae3365257df5b04e65262236",

"sha256": "fe82e9550513e5b56f5d14df5b006e562fb93e82741864935c026d5ac7975b59"

},

{

"classification": "MALICIOUS",

"file_name": "5e0abf48[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "383cfd704983453395837c3260c47519",

"sample_size": 217520,

"sample_type": "Binary/None",

"sha1": "da1aa3240abebbee4867cb0847dd2effea029915",

"sha256": "0c88e173940e9d5fa0f6f4415b1e923bc3b64b6d2d99278546f4f200f54fe5aa"

},

{

"classification": "UNKNOWN",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",

"md5": "91003e8dd47506884950c059dfe83305",

"sample_size": 5024,

"sample_type": "Binary/None",

"sha1": "10c5656ac1811c9f9799c3e048f9a5062436cca6",

"sha256": "7fde761cac5e8b747c2199fdc841b815a32de5721f642e113b5dd86b0fe4723f"

},

{

"classification": "MALICIOUS",

"file_name": "3417f6c5[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "23be67f65b755c61fbe4c4e42f608452",

"sample_size": 32048,

"sample_type": "Binary/None",

"sha1": "aa1f4f0156c2b7d19697c2c6f16bfab6dbd99948",

"sha256": "182c2f4432ecfb03b4e8e7c1f9e5fc3ddc4705771bfe38679187f93fb6720fe7"

},

{

"classification": "UNKNOWN",

"file_name": "da083887.jpg.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "0b72c7eb4b0328a4a14eb51f7f85aa11",

"sample_size": 3976,

"sample_type": "Binary/None",

"sha1": "96ad8b669212b2a7bef3b49ac1892f0490266642",

"sha256": "a723221ae2d3eace81b4f532dfcc7ae5a52c413cf6a82c570b64154459867f1a"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "b040472bfcdb96c5973f17c9023cdaa7",

"sample_size": 696,

"sample_type": "Binary/None",

"sha1": "4a3b9942545ba7c435b94714b68a3ed9d83891d6",

"sha256": "09cf28d3fe3c4d3205f57cb2734f2ae3a43428f61875214c0ae671e6110208fb"

},

{

"classification": "UNKNOWN",

"file_name": "b8275b23[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"md5": "493f912aca198b3228cb876eaef0b87a",

"sample_size": 1712,

"sample_type": "Binary/None",

"sha1": "d1d46bb41c8f30b9be2d0c0c634f374388c6a65b",

"sha256": "95e8834f479dff5f649296ee7e0e11ceef277fc9c94f2cc182ef0dbc14d4acde"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "c89b784ffd40a5407045b81e54d8b6de",

"sample_size": 1760,

"sample_type": "Binary/None",

"sha1": "fa48f21feb7586a360d049032e17b7b050203524",

"sha256": "3b0c4f178608e04b332a30bd401f2af380bb3bf681b8a47628fd16b8b73207e4"

},

{

"classification": "MALICIOUS",

"file_name": "IECompatData.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",

"md5": "22268c9882f7870ebad2d81bcb969c24",

"sample_size": 65232,

"sample_type": "Binary/None",

"sha1": "9b4c7c64d3bddf13ffd9be53d146e06797848680",

"sha256": "a955326dfd0a10aacd446e0ac565536adcba79f81063f1b2eeffa6b112c7a8e1"

},

{

"classification": "UNKNOWN",

"file_name": "424a9e57[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "44bdb068c76b48be9b626fc8d53da937",

"sample_size": 1352,

"sample_type": "Binary/None",

"sha1": "950f55eff463bfdb2da622bdaa960fe507485056",

"sha256": "3a66f1f7f0c1385eaa499ca5b52287ba3ea87dda6ed61a4c39d131c694eabe26"

},

{

"classification": "MALICIOUS",

"file_name": "Converged_v21033[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",

"md5": "c2fd0baa69cd8930cf3d0b508b73aeee",

"sample_size": 102048,

"sample_type": "Binary/None",

"sha1": "a037ea2f2863810aa232554518e7d223fe18adf8",

"sha256": "975be5b63f6876ca7d9489f58829d1e57c176e2b667d82ac20181e5f96e4d8a3"

},

{

"classification": "MALICIOUS",

"file_name": "SettingsCache.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",

"md5": "74abce8048d0c92fb14b89ce0e236fd2",

"sample_size": 413096,

"sample_type": "Binary/None",

"sha1": "5ce40e038bfc7d963f00dce2401c3cb61999e64d",

"sha256": "2b84282fb5545fbdad7f6d875941dc2ef34fd9bc0d1d4992c8b0fc99c0e318a6"

},

{

"classification": "MALICIOUS",

"file_name": "eventpage_bin_prod.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",

"md5": "313c37344f68927144dbce6909c9d666",

"sample_size": 63696,

"sample_type": "Binary/None",

"sha1": "630f25a0a9322df5fc5e472ee6deca68a923317a",

"sha256": "7d69397aca155491f922be30b0e4b45beecc6e702fc2166f53ab167d99f7114f"

},

{

"classification": "UNKNOWN",

"file_name": "chrome_shutdown_ms.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"md5": "df6fe268cad8f4939c32b06a0abe7f19",

"sample_size": 48,

"sample_type": "Binary/None",

"sha1": "9c36e34d37d519632dda3471cc95672155d88bc4",

"sha256": "db52e07dd8418f4416368c29dbf702d96787187dcc73936720b79f6c5a614918"

},

{

"classification": "UNKNOWN",

"file_name": "icon_16.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"md5": "1aec73c6d3ab5d31021b71fa49175742",

"sample_size": 200,

"sample_type": "Binary/None",

"sha1": "9c4dfd46c967b4d078096006ea7e3fcd1c6656a9",

"sha256": "06b7b84792faf07102d9301dac706b819229019cf4a404aab342ec6554ca7ab3"

},

{

"classification": "UNKNOWN",

"file_name": "main.js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"md5": "15a12b338ab8e37a70179ac0196005d6",

"sample_size": 128,

"sample_type": "Binary/None",

"sha1": "dd1ccc68a494c4efcfad248f602e595f0a62fd17",

"sha256": "e6ee456a7ecf12f8aad5371b510a52a6b00461f38f85bb99b25c92ae460d6152"

},

{

"classification": "UNKNOWN",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",

"md5": "72b565d8e27c7f6e8f824edf4c2741b7",

"sample_size": 3256,

"sample_type": "Binary/None",

"sha1": "e8e5ad08fb7ff37f002f7f8da31dec14fd01c2f1",

"sha256": "41658e881219b8c18169a9519140dafaca62356a4c6aca5f5855abbadefb48ef"

},

{

"classification": "MALICIOUS",

"file_name": "known_providers_download_v1[1].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"md5": "3ad3468603637756e1ac2c6d534e52ed",

"sample_size": 90560,

"sample_type": "Binary/None",

"sha1": "e20cc6b3d65b5162274b74511b394d80bef4293c",

"sha256": "250e9ff13f1ffb7881393e1a9f2cd154e8b5291e6b1840f25e0f5f8c77a45461"

},

{

"classification": "UNKNOWN",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",

"md5": "88cc0dec6b76bb2789778c36adc80fdf",

"sample_size": 6200,

"sample_type": "Binary/None",

"sha1": "83c83400a498e4eba5b2da21ec3b3508f3314410",

"sha256": "71569d1bdefecf24258f2ee116087530bb25222ded656de089bb517d7905c8b1"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "6e09d57e9030879e4aaa34910b36e340",

"sample_size": 704,

"sample_type": "Binary/None",

"sha1": "acbfaa3f2edca3de19b3dffd8e17ffc9c362193d",

"sha256": "23a76eaeb542e6e67693dbda0755d6d922b3f3ca7980b99c8f872de4f1997a8f"

},

{

"classification": "UNKNOWN",

"file_name": "favicon[3].png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",

"md5": "d7bd02610fcc71c45f5e2ee00df76abb",

"sample_size": 40,

"sample_type": "Binary/None",

"sha1": "a12eb2e41914203b301fdf6d52b9b39ac30cbc74",

"sha256": "40ed7f02069b3d3870fe1278a38bc7a906885e8723add3edecec0e48f754cdac"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "6aae4a11bed8b5e51294257edbbd5a60",

"sample_size": 456,

"sample_type": "Binary/None",

"sha1": "64d5df6ff114e7341b5249b732ce50b75b5edf68",

"sha256": "8c68ef438206dfdddfd1b46bfc240bd7db14dc3ce9e35f26fa1976ef8408dce7"

},

{

"classification": "MALICIOUS",

"file_name": "69958a21[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"md5": "58a393fcb834452becebb25bf8f590e4",

"sample_size": 19744,

"sample_type": "Binary/None",

"sha1": "f505c74651244ee53c924bd0ee3679c85f30ec08",

"sha256": "8fdc3d08d1439d1e5f645a55f02fb04cf8316b4a2896fc660699e89f4584c4fe"

},

{

"classification": "MALICIOUS",

"file_name": "fd45bf1d[1].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "73f05774175a20c682c97aca14781fa5",

"sample_size": 20440,

"sample_type": "Binary/None",

"sha1": "3fbc2a901967b5b318cb2cf89fa8c0542972a4a5",

"sha256": "e32e6d608013aa31de3e787364ab62f572ca521d9568f4ecec913b5070f35983"

},

{

"classification": "UNKNOWN",

"file_name": "icon_128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",

"md5": "93ac1853398516b8d864f29923f86db5",

"sample_size": 3416,

"sample_type": "Binary/None",

"sha1": "69e335e3d341d0f493dacf24523e58259543ee0d",

"sha256": "820609c73845d598617cbdb51c90d25a10b700c38eabdedf658b33680991d5f2"

},

{

"classification": "UNKNOWN",

"file_name": "a2f17337[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"md5": "852e6a5320cc53474a9c258f5a88f741",

"sample_size": 368,

"sample_type": "Binary/None",

"sha1": "0568c07b33ac6e7afccaf2574baf6963cc64e016",

"sha256": "d4572e3b98cec4a63eee74404f747dddcffd11a1742b73435b1d98d9156764a7"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "78264d49a16bd764070085d3c8ed7c55",

"sample_size": 912,

"sample_type": "Binary/None",

"sha1": "6120b002921d7bee8a3c6e4fb9f2f1afe6f2bd75",

"sha256": "097af61fcba9ea3a2faca29787af80f2cfd428f11d0449774635b2d0641429e2"

},

{

"classification": "MALICIOUS",

"file_name": "2743db28[2].css.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",

"md5": "8444dc6cc0ed42c4f1c36c4258b50096",

"sample_size": 60608,

"sample_type": "Binary/None",

"sha1": "9cdfd384657bdbdc6558e11435175d6c224cbadf",

"sha256": "daca8e23a066ab3acfbffaf9843e5ce9ab84e81578b0c77c6869cbf1c34efba3"

},

{

"classification": "MALICIOUS",

"file_name": "03cedd2d[1].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",

"md5": "7ea0bd08d8c028cc6cbb3df59d49dc86",

"sample_size": 41792,

"sample_type": "Binary/None",

"sha1": "796b3157b699d144715b3cf2f9b98c329720e1c6",

"sha256": "5b82f902396ae6c2466178f0308a4d0d3c0e895aa2e8637f2bb197f1b34f7904"

},

{

"classification": "MALICIOUS",

"file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",

"md5": "3df1fafd008f58bd7cbce8c5ab84eb81",

"sample_size": 50328,

"sample_type": "Binary/None",

"sha1": "0163ac925a57abd5f687816498c6ca7fd319f1f7",

"sha256": "a1ec1ab23fa76fc0e047c066aae7747b2f9236e0efc18488a1baa18fde5c89a5"

},

{

"classification": "UNKNOWN",

"file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",

"md5": "06986325a06d0b2a0c6c6786b0c3caf5",

"sample_size": 384,

"sample_type": "Binary/None",

"sha1": "80a78acb248504ceec7b7b91019b6dd75215e195",

"sha256": "356b96b572afbe40e91842210cf61717309208a9e168fac82a35e5849b7717ad"

},

{

"classification": "UNKNOWN",

"file_name": "b8275b23[2].js.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",

"md5": "e32144c93f15d3cf960bbb70e53f2505",

"sample_size": 1712,

"sample_type": "Binary/None",

"sha1": "fb52d3516f5f27e6284e2669c88ba6a67070cc66",

"sha256": "0195455b13996e7b4e3fef659c6568f96157cd84a4b5cbfd4bab72d2f69e5b46"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "0111627d1aab907332da307cb4ac5ceb",

"sample_size": 632,

"sample_type": "Binary/None",

"sha1": "b57814bee6620538c64a6d80c74397883c1863a6",

"sha256": "16a4112aa612f8d72eb52c0795625404e3ebbefb6bd9dcf8248d0e296aba909c"

},

{

"classification": "UNKNOWN",

"file_name": "248aaea9.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",

"md5": "76a333bdafc772b8da3cb292ff4103a1",

"sample_size": 9656,

"sample_type": "Binary/None",

"sha1": "bf1900d599c530742f0156ab21b7cc9d0fb492c0",

"sha256": "7fac5b99b80d77f55f936474fdb8e8ed63f1d3cc2ba04695893a6ead430f993e"

},

{

"classification": "UNKNOWN",

"file_name": "OneDriveMedTile.scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "1b90920f77e45538be049469419c1e1f",

"sample_size": 696,

"sample_type": "Binary/None",

"sha1": "74aad3ae8f55db81a493111561f308afa18e60b0",

"sha256": "c5bbde7ef7748193d6bdd93f9cb6e86a55a10b9ca2c48c4c61376e6d5ca9df03"

},

{

"classification": "UNKNOWN",

"file_name": "128.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",

"md5": "913510d99a80b9d2103dc5ed77de9572",

"sample_size": 3952,

"sample_type": "Binary/None",

"sha1": "9cad1d7e6bccb750654e3cf1f380107069819cfd",

"sha256": "0d5832acad5a8b492e13167bf128826173624184a95053b8bdfd8735a3f743c4"

}

],

"md5": "d5720ea13de22edcbe76d20c7908c0bf",

"memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150641Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=ee5ea869e113ae10e0527e84622c7a2ec1c218ea425cdfa502b73231191550df",

"mitre_attack": {

"matrix_list": [

{

"name": "Enterprise",

"tactics": {

"tactic_list": [

{

"id": "TA0005",

"name": "Defense Evasion",

"techniques": {

"technique_list": [

{

"id": "T1055",

"name": "Process Injection"

},

{

"id": "T1027",

"name": "Obfuscated Files or Information"

},

{

"id": "T1036",

"name": "Masquerading"

},

{

"id": "T1027.002",

"name": "Software Packing"

}

]

}

},

{

"id": "TA0007",

"name": "Discovery",

"techniques": {

"technique_list": [

{

"id": "T1083",

"name": "File and Directory Discovery"

},

{

"id": "T1082",

"name": "System Information Discovery"

},

{

"id": "T1124",

"name": "System Time Discovery"

},

{

"id": "T1518.001",

"name": "Security Software Discovery"

}

]

}

},

{

"id": "TA0002",

"name": "Execution",

"techniques": {

"technique_list": []

}

},

{

"id": "TA0011",

"name": "Command and Control",

"techniques": {

"technique_list": [

{

"id": "T1573",

"name": "Encrypted Channel"

}

]

}

},

{

"id": "TA0010",

"name": "Exfiltration",

"techniques": {

"technique_list": []

}

},

{

"id": "TA0004",

"name": "Privilege Escalation",

"techniques": {

"technique_list": [

{

"id": "T1547.001",

"name": "Registry Run Keys / Startup Folder"

}

]

}

},

{

"id": "TA0003",

"name": "Persistence",

"techniques": {

"technique_list": [

{

"id": "T1176",

"name": "Browser Extensions"

}

]

}

},

{

"id": "TA0009",

"name": "Collection",

"techniques": {

"technique_list": [

{

"id": "T1185",

"name": "Man in the Browser"

},

{

"id": "T1560",

"name": "Archive Collected Data"

},

{

"id": "T1056",

"name": "Input Capture"

},

{

"id": "T1005",

"name": "Data from Local System"

}

]

}

},

{

"id": "TA0040",

"name": "Impact",

"techniques": {

"technique_list": []

}

},

{

"id": "TA0006",

"name": "Credential Access",

"techniques": {

"technique_list": [

{

"id": "T1003",

"name": "OS Credential Dumping"

}

]

}

}

]

}

}

]

},

"network": {

"url": [

{

"source": "memory",

"url": "http://127.0.0.1:90500123456789ABCDEF"

},

{

"source": "memory",

"url": "http://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip"

},

{

"source": "memory",

"url": "http://search.live.com/results.aspx?q="

},

{

"source": "memory",

"url": "http://gcc.gnu.org/bugs.html):"

},

{

"source": "memory",

"url": "http://curl.haxx.se/docs/http-cookies.html"

}

]

},

"optional_parameters": "internet_simulation=false",

"pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150640Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=2d949896392b6a7e6100b7e4528496dde102a782cae48e33434188ea087bf217",

"platform": "windows10",

"process_tree": [

{

"name": "rl_file.exe",

"parameters": "C:\\Users\\user\\Desktop\\rl_file.exe",

"parent_process_id": 3812,

"process_id": 3080

},

{

"name": "rl_file.exe",

"parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" ",

"parent_process_id": 3080,

"process_id": 3668

},

{

"name": "Tox.exe",

"parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" ",

"parent_process_id": 3812,

"process_id": 1568

}

],

"risk_score": 96,

"screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150641Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d815f79993cb3bd0939551ce8b200ef8b1ddd636564b999c9ded4c481f9c3b79",

"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"sha256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19",

"signatures": [

{

"description": "Reads ini files",

"risk_factor": 5,

"sig_id": 1257

},

{

"description": "Creates a start menu entry (Start Menu\\\\Programs\\\\Startup)",

"risk_factor": 7,

"sig_id": 1376

},

{

"description": "Disables application error messages (SetErrorMode)",

"risk_factor": 5,

"sig_id": 1397

},

{

"description": "Contains functionality to enumerate / list files inside a directory",

"risk_factor": 5,

"sig_id": 1088

},

{

"description": "Found inlined nop instructions (likely shell or obfuscated code)",

"risk_factor": 7,

"sig_id": 1537

},

{

"description": "Creates temporary files",

"risk_factor": 5,

"sig_id": 1276

},

{

"description": "Tries to harvest and steal browser information (history, passwords, etc)",

"risk_factor": 8,

"sig_id": 1272

},

{

"description": "Sample reads its own file content",

"risk_factor": 5,

"sig_id": 1571

},

{

"description": "URLs found in memory or binary data",

"risk_factor": 5,

"sig_id": 357

},

{

"description": "Uses an in-process (OLE) Automation server",

"risk_factor": 5,

"sig_id": 1458

},

{

"description": "Sample is packed with UPX",

"risk_factor": 5,

"sig_id": 1366

},

{

"description": "Creates a DirectInput object (often for capturing keystrokes)",

"risk_factor": 7,

"sig_id": 1339

},

{

"description": "Stores files to the Windows startup directory",

"risk_factor": 7,

"sig_id": 1352

},

{

"description": "Creates a process in suspended mode (likely to inject code)",

"risk_factor": 7,

"sig_id": 1790

},

{

"description": "Spawns processes",

"risk_factor": 5,

"sig_id": 1271

},

{

"description": "Creates mutexes",

"risk_factor": 5,

"sig_id": 1150

},

{

"description": "Detected crypto function",

"risk_factor": 7,

"sig_id": 1826

},

{

"description": "Sample is known by Antivirus (Virustotal or Metascan)",

"risk_factor": 5,

"sig_id": 1532

},

{

"description": "Contains functionality to register its own exception handler",

"risk_factor": 5,

"sig_id": 1094

},

{

"description": "Classification label",

"risk_factor": 5,

"sig_id": 420

},

{

"description": "Uses 32bit PE files",

"risk_factor": 7,

"sig_id": 621

},

{

"description": "Contains functionality to query local / system time",

"risk_factor": 5,

"sig_id": 1103

},

{

"description": "Multi AV Scanner detection for dropped file",

"risk_factor": 10,

"sig_id": 1524

},

{

"description": "Drops PE files",

"risk_factor": 7,

"sig_id": 1167

},

{

"description": "Multi AV Scanner detection for submitted file",

"risk_factor": 10,

"sig_id": 362

},

{

"description": "Contains functionality to query CPU information (cpuid)",

"risk_factor": 7,

"sig_id": 1326

},

{

"description": "Drops PE files to the startup folder (C:\\\\Documents and Settings\\\\All Users\\\\Start Menu\\\\Programs\\\\Startup)",

"risk_factor": 8,

"sig_id": 1378

},

{

"description": "Creates files inside the user directory",

"risk_factor": 5,

"sig_id": 1145

},

{

"description": "Reads software policies",

"risk_factor": 5,

"sig_id": 1460

},

{

"description": "Overwrites Mozilla Firefox settings",

"risk_factor": 8,

"sig_id": 1382

},

{

"description": "Installs a chrome extension",

"risk_factor": 7,

"sig_id": 1393

},

{

"description": "Writes many files with high entropy",

"risk_factor": 8,

"sig_id": 2072

}

],

"threat_names": [

{

"threat_name": "Unknown"

}

]

},

"requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271"

}

}

}

}

Human Readable Output

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-certificate-analytics

---

Retrieve certificate analytics.

Base Command

reversinglabs-titaniumcloud-certificate-analytics

Input

Argument Name	Description	Required
certificate_thumbprint	Hash string.	Required

Context Output

Path	Type	Description
ReversingLabs.certificate_analytics	Unknown

Command example

!reversinglabs-titaniumcloud-certificate-analytics certificate_thumbprint="86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"

Context Example

{

"InfoFile": {

"EntryID": "7632@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "text/plain",

"Name": "Certificate Analytics report file for thumbprint 86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A",

"Size": 11882,

"Type": "ASCII text, with very long lines"

},

"ReversingLabs": {

"certificate_analytics": {

"rl": {

"certificate_analytics": {

"certificate": {

"certificate_thumbprints": [

{

"name": "MD5",

"value": "76cc8c2a0859c683eb494eb4f161ed79"

},

{

"name": "SHA1",

"value": "03addd4d8bb9c4eb53a49d734a3fa622f35ac4f4"

},

{

"name": "SHA256",

"value": "86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"

}

],

"common_name": "OOO \"Industry\"",

"extensions": [

{

"is_critical": "False",

"name": "X509v3 Authority Key Identifier",

"value": "keyid:1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1\n"

},

{

"is_critical": "False",

"name": "X509v3 Subject Key Identifier",

"value": "3A:32:1F:B5:2F:91:3A:5A:5F:2C:09:7B:74:6C:0C:95:0C:8B:A3:7E"

},

{

"is_critical": "True",

"name": "X509v3 Key Usage",

"value": "Digital Signature"

},

{

"is_critical": "True",

"name": "X509v3 Basic Constraints",

"value": "CA:FALSE"

},

{

"is_critical": "False",

"name": "X509v3 Extended Key Usage",

"value": "Code Signing"

},

{

"is_critical": "False",

"name": "Netscape Cert Type",

"value": "Object Signing"

},

{

"is_critical": "False",

"name": "X509v3 Certificate Policies",

"value": "Policy: 1.3.6.1.4.1.6449.1.2.1.3.2\n CPS: https://secure.comodo.net/CPS\n"

},

{

"is_critical": "False",

"name": "X509v3 CRL Distribution Points",

"value": "\nFull Name:\n URI:http://crl.comodoca.com/COMODOCodeSigningCA2.crl\n"

},

{

"is_critical": "False",

"name": "Authority Information Access",

"value": "CA Issuers - URI:http://crt.comodoca.com/COMODOCodeSigningCA2.crt\nOCSP - URI:http://ocsp.comodoca.com\n"

},

{

"is_critical": "False",

"name": "X509v3 Subject Alternative Name",

"value": "email:igorv@ooo-industry.ru"

}

],

"issuer": {

"certificate_thumbprints": [

{

"name": "MD5",

"value": "db84b1a0715cfd1e33d1935ddc9beb4e"

},

{

"name": "SHA1",

"value": "b64771392538d1eb7a9281998791c14afd0c5035"

},

{

"name": "SHA256",

"value": "8EF8F2565BE30E7CE7BA6302BB18B42A3ACD148A0DDB4779E4C03E862F39589B"

}

],

"common_name": "COMODO Code Signing CA 2",

"extensions": [

{

"is_critical": "False",

"name": "X509v3 Authority Key Identifier",

"value": "keyid:DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8\n"

},

{

"is_critical": "False",

"name": "X509v3 Subject Key Identifier",

"value": "1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1"

},

{

"is_critical": "True",

"name": "X509v3 Key Usage",

"value": "Certificate Sign, CRL Sign"

},

{

"is_critical": "True",

"name": "X509v3 Basic Constraints",

"value": "CA:TRUE, pathlen:0"

},

{

"is_critical": "False",

"name": "X509v3 Extended Key Usage",

"value": "Code Signing"

},

{

"is_critical": "False",

"name": "X509v3 Certificate Policies",

"value": "Policy: X509v3 Any Policy\n"

},

{

"is_critical": "False",

"name": "X509v3 CRL Distribution Points",

"value": "\nFull Name:\n URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl\n"

},

{

"is_critical": "False",

"name": "Authority Information Access",

"value": "CA Issuers - URI:http://crt.usertrust.com/UTNAddTrustObject_CA.crt\nOCSP - URI:http://ocsp.usertrust.com\n"

}

],

"issuer": {

"certificate_thumbprints": [

{

"name": "MD5",

"value": "ff5fbc4290fa389e798467ebd7ae940b"

},

{

"name": "SHA1",

"value": "8ad5c9987e6f190bd6f5416e2de44ccd641d8cda"

},

{

"name": "SHA256",

"value": "2CF1EC6AB594113BD538DF6D5C940E3319B424F8756D975888072C6AB558B771"

}

],

"common_name": "UTN-USERFirst-Object",

"extensions": [

{

"is_critical": "False",

"name": "X509v3 Authority Key Identifier",

"value": "keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A\n"

},

{

"is_critical": "False",

"name": "X509v3 Subject Key Identifier",

"value": "DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8"

},

{

"is_critical": "True",

"name": "X509v3 Key Usage",

"value": "Certificate Sign, CRL Sign"

},

{

"is_critical": "True",

"name": "X509v3 Basic Constraints",

"value": "CA:TRUE"

},

{

"is_critical": "False",

"name": "X509v3 Certificate Policies",

"value": "Policy: X509v3 Any Policy\n"

},

{

"is_critical": "False",

"name": "X509v3 CRL Distribution Points",

"value": "\nFull Name:\n URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl\n"

},

{

"is_critical": "False",

"name": "Authority Information Access",

"value": "OCSP - URI:http://ocsp.usertrust.com\n"

}

],

"issuer": "AddTrust External CA Root",

"serial_number": "421AF2940984191F520A4BC62426A74B",

"signature": "4D422FA6C18AEB07809058468CF81939662A3C5A2C6DCFD4D987558D790B12887B408FD5C7F84B8D551663ADB757DC3B2BBDD3C14F1E03874B449BE3E2404526F326492B6A84F1547AD442DAFCD36ABB667ECA9EEAE9BBDC07C7C3924E833C81499F92D53209EA492EA111719A36D2C54E68B6CB0E1B2516AF6CDE5D76D81F72B193268617DB18DEAF45E9DFFB98AF1418EDA45EF6899445F055044ADDFF27DD064A40F6B4BCF1E40F9902BBFD5D0E2E28C1BE3B5F1A3F971084BC163ED8A39C631D66CB5C5FDA3EF30F0A093522DBDBC03F00F9E60D5D67D1FDA01E032BD940F7BECC87665480A6A3B8F51962D5D226B19826EE9ACB44A7455A8195151AF551",

"signature_algorithm": "sha1WithRSAEncryption",

"valid_from": "Jun 7 08:09:10 2005 GMT",

"valid_to": "May 30 10:48:38 2020 GMT",

"version": "2"

},

"serial_number": "10709D4FF55408D7306001D8EA9175BB",

"signature": "9589779368015E7CD92D3707905D5A425E0C64B436B50FF6ABD53927DE2246A4491C664B4619592E794903F69C92DF6D50355C0C912E600359D0F164F76909F67EFEEB34B36DB1BF669CA3BA3178B98735613D92311BEFF4E89ED6AC45FA0C363C8067BBBDEF2EC290E13D712F3BC1B0587E45C352710307F6F3394D8B36211B01DFD9DA5E2BEB0E97801E441C5088F5C612334AA84DA58D2F940C7BC6BF9A2CC332CDBD8C2726F0E13003500682BCF43BB3837506C6EFBAEED380F852C6ACCB79F2389E7BB09258429105C89621ADB94B16811469F137B0FE34F7DCB0DF97F543109B768FB465F5E89F13B71EAC6FC4698A5FBA3C617E5E498623132EAF1548",

"signature_algorithm": "sha1WithRSAEncryption",

"valid_from": "Aug 24 00:00:00 2011 GMT",

"valid_to": "May 30 10:48:38 2020 GMT",

"version": "2"

},

"serial_number": "D139BDA20096871840DCE08E6A80B6F0",

"signature": "2F5083FC3924FBE3509C294E8DE25499D771A7A554DED358DC05629AFE99803F4BC8DCC436BF0C7CA97015BA2FFD80EFC4D0BDB6E39F375296ECDDCDE3CA0B5033C649B38ECF57761DA6DEA2868D0286EA481177EE6D0D0C1B7B041BB890ECD6CE1FF93EC608F06A4D53C17DCBA4EA5E8894ABADDCFD670B9C3E4E4F0870AC7BB619E3ECE42971FE8FF0AFDE6578892802FC6C9C96DFF767FE2F52EA197C58B5B86C76110CFA05EC019C6FC589B32284D54F4734A21313EDB3970B2820FB6D05EAA5228E7D5035B27AF3B14285225B71F6C3441E7E53631B8C9508F4006E1A464D6DB91E2E8CC7D3B336926812E5356BD8B8B839BFBC990C9A21B1AC17780C39",

"signature_algorithm": "sha1WithRSAEncryption",

"valid_from": "Aug 2 00:00:00 2012 GMT",

"valid_to": "Aug 2 23:59:59 2015 GMT",

"version": "2"

},

"certificate_first_seen": "2012-09-13T08:57:00",

"classification": {

"status": "undefined"

},

"statistics": {

"known": 2,

"malicious": 6082,

"suspicious": 142,

"total": 6226,

"unknown": 0

}

},

"request": {

"response_format": "json",

"thumbprint": "86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"

}

}

}

}

}

Human Readable Output

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-yara-ruleset-actions

---

Perform various YARA ruleset actions.

Base Command

reversinglabs-titaniumcloud-yara-ruleset-actions

Input

Argument Name	Description	Required
yara_action	YARA ruleset action. Possible values are: CREATE RULESET, DELETE RULESET, GET RULESET INFO, GET RULESET TEXT.	Required
ruleset_name	Name of the YARA ruleset.	Required
ruleset_text	Text of the YARA ruleset.	Optional
sample_available	Return only samples that are available for download to the user. Must be boolean.	Optional

Context Output

Path	Type	Description
ReversingLabs.create_yara_ruleset	Unknown
ReversingLabs.delete_yara_ruleset	Unknown
ReversingLabs.get_yara_ruleset_info	Unknown
ReversingLabs.get_yara_ruleset_text	Unknown

Command example

!reversinglabs-titaniumcloud-yara-ruleset-actions ruleset_name=SuperHunt yara_action="GET RULESET INFO"

Context Example

{

"ReversingLabs": {

"get_yara_ruleset_info": {

"approved": true,

"ruleset_name": "SuperHunt",

"valid": true

}

}

}

Human Readable Output

{ "approved": true, "ruleset_name": "SuperHunt", "valid": true }

reversinglabs-titaniumcloud-yara-matches-feed

---

Returns a recordset of YARA ruleset matches in the specified time range.

Base Command

reversinglabs-titaniumcloud-yara-matches-feed

Input

Argument Name	Description	Required
time_format	Define the time format that is used. Possible values are: utc, timestamp.	Required
time_value	Time value in the defined format.	Required

Context Output

Path	Type	Description
ReversingLabs.yara_matches_feed	Unknown

Command example

!reversinglabs-titaniumcloud-yara-matches-feed time_format=timestamp time_value=1686149726

Context Example

{

"ReversingLabs": {

"yara_matches_feed": {

"rl": {

"feed": {

"entries": [

{

"file_size": 3276768,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2070668,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2103585,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6c9a7e771632738a4d86e8211be63306b3c31739",

"timestamp": 1686149729

},

{

"file_size": 3276768,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2070668,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2103585,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6c9a7e771632738a4d86e8211be63306b3c31739",

"timestamp": 1686149729

},

{

"file_size": 700972,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6427,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 327393,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9",

"timestamp": 1686149748

},

{

"file_size": 700972,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6427,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 327393,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9",

"timestamp": 1686149748

},

{

"file_size": 701035,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6427,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 327456,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "327da64e3c8bd70b5868a11b90345ffb83faf169",

"timestamp": 1686149771

},

{

"file_size": 701035,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6427,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 327456,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "327da64e3c8bd70b5868a11b90345ffb83faf169",

"timestamp": 1686149771

},

{

"file_size": 2495206,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 1508164,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "8b16533fe15079a2797c5edb655e7faa0136a2c3",

"timestamp": 1686149775

},

{

"file_size": 136068,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 90723,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 126493,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4b69b90535fffc35b944af09c4fecd1ea45bdf03",

"timestamp": 1686149791

},

{

"file_size": 136068,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 90723,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 126493,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4b69b90535fffc35b944af09c4fecd1ea45bdf03",

"timestamp": 1686149791

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "9833e067786155c711abd4748f0134dce2a50f70",

"timestamp": 1686149812

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "9833e067786155c711abd4748f0134dce2a50f70",

"timestamp": 1686149812

},

{

"file_size": 60165,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 53034,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 44244,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",

"timestamp": 1686149812

},

{

"file_size": 60165,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 53034,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 44244,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",

"timestamp": 1686149812

},

{

"file_size": 348160,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 37848,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "8a5f73ba3d164d764f3247e1a4d8910f1c82118e",

"timestamp": 1686149813

},

{

"file_size": 2032952,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1691838,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1680161,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3ef76796bc39440ff9e380ee0870e082a7d4d827",

"timestamp": 1686149813

},

{

"file_size": 2032952,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1691838,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1680161,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3ef76796bc39440ff9e380ee0870e082a7d4d827",

"timestamp": 1686149813

},

{

"file_size": 152263,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 108863,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 66000,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "672718e4181413228e56e9aca75af311e5113b34",

"timestamp": 1686149815

},

{

"file_size": 152263,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 108863,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 66000,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "672718e4181413228e56e9aca75af311e5113b34",

"timestamp": 1686149815

},

{

"file_size": 3594552,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2695368,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2746903,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3c1e2700b7b75d6f064f1a4cd92348cbbd12445e",

"timestamp": 1686149821

},

{

"file_size": 3594552,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2695368,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2746903,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3c1e2700b7b75d6f064f1a4cd92348cbbd12445e",

"timestamp": 1686149821

},

{

"file_size": 629694,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 195141,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 142128,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "689fa08d967cd23c51d86f5f31245b2c4b4cb8f4",

"timestamp": 1686149825

},

{

"file_size": 629694,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 195141,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 142128,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "689fa08d967cd23c51d86f5f31245b2c4b4cb8f4",

"timestamp": 1686149825

},

{

"file_size": 60165,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 53034,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 44244,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",

"timestamp": 1686149825

},

{

"file_size": 60165,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 53034,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 44244,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",

"timestamp": 1686149825

},

{

"file_size": 7876608,

"file_type": "ELF64 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4574372,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4638450,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "be246b1372fc383087a49f7b217d57f60a91282e",

"timestamp": 1686149830

},

{

"file_size": 7876608,

"file_type": "ELF64 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4574372,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4638450,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "be246b1372fc383087a49f7b217d57f60a91282e",

"timestamp": 1686149830

},

{

"file_size": 163095,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 92470,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 152391,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "38351d1f1fd246eed1a5319c70e6db239cf08961",

"timestamp": 1686149832

},

{

"file_size": 163095,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 92470,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 152391,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "38351d1f1fd246eed1a5319c70e6db239cf08961",

"timestamp": 1686149832

},

{

"file_size": 4435792,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 35519,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 251777,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",

"timestamp": 1686149840

},

{

"file_size": 4435792,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 35519,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 251777,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",

"timestamp": 1686149840

},

{

"file_size": 118346,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16163,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 93519,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "33b343dbf5e945badbde855fccd9d41cc6721b57",

"timestamp": 1686149841

},

{

"file_size": 118346,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16163,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 93519,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "33b343dbf5e945badbde855fccd9d41cc6721b57",

"timestamp": 1686149841

},

{

"file_size": 421625,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 254252,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 61027,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "97de77df7de1563a15054f68142f815b4df26ef8",

"timestamp": 1686149841

},

{

"file_size": 421625,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 254252,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 61027,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "97de77df7de1563a15054f68142f815b4df26ef8",

"timestamp": 1686149841

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6c4a87910eafb345ad3b07f13dced51376ccc93f",

"timestamp": 1686149842

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6c4a87910eafb345ad3b07f13dced51376ccc93f",

"timestamp": 1686149842

},

{

"file_size": 4091720,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1530891,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1420528,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "f0a94f8d3ba71b06bc7a463241233c2db1cf4a36",

"timestamp": 1686149842

},

{

"file_size": 4091720,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1530891,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1420528,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "f0a94f8d3ba71b06bc7a463241233c2db1cf4a36",

"timestamp": 1686149842

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5c880504fedd3ee67d06ecb36ef7247a6b26cd48",

"timestamp": 1686149844

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5c880504fedd3ee67d06ecb36ef7247a6b26cd48",

"timestamp": 1686149844

},

{

"file_size": 151754,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 108353,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 65464,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1a9bc0dd119fa6b5b15042468d54a26cccccbeaa",

"timestamp": 1686149844

},

{

"file_size": 151754,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 108353,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 65464,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1a9bc0dd119fa6b5b15042468d54a26cccccbeaa",

"timestamp": 1686149844

},

{

"file_size": 151042,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 107641,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 65289,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8",

"timestamp": 1686149844

},

{

"file_size": 151042,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 107641,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 65289,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8",

"timestamp": 1686149844

},

{

"file_size": 6321416,

"file_type": "ELF64 Little/SO",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 361578,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 283948,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7",

"timestamp": 1686149845

},

{

"file_size": 6321416,

"file_type": "ELF64 Little/SO",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 361578,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 283948,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7",

"timestamp": 1686149845

},

{

"file_size": 7876608,

"file_type": "ELF64 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4574372,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4638450,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "be246b1372fc383087a49f7b217d57f60a91282e",

"timestamp": 1686149847

},

{

"file_size": 7876608,

"file_type": "ELF64 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4574372,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4638450,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "be246b1372fc383087a49f7b217d57f60a91282e",

"timestamp": 1686149847

},

{

"file_size": 154712,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 111318,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68396,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "846e91cbdccfbacf3790aaaa5aad6357394ec328",

"timestamp": 1686149848

},

{

"file_size": 154712,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 111318,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68396,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "846e91cbdccfbacf3790aaaa5aad6357394ec328",

"timestamp": 1686149848

},

{

"file_size": 2037575,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 700877,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1730255,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "66ea67dd377be2868f91cada78056d679c37ad14",

"timestamp": 1686149849

},

{

"file_size": 2037575,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 700877,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1730255,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "66ea67dd377be2868f91cada78056d679c37ad14",

"timestamp": 1686149849

},

{

"file_size": 4435792,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 35519,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 251777,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",

"timestamp": 1686149849

},

{

"file_size": 4435792,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 35519,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 251777,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",

"timestamp": 1686149849

},

{

"file_size": 25735,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 369,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 19182,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2983e913f00f2919c3ef8af5984fc1d4165ef459",

"timestamp": 1686149851

},

{

"file_size": 25735,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 369,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 19182,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2983e913f00f2919c3ef8af5984fc1d4165ef459",

"timestamp": 1686149851

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "94d4edb7622aa1bc73976a43641f0f7aa673e515",

"timestamp": 1686149851

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "94d4edb7622aa1bc73976a43641f0f7aa673e515",

"timestamp": 1686149851

},

{

"file_size": 5899328,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3609590,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3648212,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1e005a0d0a4e445a22845e20f507c9986ab8c981",

"timestamp": 1686149855

},

{

"file_size": 5899328,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3609590,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3648212,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1e005a0d0a4e445a22845e20f507c9986ab8c981",

"timestamp": 1686149855

},

{

"file_size": 477009,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 117834,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 179800,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c4362fdfb7e929c0befe19e1fdbb503e340713ef",

"timestamp": 1686149858

},

{

"file_size": 477009,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 117834,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 179800,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c4362fdfb7e929c0befe19e1fdbb503e340713ef",

"timestamp": 1686149858

},

{

"file_size": 146948,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 103548,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 60815,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6aca08c08a657c545ca575cc33e124e0e38f8730",

"timestamp": 1686149865

},

{

"file_size": 146948,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 103548,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 60815,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6aca08c08a657c545ca575cc33e124e0e38f8730",

"timestamp": 1686149865

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "042e4cb27fc3d6fd7c73e3a217a872495a05c90a",

"timestamp": 1686149866

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "042e4cb27fc3d6fd7c73e3a217a872495a05c90a",

"timestamp": 1686149866

},

{

"file_size": 739873,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8970,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 195156,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2a8b44ff48c01cb281e6fc55079211d061ead5c5",

"timestamp": 1686149873

},

{

"file_size": 739873,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8970,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 195156,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2a8b44ff48c01cb281e6fc55079211d061ead5c5",

"timestamp": 1686149873

},

{

"file_size": 1001023,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12927,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 112532,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "f5d3401062623204bff214eef2887ca59171fc8d",

"timestamp": 1686149874

},

{

"file_size": 1001023,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12927,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 112532,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "f5d3401062623204bff214eef2887ca59171fc8d",

"timestamp": 1686149874

},

{

"file_size": 344860,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12762,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 227575,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0",

"timestamp": 1686149875

},

{

"file_size": 344860,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12762,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 227575,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0",

"timestamp": 1686149875

},

{

"file_size": 6738008,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2615445,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2651672,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3ac8e4d7748a9ca0affb66f81978d33e683c4814",

"timestamp": 1686149879

},

{

"file_size": 6738008,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2615445,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2651672,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3ac8e4d7748a9ca0affb66f81978d33e683c4814",

"timestamp": 1686149879

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "dc5645d2051ac4aac468e02b4ebf62628a73605f",

"timestamp": 1686149880

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "dc5645d2051ac4aac468e02b4ebf62628a73605f",

"timestamp": 1686149880

},

{

"file_size": 6343328,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4122595,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4778117,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2db6a690c35f5f29fc0986760df02acf70d67abf",

"timestamp": 1686149881

},

{

"file_size": 6343328,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4122595,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4778117,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2db6a690c35f5f29fc0986760df02acf70d67abf",

"timestamp": 1686149881

},

{

"file_size": 154231,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110832,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68406,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3af52ef8aff5735d794cb2611de951f786961c03",

"timestamp": 1686149900

},

{

"file_size": 154231,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110832,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68406,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3af52ef8aff5735d794cb2611de951f786961c03",

"timestamp": 1686149900

},

{

"file_size": 739903,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8970,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 195156,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e4965ce5cd511a3efd00a2caba635bfab3f4e805",

"timestamp": 1686149921

},

{

"file_size": 739903,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8970,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 195156,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e4965ce5cd511a3efd00a2caba635bfab3f4e805",

"timestamp": 1686149921

},

{

"file_size": 5685433,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 150959,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2075729,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6974c8390c179c1a4a9dca8947a1f2378852faad",

"timestamp": 1686149931

},

{

"file_size": 5685433,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 150959,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2075729,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6974c8390c179c1a4a9dca8947a1f2378852faad",

"timestamp": 1686149931

},

{

"file_size": 11163136,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9002020,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8469401,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "07a157e4e612f74d0b01b2844eca8afdc2a43955",

"timestamp": 1686149931

},

{

"file_size": 11163136,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9002020,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8469401,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "07a157e4e612f74d0b01b2844eca8afdc2a43955",

"timestamp": 1686149931

},

{

"file_size": 1408268,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8975,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 109800,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "440bb2c50ba55eebe34ef8a4e201a17144bd5bc2",

"timestamp": 1686149934

},

{

"file_size": 1408268,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8975,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 109800,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "440bb2c50ba55eebe34ef8a4e201a17144bd5bc2",

"timestamp": 1686149934

},

{

"file_size": 2397377,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 91153,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1061201,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6cea94c3692b8930e8a4991d94810f01dffafd47",

"timestamp": 1686149935

},

{

"file_size": 2397377,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 91153,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1061201,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6cea94c3692b8930e8a4991d94810f01dffafd47",

"timestamp": 1686149935

},

{

"file_size": 22505546,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4456790,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3991479,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8d8af50cf52f96e217de076f925b6bc41f8d0ec5",

"timestamp": 1686149935

},

{

"file_size": 22505546,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4456790,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3991479,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8d8af50cf52f96e217de076f925b6bc41f8d0ec5",

"timestamp": 1686149935

},

{

"file_size": 42817592,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 30365472,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 40659304,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb",

"timestamp": 1686149945

},

{

"file_size": 42817592,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 30365472,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 40659304,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb",

"timestamp": 1686149945

},

{

"file_size": 31211008,

"file_type": "PE+/Exe/QTinstaller",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16799441,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16899630,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8cd67cceebf916ebc1dfa0f3caac9941d2da7318",

"timestamp": 1686149953

},

{

"file_size": 31211008,

"file_type": "PE+/Exe/QTinstaller",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16799441,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16899630,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8cd67cceebf916ebc1dfa0f3caac9941d2da7318",

"timestamp": 1686149953

},

{

"file_size": 173951,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28226,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3981,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc",

"timestamp": 1686149961

},

{

"file_size": 173951,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28226,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3981,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc",

"timestamp": 1686149961

},

{

"file_size": 1001232,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12927,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 112532,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "81722e46258f2181c4488ed7e4e016465a054df5",

"timestamp": 1686149962

},

{

"file_size": 1001232,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12927,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 112532,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "81722e46258f2181c4488ed7e4e016465a054df5",

"timestamp": 1686149962

},

{

"file_size": 1408625,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8975,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 109800,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e497ae5b73b87142c68aa32ca6c8ddc0384a3279",

"timestamp": 1686149962

},

{

"file_size": 1408625,

"file_type": "Text/Go",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8975,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 109800,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e497ae5b73b87142c68aa32ca6c8ddc0384a3279",

"timestamp": 1686149962

},

{

"file_size": 3276768,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2070676,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2103601,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d6a75b67f5d2e46acd4429b58e972867e9cd5d3a",

"timestamp": 1686149979

},

{

"file_size": 3276768,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2070676,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2103601,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d6a75b67f5d2e46acd4429b58e972867e9cd5d3a",

"timestamp": 1686149979

},

{

"file_size": 91161,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28849,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50403,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "9dcc23c9b21440ad706a182c116309563cd3ffdd",

"timestamp": 1686149982

},

{

"file_size": 91161,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28849,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50403,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "9dcc23c9b21440ad706a182c116309563cd3ffdd",

"timestamp": 1686149982

},

{

"file_size": 10193920,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8189124,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8246307,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3d30c8a0198738772f116ae497f63a98e3860397",

"timestamp": 1686149986

},

{

"file_size": 10193920,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8189124,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8246307,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3d30c8a0198738772f116ae497f63a98e3860397",

"timestamp": 1686149986

},

{

"file_size": 10953728,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8832644,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8334233,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "688225294de1ce81a0b86856e9473a44d79cb2c7",

"timestamp": 1686149992

},

{

"file_size": 10953728,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8832644,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8334233,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "688225294de1ce81a0b86856e9473a44d79cb2c7",

"timestamp": 1686149992

},

{

"file_size": 13879776,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9063260,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8955389,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6b2579402e748c7ca1efe1f9bb1829b935e2e7a3",

"timestamp": 1686149994

},

{

"file_size": 13879776,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9063260,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8955389,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6b2579402e748c7ca1efe1f9bb1829b935e2e7a3",

"timestamp": 1686149994

},

{

"file_size": 24079793,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18057198,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8412693,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1f43bab8c6957fa362fb90c9729c1916eab2bcd0",

"timestamp": 1686150002

},

{

"file_size": 24079793,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18057198,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8412693,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1f43bab8c6957fa362fb90c9729c1916eab2bcd0",

"timestamp": 1686150002

},

{

"file_size": 6474752,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2533793,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2591846,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4cde41ec566dfd3b8bc329e318c4f17e2b4f4829",

"timestamp": 1686150005

},

{

"file_size": 6474752,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2533793,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2591846,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4cde41ec566dfd3b8bc329e318c4f17e2b4f4829",

"timestamp": 1686150005

},

{

"file_size": 932698,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 326870,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 54869,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2cbeabd2324a2a2d98c144c6d884e587223e2ec6",

"timestamp": 1686150015

},

{

"file_size": 932698,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 326870,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 54869,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2cbeabd2324a2a2d98c144c6d884e587223e2ec6",

"timestamp": 1686150015

},

{

"file_size": 72837,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 19785,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 43263,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c7d16b5e7cf3bfff42d2247043551c4175d61d20",

"timestamp": 1686150016

},

{

"file_size": 72837,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 19785,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 43263,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c7d16b5e7cf3bfff42d2247043551c4175d61d20",

"timestamp": 1686150016

},

{

"file_size": 36540577,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3889929,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16366923,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a805ed283e310974d552b3b322b4f18891255757",

"timestamp": 1686150017

},

{

"file_size": 36540577,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3889929,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16366923,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a805ed283e310974d552b3b322b4f18891255757",

"timestamp": 1686150017

},

{

"file_size": 5047332,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 13808,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3313365,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "546ddfb350387e7df8ca8266f8b2b038c7eef2d3",

"timestamp": 1686150017

},

{

"file_size": 5047332,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 13808,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3313365,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "546ddfb350387e7df8ca8266f8b2b038c7eef2d3",

"timestamp": 1686150017

},

{

"file_size": 24901120,

"file_type": "PE+/Exe/QTinstaller",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 14371897,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14466070,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "fd39aae727a929c51b958ee707c238bfb473ad15",

"timestamp": 1686150022

},

{

"file_size": 24901120,

"file_type": "PE+/Exe/QTinstaller",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 14371897,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14466070,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "fd39aae727a929c51b958ee707c238bfb473ad15",

"timestamp": 1686150022

},

{

"file_size": 34397761,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6212556,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12877011,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1b67acf2821d6fef6927fc280bc43d62c10f3453",

"timestamp": 1686150023

},

{

"file_size": 34397761,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6212556,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12877011,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1b67acf2821d6fef6927fc280bc43d62c10f3453",

"timestamp": 1686150023

},

{

"file_size": 15989124,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 12610545,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "fbeba4bc92ad9ef8a63969244cefd0a89a82faca",

"timestamp": 1686150024

},

{

"file_size": 30287982,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26848016,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 26812902,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6b0fbcfd179386a5843a327f505fc9792d0ceb73",

"timestamp": 1686150026

},

{

"file_size": 30287982,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26848016,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 26812902,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6b0fbcfd179386a5843a327f505fc9792d0ceb73",

"timestamp": 1686150026

},

{

"file_size": 9734975,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3297128,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3361389,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8710a30f251eb354a10b9b3ded8f39dcb2511270",

"timestamp": 1686150030

},

{

"file_size": 9734975,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3297128,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3361389,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8710a30f251eb354a10b9b3ded8f39dcb2511270",

"timestamp": 1686150030

},

{

"file_size": 36550757,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3894018,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16377103,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2d01a780e7061977aa595ed1ab064a64ca72673f",

"timestamp": 1686150034

},

{

"file_size": 36550757,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3894018,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16377103,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2d01a780e7061977aa595ed1ab064a64ca72673f",

"timestamp": 1686150034

},

{

"file_size": 30241965,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1270683,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 19094887,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e73e925688406110576d482b6349f6b4abf6e791",

"timestamp": 1686150034

},

{

"file_size": 30241965,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1270683,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 19094887,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e73e925688406110576d482b6349f6b4abf6e791",

"timestamp": 1686150034

},

{

"file_size": 1159176,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 917880,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1076516,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "75de010f85713ee4d027ad3b425d8810b83e26c5",

"timestamp": 1686150036

},

{

"file_size": 1159176,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 917880,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1076516,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "75de010f85713ee4d027ad3b425d8810b83e26c5",

"timestamp": 1686150036

},

{

"file_size": 932902,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 216644,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 656004,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "69d5e05c0d3120adbf821c2c81745278e84af7bb",

"timestamp": 1686150036

},

{

"file_size": 932902,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 216644,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 656004,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "69d5e05c0d3120adbf821c2c81745278e84af7bb",

"timestamp": 1686150036

},

{

"file_size": 9079296,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6536009,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6512841,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d8abe35af92e46e46ba9279fe6026b44680e4c24",

"timestamp": 1686150040

},

{

"file_size": 9079296,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6536009,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6512841,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d8abe35af92e46e46ba9279fe6026b44680e4c24",

"timestamp": 1686150040

},

{

"file_size": 36641188,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3930181,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16467533,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "013bd97c6dedc7caabd9b4a867374ae3b0ac264c",

"timestamp": 1686150043

},

{

"file_size": 36641188,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3930181,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16467533,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "013bd97c6dedc7caabd9b4a867374ae3b0ac264c",

"timestamp": 1686150043

},

{

"file_size": 34865877,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 13375873,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 34219704,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3aa2b177f8a825c6b13e4599eb6958557835926a",

"timestamp": 1686150046

},

{

"file_size": 34865877,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 13375873,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 34219704,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3aa2b177f8a825c6b13e4599eb6958557835926a",

"timestamp": 1686150046

},

{

"file_size": 57024799,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11320886,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48226201,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b",

"timestamp": 1686150048

},

{

"file_size": 57024799,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11320886,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48226201,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b",

"timestamp": 1686150048

},

{

"file_size": 348160,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 37848,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "68000a66e0df17b4742280453a78dbd56240d1ee",

"timestamp": 1686150052

},

{

"file_size": 2395811,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 90869,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1060182,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7",

"timestamp": 1686150054

},

{

"file_size": 2395811,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 90869,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1060182,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7",

"timestamp": 1686150054

},

{

"file_size": 36590144,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3909772,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16416489,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4cdaa1a635a89f003730568320dd1843b0b4eb9b",

"timestamp": 1686150060

},

{

"file_size": 36590144,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3909772,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16416489,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4cdaa1a635a89f003730568320dd1843b0b4eb9b",

"timestamp": 1686150060

},

{

"file_size": 36515211,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3879798,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16341556,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3354aa087f5e69e2514eb45f86481e3b48dd8c71",

"timestamp": 1686150061

},

{

"file_size": 36515211,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3879798,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16341556,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3354aa087f5e69e2514eb45f86481e3b48dd8c71",

"timestamp": 1686150061

},

{

"file_size": 33694294,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 23513731,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 24426219,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b530c39a703be42f39ea9b0871269121fde6889f",

"timestamp": 1686150062

},

{

"file_size": 33694294,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 23513731,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 24426219,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b530c39a703be42f39ea9b0871269121fde6889f",

"timestamp": 1686150062

},

{

"file_size": 36537740,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3888816,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16364086,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "33fb0fe07bf41fecddca87af88764a6133dadd47",

"timestamp": 1686150065

},

{

"file_size": 36537740,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3888816,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16364086,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "33fb0fe07bf41fecddca87af88764a6133dadd47",

"timestamp": 1686150065

},

{

"file_size": 36770403,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3981874,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16596748,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "fff92cc57a76f6fd2fb1a9f83323935488263d20",

"timestamp": 1686150067

},

{

"file_size": 36770403,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3981874,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16596748,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "fff92cc57a76f6fd2fb1a9f83323935488263d20",

"timestamp": 1686150067

},

{

"file_size": 58043690,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11416838,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11383531,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc",

"timestamp": 1686150088

},

{

"file_size": 58043690,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11416838,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11383531,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc",

"timestamp": 1686150088

},

{

"file_size": 43296371,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2845294,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 36059397,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "82b57851ed6f20a92ee947f7475ba2f1483fbe40",

"timestamp": 1686150095

},

{

"file_size": 43296371,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2845294,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 36059397,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "82b57851ed6f20a92ee947f7475ba2f1483fbe40",

"timestamp": 1686150095

},

{

"file_size": 928842,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 50772,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 106169,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce",

"timestamp": 1686150097

},

{

"file_size": 928842,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 50772,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 106169,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce",

"timestamp": 1686150097

},

{

"file_size": 932389,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 331131,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50692,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3857f93365c892ca7633a9c53730d6bc1d831a0f",

"timestamp": 1686150102

},

{

"file_size": 932389,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 331131,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50692,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3857f93365c892ca7633a9c53730d6bc1d831a0f",

"timestamp": 1686150102

},

{

"file_size": 928275,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 323826,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51157,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5c92ee4a922e8257741a8147f427470ec1fb2cc7",

"timestamp": 1686150102

},

{

"file_size": 928275,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 323826,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51157,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5c92ee4a922e8257741a8147f427470ec1fb2cc7",

"timestamp": 1686150102

},

{

"file_size": 932276,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 124645,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 684889,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "65dd53f03df7c7fc23c681906bc82faef89b6229",

"timestamp": 1686150102

},

{

"file_size": 932276,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 124645,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 684889,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "65dd53f03df7c7fc23c681906bc82faef89b6229",

"timestamp": 1686150102

},

{

"file_size": 36531162,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3886168,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16357507,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4a50c617873f2fe6d95c80c122ed16c47a1418e1",

"timestamp": 1686150102

},

{

"file_size": 36531162,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3886168,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16357507,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4a50c617873f2fe6d95c80c122ed16c47a1418e1",

"timestamp": 1686150102

},

{

"file_size": 931071,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 52176,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 610004,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5f98263a56a793c9a5b1eb4137b241b3f2b3a92f",

"timestamp": 1686150103

},

{

"file_size": 931071,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 52176,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 610004,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5f98263a56a793c9a5b1eb4137b241b3f2b3a92f",

"timestamp": 1686150103

},

{

"file_size": 7549400,

"file_type": "ELF32 Little/SO",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 313894,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 370505,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "33c1abb22a7c450ec7a56d86ed55f2309033a1ad",

"timestamp": 1686150103

},

{

"file_size": 7549400,

"file_type": "ELF32 Little/SO",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 313894,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 370505,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "33c1abb22a7c450ec7a56d86ed55f2309033a1ad",

"timestamp": 1686150103

},

{

"file_size": 1331824,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 913341,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 824258,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "0a67ebac16528d81e4d4a57c24f5ec98bffe78ba",

"timestamp": 1686150104

},

{

"file_size": 1331824,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 913341,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 824258,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "0a67ebac16528d81e4d4a57c24f5ec98bffe78ba",

"timestamp": 1686150104

},

{

"file_size": 968667,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 134578,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 495188,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "388a688ff5360dc566ae1e02c5744423b1474a8c",

"timestamp": 1686150104

},

{

"file_size": 968667,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 134578,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 495188,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "388a688ff5360dc566ae1e02c5744423b1474a8c",

"timestamp": 1686150104

},

{

"file_size": 931717,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 423260,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51749,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3ea76a30076f6773a77a0d38cb4329bb87ccdca6",

"timestamp": 1686150105

},

{

"file_size": 931717,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 423260,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51749,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3ea76a30076f6773a77a0d38cb4329bb87ccdca6",

"timestamp": 1686150105

},

{

"file_size": 8185728,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6588985,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7149558,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "f9042e40b9e538738ff824c1ab905857b9cdc83d",

"timestamp": 1686150106

},

{

"file_size": 8185728,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6588985,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7149558,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "f9042e40b9e538738ff824c1ab905857b9cdc83d",

"timestamp": 1686150106

},

{

"file_size": 930985,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 322357,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50952,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6beac76e3513c3e844b4a273ee08a7489a850526",

"timestamp": 1686150106

},

{

"file_size": 930985,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 322357,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50952,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6beac76e3513c3e844b4a273ee08a7489a850526",

"timestamp": 1686150106

},

{

"file_size": 926603,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47177,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 694431,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c8cef867ea206871eb64383f00f2fabaadb7c276",

"timestamp": 1686150109

},

{

"file_size": 926603,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47177,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 694431,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c8cef867ea206871eb64383f00f2fabaadb7c276",

"timestamp": 1686150109

},

{

"file_size": 935797,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 138034,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 342929,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "73dafc4fdeb216048d15665f036646f99af73913",

"timestamp": 1686150109

},

{

"file_size": 935797,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 138034,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 342929,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "73dafc4fdeb216048d15665f036646f99af73913",

"timestamp": 1686150109

},

{

"file_size": 931560,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 51372,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 609695,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "0123930e0a777ee12c0a73cf035b5bd7f779ec85",

"timestamp": 1686150109

},

{

"file_size": 931560,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 51372,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 609695,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "0123930e0a777ee12c0a73cf035b5bd7f779ec85",

"timestamp": 1686150109

},

{

"file_size": 935998,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 338376,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 59214,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4",

"timestamp": 1686150110

},

{

"file_size": 935998,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 338376,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 59214,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4",

"timestamp": 1686150110

},

{

"file_size": 933412,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 43451,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 185008,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "101516f0f938f540ac87d4f88875c39c267ea29e",

"timestamp": 1686150112

},

{

"file_size": 933412,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 43451,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 185008,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "101516f0f938f540ac87d4f88875c39c267ea29e",

"timestamp": 1686150112

},

{

"file_size": 6701832,

"file_type": "PE+/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1775780,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2815992,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d194592f1c5946d2d49bc657e9924290ce2e2d2e",

"timestamp": 1686150114

},

{

"file_size": 6701832,

"file_type": "PE+/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1775780,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2815992,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d194592f1c5946d2d49bc657e9924290ce2e2d2e",

"timestamp": 1686150114

},

{

"file_size": 3276768,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2070676,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2103601,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "afa59c4de068f13d617a8090c55f7d0b645d9782",

"timestamp": 1686150114

},

{

"file_size": 3276768,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2070676,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2103601,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "afa59c4de068f13d617a8090c55f7d0b645d9782",

"timestamp": 1686150114

},

{

"file_size": 173795,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28070,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3981,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "bd0f7e58c1600c5a717fcf060c6c260d9d865d22",

"timestamp": 1686150115

},

{

"file_size": 173795,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28070,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3981,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "bd0f7e58c1600c5a717fcf060c6c260d9d865d22",

"timestamp": 1686150115

},

{

"file_size": 931770,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 118609,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 175602,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d85fbe69e08f57750f22ef20ad20e3bb08fb53df",

"timestamp": 1686150115

},

{

"file_size": 931770,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 118609,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 175602,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d85fbe69e08f57750f22ef20ad20e3bb08fb53df",

"timestamp": 1686150115

},

{

"file_size": 929834,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 55696,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 651831,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b4c897b4aaa258b27ee0ff7edf553735481f565d",

"timestamp": 1686150116

},

{

"file_size": 929834,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 55696,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 651831,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b4c897b4aaa258b27ee0ff7edf553735481f565d",

"timestamp": 1686150116

},

{

"file_size": 23668351,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 774742,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23214826,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4af3d5aee88996ec6952ea9e598b434ee4dc0c28",

"timestamp": 1686150119

},

{

"file_size": 23668351,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 774742,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23214826,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4af3d5aee88996ec6952ea9e598b434ee4dc0c28",

"timestamp": 1686150119

},

{

"file_size": 9095348,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2065896,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1838594,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c8e8441cdad2974770adb2fd9091f4f590188968",

"timestamp": 1686150123

},

{

"file_size": 9095348,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2065896,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1838594,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c8e8441cdad2974770adb2fd9091f4f590188968",

"timestamp": 1686150123

},

{

"file_size": 930687,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 118136,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 180327,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "961e3cd96bfa7943f71109d0c235fd8b38376f60",

"timestamp": 1686150124

},

{

"file_size": 930687,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 118136,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 180327,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "961e3cd96bfa7943f71109d0c235fd8b38376f60",

"timestamp": 1686150124

},

{

"file_size": 931377,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 401046,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 129705,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "0bb2964f5efb578d0ecc0cf06417d686dde59f77",

"timestamp": 1686150125

},

{

"file_size": 931377,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 401046,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 129705,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "0bb2964f5efb578d0ecc0cf06417d686dde59f77",

"timestamp": 1686150125

},

{

"file_size": 927231,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 57153,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 688672,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0",

"timestamp": 1686150125

},

{

"file_size": 927231,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 57153,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 688672,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0",

"timestamp": 1686150125

},

{

"file_size": 3331072,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2187152,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2194102,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "089a0358b27ea0c5d92c823b63add32457501a5e",

"timestamp": 1686150126

},

{

"file_size": 3331072,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2187152,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2194102,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "089a0358b27ea0c5d92c823b63add32457501a5e",

"timestamp": 1686150126

},

{

"file_size": 8126464,

"file_type": "ELF64 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3474544,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3515704,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "20a165c1eb816ff4ad7d55d49e70a41c1198ead8",

"timestamp": 1686150128

},

{

"file_size": 8126464,

"file_type": "ELF64 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3474544,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3515704,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "20a165c1eb816ff4ad7d55d49e70a41c1198ead8",

"timestamp": 1686150128

},

{

"file_size": 36633572,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3927134,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16459918,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "583d27662efc73f5f42eb81609770e692e9a65ed",

"timestamp": 1686150129

},

{

"file_size": 36633572,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3927134,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16459918,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "583d27662efc73f5f42eb81609770e692e9a65ed",

"timestamp": 1686150129

},

{

"file_size": 34389577,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6210700,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12869171,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce",

"timestamp": 1686150135

},

{

"file_size": 34389577,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6210700,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12869171,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce",

"timestamp": 1686150135

},

{

"file_size": 935988,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 331334,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 52342,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2129c563cfbfbab0111c73f31184e0bf4b1bc3a6",

"timestamp": 1686150139

},

{

"file_size": 935988,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 331334,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 52342,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2129c563cfbfbab0111c73f31184e0bf4b1bc3a6",

"timestamp": 1686150139

},

{

"file_size": 930473,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 338428,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 59098,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "787d91817a5dd4cf63d0454eb240052aa9687619",

"timestamp": 1686150140

},

{

"file_size": 930473,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 338428,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 59098,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "787d91817a5dd4cf63d0454eb240052aa9687619",

"timestamp": 1686150140

},

{

"file_size": 12013103,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 9115816,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "6a335f4e638e564f836057fe6e0e2af05ec33da8",

"timestamp": 1686150140

},

{

"file_size": 6699288,

"file_type": "PE+/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1775780,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2815385,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed",

"timestamp": 1686150143

},

{

"file_size": 6699288,

"file_type": "PE+/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1775780,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2815385,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed",

"timestamp": 1686150143

},

{

"file_size": 929276,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47016,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 403386,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "9454c50693d7b390806ced4ef36b9b857b8629fa",

"timestamp": 1686150149

},

{

"file_size": 929276,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47016,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 403386,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "9454c50693d7b390806ced4ef36b9b857b8629fa",

"timestamp": 1686150149

},

{

"file_size": 930806,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 46563,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 184147,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "274b00db13eebcd6082de509d400fe5251a98f03",

"timestamp": 1686150149

},

{

"file_size": 930806,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 46563,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 184147,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "274b00db13eebcd6082de509d400fe5251a98f03",

"timestamp": 1686150149

},

{

"file_size": 61184217,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 45211537,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 58260786,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d9db0d9b40773587e3f3504ee62dd13f356e2042",

"timestamp": 1686150152

},

{

"file_size": 61184217,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 45211537,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 58260786,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d9db0d9b40773587e3f3504ee62dd13f356e2042",

"timestamp": 1686150152

},

{

"file_size": 73081759,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12895085,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 30003463,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "824ad09d431328843657589c773b0b69b87fe04e",

"timestamp": 1686150157

},

{

"file_size": 73081759,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12895085,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 30003463,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "824ad09d431328843657589c773b0b69b87fe04e",

"timestamp": 1686150157

},

{

"file_size": 10032511,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1605113,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7068039,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5ba002fd1aa0d945d508de71864be5fbee45f4fb",

"timestamp": 1686150162

},

{

"file_size": 10032511,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1605113,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7068039,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5ba002fd1aa0d945d508de71864be5fbee45f4fb",

"timestamp": 1686150162

},

{

"file_size": 931686,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 48187,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 409598,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e5842bab24fad9c4287acfed037aab491c47df01",

"timestamp": 1686150163

},

{

"file_size": 931686,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 48187,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 409598,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e5842bab24fad9c4287acfed037aab491c47df01",

"timestamp": 1686150163

},

{

"file_size": 26278447,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 23857885,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23869615,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "290617954cdec1062ac608739fe91ff59390d697",

"timestamp": 1686150167

},

{

"file_size": 26278447,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 23857885,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23869615,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "290617954cdec1062ac608739fe91ff59390d697",

"timestamp": 1686150167

},

{

"file_size": 34389577,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6210892,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12869363,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6da793ceb98fba2eca7bf612512c1f19acd4169a",

"timestamp": 1686150172

},

{

"file_size": 34389577,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6210892,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12869363,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "6da793ceb98fba2eca7bf612512c1f19acd4169a",

"timestamp": 1686150172

},

{

"file_size": 8946132,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3674270,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3441202,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "90edd03ca6404f5463883a9636f3c0f9898e07bd",

"timestamp": 1686150179

},

{

"file_size": 8946132,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3674270,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3441202,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "90edd03ca6404f5463883a9636f3c0f9898e07bd",

"timestamp": 1686150179

},

{

"file_size": 9193604,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1891954,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3260593,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990",

"timestamp": 1686150180

},

{

"file_size": 9193604,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1891954,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3260593,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990",

"timestamp": 1686150180

},

{

"file_size": 12764160,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8980721,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12260413,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "7b6aa3b5779ec0d82fee559fc4d63ad480d51081",

"timestamp": 1686150184

},

{

"file_size": 12764160,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8980721,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12260413,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "7b6aa3b5779ec0d82fee559fc4d63ad480d51081",

"timestamp": 1686150184

},

{

"file_size": 3310440,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1999564,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 785846,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1f432e629ddc3a46933533ecbb34fea9957e75fb",

"timestamp": 1686150210

},

{

"file_size": 3310440,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1999564,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 785846,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1f432e629ddc3a46933533ecbb34fea9957e75fb",

"timestamp": 1686150210

},

{

"file_size": 9573220,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6332741,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7759019,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e65b15c85ad58e8c03d631bc18c60cb8158f284e",

"timestamp": 1686150242

},

{

"file_size": 9573220,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6332741,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7759019,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e65b15c85ad58e8c03d631bc18c60cb8158f284e",

"timestamp": 1686150242

},

{

"file_size": 930740,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47540,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 610524,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b873436ccab36552c99f8fe7061bdbe272d3ce8f",

"timestamp": 1686150266

},

{

"file_size": 930740,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47540,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 610524,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b873436ccab36552c99f8fe7061bdbe272d3ce8f",

"timestamp": 1686150266

},

{

"file_size": 348160,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 37848,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "d69278c938ecff91cb1de3e41eb4ad2ada3d7fd7",

"timestamp": 1686150275

},

{

"file_size": 348160,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 37848,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "9e0b73ab7dd3c5393d59f189f72d86969fe810e6",

"timestamp": 1686150278

},

{

"file_size": 96404,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 34942,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23974,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "40ae8ce4fd7be204b022a24d145bc76724f29a25",

"timestamp": 1686150284

},

{

"file_size": 96404,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 34942,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23974,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "40ae8ce4fd7be204b022a24d145bc76724f29a25",

"timestamp": 1686150284

},

{

"file_size": 491771,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31265,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 449442,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "311b155865c0b0031906cc3cb642c1451c728b49",

"timestamp": 1686150285

},

{

"file_size": 491771,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31265,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 449442,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "311b155865c0b0031906cc3cb642c1451c728b49",

"timestamp": 1686150285

},

{

"file_size": 15222705,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3256698,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10462094,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8077d9e9178106ee04bb064f0c4836609b2651a3",

"timestamp": 1686150286

},

{

"file_size": 15222705,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3256698,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10462094,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8077d9e9178106ee04bb064f0c4836609b2651a3",

"timestamp": 1686150286

},

{

"file_size": 30296948,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26842835,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 26807721,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "083b1295e2caf60b6a41f01b6f87667b98430091",

"timestamp": 1686150290

},

{

"file_size": 30296948,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26842835,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 26807721,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "083b1295e2caf60b6a41f01b6f87667b98430091",

"timestamp": 1686150290

},

{

"file_size": 6537308,

"file_type": "PE/Exe/Py2ExeInstaller",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5693089,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2822995,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1",

"timestamp": 1686150294

},

{

"file_size": 6537308,

"file_type": "PE/Exe/Py2ExeInstaller",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5693089,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2822995,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1",

"timestamp": 1686150294

},

{

"file_size": 7247380,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4008699,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4004292,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "dc5923d8b5caae31db125694e113c3838d645180",

"timestamp": 1686150295

},

{

"file_size": 7247380,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4008699,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4004292,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "dc5923d8b5caae31db125694e113c3838d645180",

"timestamp": 1686150295

},

{

"file_size": 4502016,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3630751,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3591330,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "0577c58640804c401b437230cced87df2345e29c",

"timestamp": 1686150298

},

{

"file_size": 4502016,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3630751,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3591330,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "0577c58640804c401b437230cced87df2345e29c",

"timestamp": 1686150298

},

{

"file_size": 12545978,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10606314,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2930691,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a74dd66fb887d1af674a86bf6a29b7689e13bcfe",

"timestamp": 1686150302

},

{

"file_size": 12545978,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10606314,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2930691,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a74dd66fb887d1af674a86bf6a29b7689e13bcfe",

"timestamp": 1686150302

},

{

"file_size": 21330944,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 15508458,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14984430,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d7d92eeac776fff79b8bb27ae022acb7b2a72d46",

"timestamp": 1686150317

},

{

"file_size": 21330944,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 15508458,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14984430,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d7d92eeac776fff79b8bb27ae022acb7b2a72d46",

"timestamp": 1686150317

},

{

"file_size": 931771,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 414713,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 57019,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8cb8155899b4297fa0a00e46789aadf71b9ebae0",

"timestamp": 1686150327

},

{

"file_size": 931771,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 414713,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 57019,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8cb8155899b4297fa0a00e46789aadf71b9ebae0",

"timestamp": 1686150327

},

{

"file_size": 468938,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 20060,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 207216,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "7f8905edbfd2e186ed2a4752c8be165a486871c0",

"timestamp": 1686150330

},

{

"file_size": 468938,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 20060,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 207216,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "7f8905edbfd2e186ed2a4752c8be165a486871c0",

"timestamp": 1686150330

},

{

"file_size": 3557888,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 509291,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 495464,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28",

"timestamp": 1686150332

},

{

"file_size": 3557888,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 509291,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 495464,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28",

"timestamp": 1686150332

},

{

"file_size": 7852544,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6486978,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6455842,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4a080485c96493bd3debfad49a284a34760e9b70",

"timestamp": 1686150343

},

{

"file_size": 7852544,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6486978,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6455842,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4a080485c96493bd3debfad49a284a34760e9b70",

"timestamp": 1686150343

},

{

"file_size": 15735,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11559,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9762,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "aa7abe3707df21fd8e0aab4609e413c9e9395efe",

"timestamp": 1686150351

},

{

"file_size": 15735,

"file_type": "Text/TypeScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11559,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9762,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "aa7abe3707df21fd8e0aab4609e413c9e9395efe",

"timestamp": 1686150351

},

{

"file_size": 931613,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 123803,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 294152,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4",

"timestamp": 1686150352

},

{

"file_size": 931613,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 123803,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 294152,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4",

"timestamp": 1686150352

},

{

"file_size": 948192,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 612819,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 588226,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a6d3081cbeb195d1edfc1099435bf0f9afaf711a",

"timestamp": 1686150354

},

{

"file_size": 948192,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 612819,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 588226,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a6d3081cbeb195d1edfc1099435bf0f9afaf711a",

"timestamp": 1686150354

},

{

"file_size": 5127484,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 13808,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3313365,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ab46a7097d5e33fcc3eefcb097cf651d4b79327e",

"timestamp": 1686150356

},

{

"file_size": 5127484,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 13808,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3313365,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ab46a7097d5e33fcc3eefcb097cf651d4b79327e",

"timestamp": 1686150356

},

{

"file_size": 25453056,

"file_type": "PE+/Exe/QTinstaller",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 15179465,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 15285982,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ade4a102d363465fc686f2205ccc541641212b76",

"timestamp": 1686150357

},

{

"file_size": 25453056,

"file_type": "PE+/Exe/QTinstaller",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 15179465,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 15285982,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ade4a102d363465fc686f2205ccc541641212b76",

"timestamp": 1686150357

},

{

"file_size": 43717981,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 22952660,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 21572538,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "730b962ad50fa2261e7cc4cda3cd478e29433cb6",

"timestamp": 1686150363

},

{

"file_size": 43717981,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 22952660,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 21572538,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "730b962ad50fa2261e7cc4cda3cd478e29433cb6",

"timestamp": 1686150363

},

{

"file_size": 10340152,

"file_type": "PE/.Net Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 615180,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "2715497b02f441d8f7fd55bcbc73e2dc912c284f",

"timestamp": 1686150364

},

{

"file_size": 25406657,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5367098,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5417667,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "cec13f5281df131634a68b0f404360f783f557ec",

"timestamp": 1686150371

},

{

"file_size": 25406657,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5367098,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5417667,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "cec13f5281df131634a68b0f404360f783f557ec",

"timestamp": 1686150371

},

{

"file_size": 931361,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 46225,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 192292,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5c4e9cc203c98e89a989478efaca334e8779af81",

"timestamp": 1686150371

},

{

"file_size": 931361,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 46225,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 192292,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "5c4e9cc203c98e89a989478efaca334e8779af81",

"timestamp": 1686150371

},

{

"file_size": 23095627,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 369170,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 21391369,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "06f8373056da04c985cd04b94e51ec666612d2cd",

"timestamp": 1686150371

},

{

"file_size": 23095627,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 369170,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 21391369,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "06f8373056da04c985cd04b94e51ec666612d2cd",

"timestamp": 1686150371

},

{

"file_size": 348160,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 37848,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "147ae394a900a5d3d735e77dfd86ce49a0991862",

"timestamp": 1686150374

},

{

"file_size": 20372117,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 7242654,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "4f66b0d78adce76fe167fea619b1130503438559",

"timestamp": 1686150375

},

{

"file_size": 20280576,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8292185,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8209778,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8db22983306a388d96017ffdb3ab1e00d7ebb43c",

"timestamp": 1686150377

},

{

"file_size": 20280576,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8292185,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8209778,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8db22983306a388d96017ffdb3ab1e00d7ebb43c",

"timestamp": 1686150377

},

{

"file_size": 10182656,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3152562,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3805148,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "59f6e8d7adc5364174e1ae0f192ad10d2f9d0117",

"timestamp": 1686150379

},

{

"file_size": 10182656,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3152562,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3805148,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "59f6e8d7adc5364174e1ae0f192ad10d2f9d0117",

"timestamp": 1686150379

},

{

"file_size": 930152,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 412452,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 62429,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "112c3ef4d7d4fee90f4367199ad90568e963cf66",

"timestamp": 1686150382

},

{

"file_size": 930152,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 412452,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 62429,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "112c3ef4d7d4fee90f4367199ad90568e963cf66",

"timestamp": 1686150382

},

{

"file_size": 8814592,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4011313,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4713025,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "775b98352e38f238b29f95040424f6c1ac503e8f",

"timestamp": 1686150386

},

{

"file_size": 8814592,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4011313,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4713025,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "775b98352e38f238b29f95040424f6c1ac503e8f",

"timestamp": 1686150386

},

{

"file_size": 3282432,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 1698382,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": true,

"sha1": "89c5c42946f23ab8da17d62395ec0801fc1ff93f",

"timestamp": 1686150394

},

{

"file_size": 6444832,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4974746,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5726860,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "dd3646cd6dab41f30705c102b56e633b952bb475",

"timestamp": 1686150397

},

{

"file_size": 6444832,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4974746,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5726860,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "dd3646cd6dab41f30705c102b56e633b952bb475",

"timestamp": 1686150397

},

{

"file_size": 6474752,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2533783,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2591836,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "696ff8fef64c56e79ea3da6812c7a2edafdc029d",

"timestamp": 1686150401

},

{

"file_size": 6474752,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2533783,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2591836,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "696ff8fef64c56e79ea3da6812c7a2edafdc029d",

"timestamp": 1686150401

},

{

"file_size": 86433,

"file_type": "Binary/None",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28868,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50260,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "7195310aa4920e2cb39ddc26b248143499d3b126",

"timestamp": 1686150413

},

{

"file_size": 86433,

"file_type": "Binary/None",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28868,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50260,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "7195310aa4920e2cb39ddc26b248143499d3b126",

"timestamp": 1686150413

},

{

"file_size": 3267040,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2062484,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2095349,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16",

"timestamp": 1686150421

},

{

"file_size": 3267040,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2062484,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2095349,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16",

"timestamp": 1686150421

},

{

"file_size": 47601,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25695,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 33096,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3175ad779cc055b571f0fd1acbd8cc9bfe520280",

"timestamp": 1686150431

},

{

"file_size": 47601,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25695,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 33096,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "3175ad779cc055b571f0fd1acbd8cc9bfe520280",

"timestamp": 1686150431

},

{

"file_size": 154756,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 111362,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68396,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "220680831449b8f6588a9cce44741fab554a7ba7",

"timestamp": 1686150441

},

{

"file_size": 154756,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 111362,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68396,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "220680831449b8f6588a9cce44741fab554a7ba7",

"timestamp": 1686150441

},

{

"file_size": 151462,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 108062,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 65135,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1878b427f101a316442c57209fa17cbe6a1ca0fe",

"timestamp": 1686150448

},

{

"file_size": 151462,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 108062,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 65135,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "1878b427f101a316442c57209fa17cbe6a1ca0fe",

"timestamp": 1686150448

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a9627215cb7c1b43c9f5f594a82a2c1559857d7b",

"timestamp": 1686150449

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a9627215cb7c1b43c9f5f594a82a2c1559857d7b",

"timestamp": 1686150449

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2d0ed62c390430662fc33d8f57b4eb121139ca54",

"timestamp": 1686150449

},

{

"file_size": 89327,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 18110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7042,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "2d0ed62c390430662fc33d8f57b4eb121139ca54",

"timestamp": 1686150449

},

{

"file_size": 159341,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 115940,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 73406,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a554594c774d4b5d41f7a5234e2905e14b034987",

"timestamp": 1686150450

},

{

"file_size": 159341,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 115940,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 73406,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a554594c774d4b5d41f7a5234e2905e14b034987",

"timestamp": 1686150450

},

{

"file_size": 126381,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 70625,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 53368,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "505c406d7ea1a2f47312b0966be841028ae919e7",

"timestamp": 1686150450

},

{

"file_size": 126381,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 70625,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 53368,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "505c406d7ea1a2f47312b0966be841028ae919e7",

"timestamp": 1686150450

},

{

"file_size": 14417,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11214,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12222,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "60281e56f446d4a3656a25658ffcbd74f12c5bf4",

"timestamp": 1686150454

},

{

"file_size": 14417,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11214,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12222,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "60281e56f446d4a3656a25658ffcbd74f12c5bf4",

"timestamp": 1686150454

},

{

"file_size": 154369,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110973,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68402,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c099dd547b58e74ed8d9c2c6d579ab8e41269500",

"timestamp": 1686150455

},

{

"file_size": 154369,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110973,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68402,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "c099dd547b58e74ed8d9c2c6d579ab8e41269500",

"timestamp": 1686150455

},

{

"file_size": 155384,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 111984,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68667,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4",

"timestamp": 1686150457

},

{

"file_size": 155384,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 111984,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68667,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4",

"timestamp": 1686150457

},

{

"file_size": 154219,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110825,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68400,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "995fd53ad16804fccf466264417695e6b0ab6e20",

"timestamp": 1686150463

},

{

"file_size": 154219,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110825,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68400,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "995fd53ad16804fccf466264417695e6b0ab6e20",

"timestamp": 1686150463

},

{

"file_size": 381079,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 176266,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 345615,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "593b0f2c47aa6bd73428f10ea0360725faf06c42",

"timestamp": 1686150465

},

{

"file_size": 381079,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 176266,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 345615,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "593b0f2c47aa6bd73428f10ea0360725faf06c42",

"timestamp": 1686150465

},

{

"file_size": 163098,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 92473,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 152394,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "942e2fb470bd4008055a8bce6749e9bbccb75ea1",

"timestamp": 1686150468

},

{

"file_size": 163098,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 92473,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 152394,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "942e2fb470bd4008055a8bce6749e9bbccb75ea1",

"timestamp": 1686150468

},

{

"file_size": 13861856,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9049728,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8942045,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "59dafd4d926ab9a9c34899540af51135fe4bd8da",

"timestamp": 1686150470

},

{

"file_size": 13861856,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9049728,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8942045,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "59dafd4d926ab9a9c34899540af51135fe4bd8da",

"timestamp": 1686150470

},

{

"file_size": 164398,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3527,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 58716,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d968e98107f741326dca87d26537cc180932e35f",

"timestamp": 1686150471

},

{

"file_size": 164398,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3527,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 58716,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d968e98107f741326dca87d26537cc180932e35f",

"timestamp": 1686150471

},

{

"file_size": 1747296,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1673385,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1497969,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "99917368bb78857bf2f837dce851312a70b9ada7",

"timestamp": 1686150471

},

{

"file_size": 1747296,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1673385,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1497969,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "99917368bb78857bf2f837dce851312a70b9ada7",

"timestamp": 1686150471

},

{

"file_size": 11576577,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10342763,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10354427,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "dff8243d0b4a32e46a8ac8021d97b0aad21830a4",

"timestamp": 1686150472

},

{

"file_size": 11576577,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10342763,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10354427,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "dff8243d0b4a32e46a8ac8021d97b0aad21830a4",

"timestamp": 1686150472

},

{

"file_size": 154378,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110980,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68404,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ea9236fdef65fc30c10218b2140d0942adc1f22b",

"timestamp": 1686150472

},

{

"file_size": 154378,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110980,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68404,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ea9236fdef65fc30c10218b2140d0942adc1f22b",

"timestamp": 1686150472

},

{

"file_size": 39268559,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 64836,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 605486,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "54edf295efcf05160d27fb6834a3caf9f2209ba7",

"timestamp": 1686150475

},

{

"file_size": 39268559,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 64836,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 605486,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "54edf295efcf05160d27fb6834a3caf9f2209ba7",

"timestamp": 1686150475

},

{

"file_size": 444715,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 15462,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 193293,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "55fc77d16e940a3be013328da7d777f419def447",

"timestamp": 1686150476

},

{

"file_size": 444715,

"file_type": "Text/JavaScript",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 15462,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 193293,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "55fc77d16e940a3be013328da7d777f419def447",

"timestamp": 1686150476

},

{

"file_size": 146027,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 102626,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 60254,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "969c08328198fbb0749411234c6a00b0ce5a003d",

"timestamp": 1686150478

},

{

"file_size": 146027,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 102626,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 60254,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "969c08328198fbb0749411234c6a00b0ce5a003d",

"timestamp": 1686150478

},

{

"file_size": 154393,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110997,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68402,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0",

"timestamp": 1686150478

},

{

"file_size": 154393,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 110997,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 68402,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0",

"timestamp": 1686150478

},

{

"file_size": 407815,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 133036,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 80620,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e35210e1fd190655438816adbb94a276948585d1",

"timestamp": 1686150478

},

{

"file_size": 407815,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 133036,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 80620,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e35210e1fd190655438816adbb94a276948585d1",

"timestamp": 1686150478

},

{

"file_size": 20620343,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 33910,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 196832,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a2acda4f1d103c3935fecaceb702793840da5de2",

"timestamp": 1686150481

},

{

"file_size": 20620343,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 33910,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 196832,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a2acda4f1d103c3935fecaceb702793840da5de2",

"timestamp": 1686150481

},

{

"file_size": 6009840,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4616975,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4984614,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "58d3d4e8011ca5aa7a827bdb32984b46691cb5a9",

"timestamp": 1686150481

},

{

"file_size": 6009840,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4616975,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4984614,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "58d3d4e8011ca5aa7a827bdb32984b46691cb5a9",

"timestamp": 1686150481

},

{

"file_size": 20632380,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16365,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 208986,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d2778f896a3ff2d865af50cbcd529dafcf714393",

"timestamp": 1686150482

},

{

"file_size": 20632380,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16365,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 208986,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "d2778f896a3ff2d865af50cbcd529dafcf714393",

"timestamp": 1686150482

},

{

"file_size": 273248,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 251,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4940,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "34578885caf1a2e0b48b46d4e70eb01445acc5f0",

"timestamp": 1686150482

},

{

"file_size": 273248,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 251,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4940,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "34578885caf1a2e0b48b46d4e70eb01445acc5f0",

"timestamp": 1686150482

},

{

"file_size": 344762,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12762,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 227460,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b6caa5f15f08024eda95d3eb61de207ea1db5ca7",

"timestamp": 1686150483

},

{

"file_size": 344762,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12762,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 227460,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "b6caa5f15f08024eda95d3eb61de207ea1db5ca7",

"timestamp": 1686150483

},

{

"file_size": 273249,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 251,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4940,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ddff15d4914ff06b55fbac496362aaae7a2d3c9b",

"timestamp": 1686150484

},

{

"file_size": 273249,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 251,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4940,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "ddff15d4914ff06b55fbac496362aaae7a2d3c9b",

"timestamp": 1686150484

},

{

"file_size": 456700,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 430650,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 214898,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a3342c659d56113fcf63287f1f2b51015a32a9fe",

"timestamp": 1686150491

},

{

"file_size": 456700,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 430650,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 214898,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "a3342c659d56113fcf63287f1f2b51015a32a9fe",

"timestamp": 1686150491

},

{

"file_size": 20655221,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7544,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 19076,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e1a3dcfe7846ac93feb3b6c0d368c619551e2060",

"timestamp": 1686150496

},

{

"file_size": 20655221,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7544,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 19076,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "e1a3dcfe7846ac93feb3b6c0d368c619551e2060",

"timestamp": 1686150496

},

{

"file_size": 1808816,

"file_type": "PE/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 201237,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 166562,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8cee4323aa88793881d1e9753476ffd85e9909d2",

"timestamp": 1686150498

},

{

"file_size": 1808816,

"file_type": "PE/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 201237,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 166562,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": true,

"sha1": "8cee4323aa88793881d1e9753476ffd85e9909d2",

"timestamp": 1686150498

},

{

"file_size": 17414211,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1697169,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 341432,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "86323712891af72832dd179625c1c9e5f47ef5dc",

"timestamp": 1686149728

},

{

"file_size": 17414211,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1697169,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 341432,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "86323712891af72832dd179625c1c9e5f47ef5dc",

"timestamp": 1686149728

},

{

"file_size": 97050,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27202,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48756,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4b894706af749cdad62ced56233c32dc85274212",

"timestamp": 1686149728

},

{

"file_size": 97050,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27202,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48756,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4b894706af749cdad62ced56233c32dc85274212",

"timestamp": 1686149728

},

{

"file_size": 735478,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 555378,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 733133,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2d4d4a0e0efea6efab5dff40951a996b10fe594c",

"timestamp": 1686149732

},

{

"file_size": 735478,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 555378,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 733133,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2d4d4a0e0efea6efab5dff40951a996b10fe594c",

"timestamp": 1686149732

},

{

"file_size": 609570,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 53613,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8513,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8",

"timestamp": 1686149732

},

{

"file_size": 609570,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 53613,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8513,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8",

"timestamp": 1686149732

},

{

"file_size": 8295796,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3332145,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1798128,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "eb37a450426a73adc228c0b7af6b389fc7bdf56e",

"timestamp": 1686149737

},

{

"file_size": 8295796,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3332145,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1798128,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "eb37a450426a73adc228c0b7af6b389fc7bdf56e",

"timestamp": 1686149737

},

{

"file_size": 13028229,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29013,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 650100,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c38171b6039aed6b7b759e296ace24dc7d025b83",

"timestamp": 1686149738

},

{

"file_size": 13028229,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29013,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 650100,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c38171b6039aed6b7b759e296ace24dc7d025b83",

"timestamp": 1686149738

},

{

"file_size": 7240420,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4735924,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4985544,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "06b99fba88558d39bdb6dbb429327e38bd1a00a6",

"timestamp": 1686149740

},

{

"file_size": 7240420,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4735924,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4985544,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "06b99fba88558d39bdb6dbb429327e38bd1a00a6",

"timestamp": 1686149740

},

{

"file_size": 9198608,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6192194,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6196270,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d537cc50888e2276c7faf74e30d23c170738198a",

"timestamp": 1686149744

},

{

"file_size": 9198608,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6192194,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6196270,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d537cc50888e2276c7faf74e30d23c170738198a",

"timestamp": 1686149744

},

{

"file_size": 26307192,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3868176,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3642636,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0503efcbe5861c3e0d079f9becb3485452b97235",

"timestamp": 1686149749

},

{

"file_size": 26307192,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3868176,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3642636,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0503efcbe5861c3e0d079f9becb3485452b97235",

"timestamp": 1686149749

},

{

"file_size": 108432,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 45813,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17730,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76",

"timestamp": 1686149755

},

{

"file_size": 108432,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 45813,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17730,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76",

"timestamp": 1686149755

},

{

"file_size": 22828,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8423,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11498,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "51b0ba00682591290f80e5855f1a4db9998acf09",

"timestamp": 1686149756

},

{

"file_size": 22828,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8423,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11498,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "51b0ba00682591290f80e5855f1a4db9998acf09",

"timestamp": 1686149756

},

{

"file_size": 22894,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8489,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11564,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0c6f35b25d6e074fab3199944f85df197e063162",

"timestamp": 1686149766

},

{

"file_size": 22894,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8489,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11564,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0c6f35b25d6e074fab3199944f85df197e063162",

"timestamp": 1686149766

},

{

"file_size": 735481,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 555379,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 733136,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87",

"timestamp": 1686149767

},

{

"file_size": 735481,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 555379,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 733136,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87",

"timestamp": 1686149767

},

{

"file_size": 69910542,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 432346,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 401816,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c10dd19fb20e99ac5e03cc854fcb07f3a4689626",

"timestamp": 1686149774

},

{

"file_size": 69910542,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 432346,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 401816,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c10dd19fb20e99ac5e03cc854fcb07f3a4689626",

"timestamp": 1686149774

},

{

"file_size": 78078,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27427,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48075,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6b23dddf010be66788315ffbd673a8786e216cca",

"timestamp": 1686149779

},

{

"file_size": 78078,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27427,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48075,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6b23dddf010be66788315ffbd673a8786e216cca",

"timestamp": 1686149779

},

{

"file_size": 55035681,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6445000,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5864743,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a20295d2941d01ad89f148221bfeeb4a7ae91c8a",

"timestamp": 1686149785

},

{

"file_size": 55035681,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6445000,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5864743,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a20295d2941d01ad89f148221bfeeb4a7ae91c8a",

"timestamp": 1686149785

},

{

"file_size": 72160935,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25254788,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 62943840,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9",

"timestamp": 1686149790

},

{

"file_size": 72160935,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 64192330,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9",

"timestamp": 1686149790

},

{

"file_size": 72160935,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25254788,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 62943840,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9",

"timestamp": 1686149790

},

{

"file_size": 5053848,

"file_type": "PE/Exe/UPX",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 4631537,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "9d94d6d2c676ea1391707da336b08adb51a7602e",

"timestamp": 1686149811

},

{

"file_size": 48064504,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 14832618,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6254126,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "949abf3b22fde0d82aabde30b447202a85a22976",

"timestamp": 1686149814

},

{

"file_size": 48064504,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 14832618,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6254126,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "949abf3b22fde0d82aabde30b447202a85a22976",

"timestamp": 1686149814

},

{

"file_size": 17363501,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 276134,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4050570,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ea2a042555d2ed5031699ab262dd36ee11140a47",

"timestamp": 1686149826

},

{

"file_size": 17363501,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 276134,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4050570,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ea2a042555d2ed5031699ab262dd36ee11140a47",

"timestamp": 1686149826

},

{

"file_size": 1097787,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1026714,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1022464,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8347104bb4f67e9f6a009dddab7d9ba64c1f1f34",

"timestamp": 1686149827

},

{

"file_size": 1097787,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1026714,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1022464,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8347104bb4f67e9f6a009dddab7d9ba64c1f1f34",

"timestamp": 1686149827

},

{

"file_size": 9109956,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6903276,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7053407,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "68272eebbf35852ead3ca57e4d4057c1aca9e87f",

"timestamp": 1686149828

},

{

"file_size": 9109956,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6903276,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7053407,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "68272eebbf35852ead3ca57e4d4057c1aca9e87f",

"timestamp": 1686149828

},

{

"file_size": 129965,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28324,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49213,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8862e555dfb36ef346c9ab015e9cdc042742f905",

"timestamp": 1686149830

},

{

"file_size": 129965,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28324,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49213,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8862e555dfb36ef346c9ab015e9cdc042742f905",

"timestamp": 1686149830

},

{

"file_size": 3401029,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 546852,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12694,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4edebb0ccaf461b657eefd6de9daa819718702c5",

"timestamp": 1686149831

},

{

"file_size": 3401029,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 546852,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12694,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4edebb0ccaf461b657eefd6de9daa819718702c5",

"timestamp": 1686149831

},

{

"file_size": 12211580,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1831826,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1825431,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bce246203d8df748692e5d67f7b43779ca18fcb8",

"timestamp": 1686149833

},

{

"file_size": 12211580,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1831826,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1825431,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bce246203d8df748692e5d67f7b43779ca18fcb8",

"timestamp": 1686149833

},

{

"file_size": 130472,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31577,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 53131,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bb95e8d71ced34ca09a220bcd4740c05bb5beaae",

"timestamp": 1686149835

},

{

"file_size": 130472,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31577,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 53131,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bb95e8d71ced34ca09a220bcd4740c05bb5beaae",

"timestamp": 1686149835

},

{

"file_size": 21856,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10251,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 20432,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "49e3e9c608998a84c76dea1d14979748fa303108",

"timestamp": 1686149836

},

{

"file_size": 21856,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10251,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 20432,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "49e3e9c608998a84c76dea1d14979748fa303108",

"timestamp": 1686149836

},

{

"file_size": 8761628,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5623501,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5729635,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "638ee91a8195f803fb856b9cc58ec90b4e302d2d",

"timestamp": 1686149838

},

{

"file_size": 8761628,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5623501,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5729635,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "638ee91a8195f803fb856b9cc58ec90b4e302d2d",

"timestamp": 1686149838

},

{

"file_size": 80384,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3832,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4633,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d71c31ff1506662b75a69ab2f4c470acd4a608c6",

"timestamp": 1686149840

},

{

"file_size": 80384,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3832,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4633,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d71c31ff1506662b75a69ab2f4c470acd4a608c6",

"timestamp": 1686149840

},

{

"file_size": 2696810,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47000,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11164,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2bb02417e2229ec6c67723720e8c047473bac428",

"timestamp": 1686149843

},

{

"file_size": 2696810,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47000,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11164,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2bb02417e2229ec6c67723720e8c047473bac428",

"timestamp": 1686149843

},

{

"file_size": 291468,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 30654,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 206411,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "861df3d24be5051f03b772a3614ece4f38c9453f",

"timestamp": 1686149843

},

{

"file_size": 291468,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 30654,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 206411,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "861df3d24be5051f03b772a3614ece4f38c9453f",

"timestamp": 1686149843

},

{

"file_size": 9605652,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6219463,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7291032,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "dbb08be91da3fbb62d3a940f50ee262b8ee64a00",

"timestamp": 1686149843

},

{

"file_size": 9605652,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6219463,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7291032,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "dbb08be91da3fbb62d3a940f50ee262b8ee64a00",

"timestamp": 1686149843

},

{

"file_size": 7851776,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5738916,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5715983,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "44ecf0599917582d655aebecad3bff20428a95d5",

"timestamp": 1686149844

},

{

"file_size": 7851776,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5738916,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5715983,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "44ecf0599917582d655aebecad3bff20428a95d5",

"timestamp": 1686149844

},

{

"file_size": 134280,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31122,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 52676,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7b954a9a584dfea3b50aa0d266ece12edd920de3",

"timestamp": 1686149844

},

{

"file_size": 134280,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31122,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 52676,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7b954a9a584dfea3b50aa0d266ece12edd920de3",

"timestamp": 1686149844

},

{

"file_size": 1566720,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47648,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48358,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9ae122565cefb2d077ffd8015b2080dbcd66210a",

"timestamp": 1686149846

},

{

"file_size": 1566720,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 47648,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48358,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9ae122565cefb2d077ffd8015b2080dbcd66210a",

"timestamp": 1686149846

},

{

"file_size": 1826525,

"file_type": "PE/Exe/PECompact",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 61949,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1772779,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "00d16698e37238fa735a1f1728bcbd5a43247e80",

"timestamp": 1686149846

},

{

"file_size": 1826525,

"file_type": "PE/Exe/PECompact",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 61949,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1772779,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "00d16698e37238fa735a1f1728bcbd5a43247e80",

"timestamp": 1686149846

},

{

"file_size": 31410,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29004,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17271,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d11b319f05e4ca0f27820748b503a59f24beb00d",

"timestamp": 1686149846

},

{

"file_size": 31410,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29004,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17271,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d11b319f05e4ca0f27820748b503a59f24beb00d",

"timestamp": 1686149846

},

{

"file_size": 81478,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31946,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 38816,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af",

"timestamp": 1686149850

},

{

"file_size": 81478,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31946,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 38816,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af",

"timestamp": 1686149850

},

{

"file_size": 718416,

"file_type": "Document/None/PDF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 20006,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 140853,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "84c987347c558fb79e603b4ce107e727b35d2ce0",

"timestamp": 1686149850

},

{

"file_size": 718416,

"file_type": "Document/None/PDF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 20006,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 140853,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "84c987347c558fb79e603b4ce107e727b35d2ce0",

"timestamp": 1686149850

},

{

"file_size": 7765124,

"file_type": "Binary/None/TNEF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1806802,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17011,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1898cb0bd9636e2770bef781e64c14ea930737d9",

"timestamp": 1686149851

},

{

"file_size": 7765124,

"file_type": "Binary/None/TNEF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1806802,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17011,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1898cb0bd9636e2770bef781e64c14ea930737d9",

"timestamp": 1686149851

},

{

"file_size": 7445844,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5463059,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5443224,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8397215a4ef8f0278ca94ac55bcfb7d951eb5991",

"timestamp": 1686149852

},

{

"file_size": 7445844,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5463059,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5443224,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8397215a4ef8f0278ca94ac55bcfb7d951eb5991",

"timestamp": 1686149852

},

{

"file_size": 58880,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3006,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5184,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5e3ce373290c3ff3a161f20ce507f566ec02ef37",

"timestamp": 1686149853

},

{

"file_size": 58880,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3006,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5184,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5e3ce373290c3ff3a161f20ce507f566ec02ef37",

"timestamp": 1686149853

},

{

"file_size": 34304,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16023,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 18191,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6419bbc857dfc05244305301ce04fd3101dfbc4e",

"timestamp": 1686149856

},

{

"file_size": 34304,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16023,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 18191,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6419bbc857dfc05244305301ce04fd3101dfbc4e",

"timestamp": 1686149856

},

{

"file_size": 13647,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5929,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7760,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f498fa63f00a6c5d563c78597b1e603f00c292ba",

"timestamp": 1686149856

},

{

"file_size": 13647,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5929,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7760,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f498fa63f00a6c5d563c78597b1e603f00c292ba",

"timestamp": 1686149856

},

{

"file_size": 10867247,

"file_type": "Document/None/PDF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 615042,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2517009,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "80ac906fe3153d272625e4cfd0e953d01dabc718",

"timestamp": 1686149858

},

{

"file_size": 10867247,

"file_type": "Document/None/PDF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 615042,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2517009,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "80ac906fe3153d272625e4cfd0e953d01dabc718",

"timestamp": 1686149858

},

{

"file_size": 10866832,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2275907,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2454431,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6d61d48bbadf3a5eaeec617653c64493c03abc48",

"timestamp": 1686149861

},

{

"file_size": 10866832,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2275907,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2454431,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6d61d48bbadf3a5eaeec617653c64493c03abc48",

"timestamp": 1686149861

},

{

"file_size": 5101876,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 2341502,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "e846d1ab898e95541e6682720022dfb7433b42a1",

"timestamp": 1686149862

},

{

"file_size": 1200556,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 908895,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1200168,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a7c06c5ff0f929a52d7d9e88315d9dd6109a7939",

"timestamp": 1686149867

},

{

"file_size": 1200556,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 908895,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1200168,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a7c06c5ff0f929a52d7d9e88315d9dd6109a7939",

"timestamp": 1686149867

},

{

"file_size": 94208,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 52375,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 54543,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7",

"timestamp": 1686149871

},

{

"file_size": 94208,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 52375,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 54543,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7",

"timestamp": 1686149871

},

{

"file_size": 4403680,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1070028,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1569453,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "388bf96870666f99c68015c72e470b96afe330b6",

"timestamp": 1686149876

},

{

"file_size": 4403680,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1070028,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1569453,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "388bf96870666f99c68015c72e470b96afe330b6",

"timestamp": 1686149876

},

{

"file_size": 124306,

"file_type": "Document/None/RTF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 56115,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 55176,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0c88ebb87d1db36ec61990b11b9046d8bfc84249",

"timestamp": 1686149876

},

{

"file_size": 124306,

"file_type": "Document/None/RTF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 56115,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 55176,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0c88ebb87d1db36ec61990b11b9046d8bfc84249",

"timestamp": 1686149876

},

{

"file_size": 7532560,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5242377,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6199698,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b",

"timestamp": 1686149880

},

{

"file_size": 7532560,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5242377,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6199698,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b",

"timestamp": 1686149880

},

{

"file_size": 89227939,

"file_type": "PE+/Exe/SetupFactory",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 3721968,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "14f646a4c56d4a6908589ff38cfbc8904fef7ffd",

"timestamp": 1686149881

},

{

"file_size": 23765288,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 23568888,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12392190,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7",

"timestamp": 1686149882

},

{

"file_size": 23765288,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 12386158,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7",

"timestamp": 1686149882

},

{

"file_size": 23765288,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 23568888,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12392190,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7",

"timestamp": 1686149882

},

{

"file_size": 83456,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3807,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4722,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "08d52dd79c4506e569f6b44dd040c7666e1c990a",

"timestamp": 1686149884

},

{

"file_size": 83456,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3807,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4722,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "08d52dd79c4506e569f6b44dd040c7666e1c990a",

"timestamp": 1686149884

},

{

"file_size": 18747429,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1790351,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 434614,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9315db8fd8e974ed3f32fed4af2a87950051db31",

"timestamp": 1686149884

},

{

"file_size": 18747429,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1790351,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 434614,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9315db8fd8e974ed3f32fed4af2a87950051db31",

"timestamp": 1686149884

},

{

"file_size": 7971248,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6010248,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5922837,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7c0467942d6e3a17cb46f80485735703971be951",

"timestamp": 1686149899

},

{

"file_size": 7971248,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6010248,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5922837,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7c0467942d6e3a17cb46f80485735703971be951",

"timestamp": 1686149899

},

{

"file_size": 8746736,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6663701,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6518302,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c3905032ee58bd7252bfea670af4fae789ee65bc",

"timestamp": 1686149904

},

{

"file_size": 8746736,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6663701,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6518302,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c3905032ee58bd7252bfea670af4fae789ee65bc",

"timestamp": 1686149904

},

{

"file_size": 29495534,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7777152,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14315453,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5448598e37f1525d59dbde93ed3226c699591660",

"timestamp": 1686149907

},

{

"file_size": 29495534,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 23706990,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "5448598e37f1525d59dbde93ed3226c699591660",

"timestamp": 1686149907

},

{

"file_size": 29495534,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7777152,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14315453,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5448598e37f1525d59dbde93ed3226c699591660",

"timestamp": 1686149907

},

{

"file_size": 20208408,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8042295,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9983725,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1274f648fbf7ec60f349f91426520d5fed741a75",

"timestamp": 1686149911

},

{

"file_size": 20208408,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8042295,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9983725,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1274f648fbf7ec60f349f91426520d5fed741a75",

"timestamp": 1686149911

},

{

"file_size": 9360804,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6623554,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6393329,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a32a21cc68347f914640067d66a8eb9f3d718f97",

"timestamp": 1686149912

},

{

"file_size": 9360804,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6623554,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6393329,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a32a21cc68347f914640067d66a8eb9f3d718f97",

"timestamp": 1686149912

},

{

"file_size": 22696990,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 273776,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2310626,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2ee61b0db428bd1943c0a3a23fa9657bdbae4525",

"timestamp": 1686149917

},

{

"file_size": 22696990,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 273776,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2310626,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2ee61b0db428bd1943c0a3a23fa9657bdbae4525",

"timestamp": 1686149917

},

{

"file_size": 45056,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26775,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7215,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4a2a97a3ccc4f69e4369540afa9621517b61a70d",

"timestamp": 1686149924

},

{

"file_size": 45056,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26775,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7215,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4a2a97a3ccc4f69e4369540afa9621517b61a70d",

"timestamp": 1686149924

},

{

"file_size": 8178116,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5952245,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6078981,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6187f8a655a0c8d63f7c0d0159ec48faf3926397",

"timestamp": 1686149926

},

{

"file_size": 8178116,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5952245,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6078981,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6187f8a655a0c8d63f7c0d0159ec48faf3926397",

"timestamp": 1686149926

},

{

"file_size": 118949,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27159,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48713,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "010536c2287998f486647077d5f5f4cb14216f21",

"timestamp": 1686149928

},

{

"file_size": 118949,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27159,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48713,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "010536c2287998f486647077d5f5f4cb14216f21",

"timestamp": 1686149928

},

{

"file_size": 4397292,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1070008,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1563324,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "28104c2b1121a331071889a8285f18e4e5fa857e",

"timestamp": 1686149932

},

{

"file_size": 4397292,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1070008,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1563324,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "28104c2b1121a331071889a8285f18e4e5fa857e",

"timestamp": 1686149932

},

{

"file_size": 1126838,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 67755,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 301561,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",

"timestamp": 1686149932

},

{

"file_size": 1126838,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 67755,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 301561,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",

"timestamp": 1686149932

},

{

"file_size": 5742,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1420,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1478,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "784251aee0035f509d9a59f46a7854e3156eb1e8",

"timestamp": 1686149932

},

{

"file_size": 5742,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1420,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1478,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "784251aee0035f509d9a59f46a7854e3156eb1e8",

"timestamp": 1686149932

},

{

"file_size": 8342696,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5758241,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6719849,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1a5599d9ac6637d73e45a008eb13963a43a42de5",

"timestamp": 1686149933

},

{

"file_size": 8342696,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5758241,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6719849,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1a5599d9ac6637d73e45a008eb13963a43a42de5",

"timestamp": 1686149933

},

{

"file_size": 10935924,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7358335,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7658163,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ad38d8e905018d8214d3d086a5314bc8baf530f0",

"timestamp": 1686149935

},

{

"file_size": 10935924,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7358335,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7658163,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ad38d8e905018d8214d3d086a5314bc8baf530f0",

"timestamp": 1686149935

},

{

"file_size": 9367552,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3032179,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 699012,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd",

"timestamp": 1686149936

},

{

"file_size": 9367552,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3032179,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 699012,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd",

"timestamp": 1686149936

},

{

"file_size": 5615616,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 684425,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1855040,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "27177a9974cf5e51e406dfc565abec4323a7f460",

"timestamp": 1686149938

},

{

"file_size": 5615616,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 684425,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1855040,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "27177a9974cf5e51e406dfc565abec4323a7f460",

"timestamp": 1686149938

},

{

"file_size": 12587776,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1885979,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1879584,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "61f1d317d4b637547328d7bbd8db162332ffca96",

"timestamp": 1686149941

},

{

"file_size": 12587776,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1885979,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1879584,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "61f1d317d4b637547328d7bbd8db162332ffca96",

"timestamp": 1686149941

},

{

"file_size": 15528080,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7666937,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9603001,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "90006a605fefb15ef0e3ee3a7913e4e3085aa910",

"timestamp": 1686149943

},

{

"file_size": 15528080,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7666937,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9603001,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "90006a605fefb15ef0e3ee3a7913e4e3085aa910",

"timestamp": 1686149943

},

{

"file_size": 61198027,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3493267,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 59650081,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "81fdd91f2f3ad757beaa4e99d1e696fe216572a7",

"timestamp": 1686149946

},

{

"file_size": 61198027,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3493267,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 59650081,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "81fdd91f2f3ad757beaa4e99d1e696fe216572a7",

"timestamp": 1686149946

},

{

"file_size": 92550,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29380,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50934,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "11e37775d188125698553bb54b92212db30c9868",

"timestamp": 1686149952

},

{

"file_size": 92550,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29380,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50934,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "11e37775d188125698553bb54b92212db30c9868",

"timestamp": 1686149952

},

{

"file_size": 15909007,

"file_type": "PE+/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1572203,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4403826,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3044d17533125b0e81479c13a3938c5f680945dd",

"timestamp": 1686149952

},

{

"file_size": 15909007,

"file_type": "PE+/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1572203,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4403826,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3044d17533125b0e81479c13a3938c5f680945dd",

"timestamp": 1686149952

},

{

"file_size": 7030588,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4138419,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3925485,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3e781f619085938c400ef62d124e1c160d8e606d",

"timestamp": 1686149953

},

{

"file_size": 7030588,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4138419,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3925485,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3e781f619085938c400ef62d124e1c160d8e606d",

"timestamp": 1686149953

},

{

"file_size": 7891860,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5936181,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6065613,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9672712486f68f6ef3fa5ea1051a488652768782",

"timestamp": 1686149956

},

{

"file_size": 7891860,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5936181,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6065613,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9672712486f68f6ef3fa5ea1051a488652768782",

"timestamp": 1686149956

},

{

"file_size": 1126838,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 67755,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 301561,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",

"timestamp": 1686149974

},

{

"file_size": 1126838,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 67755,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 301561,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",

"timestamp": 1686149974

},

{

"file_size": 58853069,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 453396,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 422866,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7f61bf37ba7a45b4d9686384db4cccec61f67c47",

"timestamp": 1686149975

},

{

"file_size": 58853069,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 453396,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 422866,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7f61bf37ba7a45b4d9686384db4cccec61f67c47",

"timestamp": 1686149975

},

{

"file_size": 80896,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3807,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4617,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6fc8b4b91789e00438dc40c306b51a4cb607eb8d",

"timestamp": 1686149975

},

{

"file_size": 80896,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3807,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4617,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6fc8b4b91789e00438dc40c306b51a4cb607eb8d",

"timestamp": 1686149975

},

{

"file_size": 4090442,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2966063,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3005572,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a9102e50f879a876bcde1a65ed9e66061345af38",

"timestamp": 1686149977

},

{

"file_size": 4090442,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2966063,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3005572,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a9102e50f879a876bcde1a65ed9e66061345af38",

"timestamp": 1686149977

},

{

"file_size": 11287504,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9611205,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9336911,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "855439438fa49547ac12bdf953b32f72c719b2c9",

"timestamp": 1686149980

},

{

"file_size": 11287504,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9611205,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9336911,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "855439438fa49547ac12bdf953b32f72c719b2c9",

"timestamp": 1686149980

},

{

"file_size": 51580195,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 192859,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1055775,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "aa57da659dd7d00cce7d1435bfc8459087f51b6f",

"timestamp": 1686149983

},

{

"file_size": 51580195,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 192859,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1055775,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "aa57da659dd7d00cce7d1435bfc8459087f51b6f",

"timestamp": 1686149983

},

{

"file_size": 52603562,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5081683,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48790340,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7b645c555f2208a68b7d6aff201736b6e111d3cc",

"timestamp": 1686149989

},

{

"file_size": 52603562,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5081683,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48790340,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7b645c555f2208a68b7d6aff201736b6e111d3cc",

"timestamp": 1686149989

},

{

"file_size": 12364752,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10579965,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10306863,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6c745b37d30bdc06e8ace8b4189538403c4d5c8a",

"timestamp": 1686149991

},

{

"file_size": 12364752,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10579965,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10306863,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6c745b37d30bdc06e8ace8b4189538403c4d5c8a",

"timestamp": 1686149991

},

{

"file_size": 113599,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28965,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50276,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c797c0ed6564a46ae0ac9973f2b97411dbac4754",

"timestamp": 1686149993

},

{

"file_size": 113599,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28965,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50276,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c797c0ed6564a46ae0ac9973f2b97411dbac4754",

"timestamp": 1686149993

},

{

"file_size": 8720028,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6232135,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6035292,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a12a22c2b0ecdbeb2f98a592328068591520225e",

"timestamp": 1686149993

},

{

"file_size": 8720028,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6232135,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6035292,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a12a22c2b0ecdbeb2f98a592328068591520225e",

"timestamp": 1686149993

},

{

"file_size": 11722184,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10006757,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9731199,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d824b4da35e0527c04c91b45111790421e0df9c3",

"timestamp": 1686149993

},

{

"file_size": 11722184,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10006757,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9731199,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d824b4da35e0527c04c91b45111790421e0df9c3",

"timestamp": 1686149993

},

{

"file_size": 1647430,

"file_type": "Document/None/RTF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1504890,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1514081,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d416c83fd8bc78cc77ef30a8e5543b59f8b58f90",

"timestamp": 1686150001

},

{

"file_size": 1647430,

"file_type": "Document/None/RTF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1504890,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1514081,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d416c83fd8bc78cc77ef30a8e5543b59f8b58f90",

"timestamp": 1686150001

},

{

"file_size": 8185068,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1729023,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1836665,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a470d52b3da243f0a6e4f29990910c15fe877260",

"timestamp": 1686150003

},

{

"file_size": 8185068,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1729023,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1836665,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a470d52b3da243f0a6e4f29990910c15fe877260",

"timestamp": 1686150003

},

{

"file_size": 9058488,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2024065,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2076599,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "28cb515f6029996c620d90852ac18089b1ded110",

"timestamp": 1686150004

},

{

"file_size": 9058488,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2024065,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2076599,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "28cb515f6029996c620d90852ac18089b1ded110",

"timestamp": 1686150004

},

{

"file_size": 6957242,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1535249,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2867970,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "936ed9f8b5e106db89d568cdd6cf0d3768e35e8a",

"timestamp": 1686150005

},

{

"file_size": 6957242,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1535249,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2867970,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "936ed9f8b5e106db89d568cdd6cf0d3768e35e8a",

"timestamp": 1686150005

},

{

"file_size": 11402192,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9748709,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9479007,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "67bf7558493de43e5248d5c3fb0eff9ebe15e025",

"timestamp": 1686150005

},

{

"file_size": 11402192,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9748709,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9479007,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "67bf7558493de43e5248d5c3fb0eff9ebe15e025",

"timestamp": 1686150005

},

{

"file_size": 3560827,

"file_type": "ELF64 Little/SO",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 134236,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3282561,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "09a2f81add6a24707bf53b87fc35649648d83d84",

"timestamp": 1686150008

},

{

"file_size": 3560827,

"file_type": "ELF64 Little/SO",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 134236,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3282561,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "09a2f81add6a24707bf53b87fc35649648d83d84",

"timestamp": 1686150008

},

{

"file_size": 24621335,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1120542,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1090012,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "42b2ae12dea46ea047d05762919e9b4bfe5ef788",

"timestamp": 1686150010

},

{

"file_size": 24621335,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1120542,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1090012,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "42b2ae12dea46ea047d05762919e9b4bfe5ef788",

"timestamp": 1686150010

},

{

"file_size": 27294631,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2867337,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5192795,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fadcba6ae6a7d80804672d39716caf6d6b236548",

"timestamp": 1686150010

},

{

"file_size": 27294631,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2867337,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5192795,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fadcba6ae6a7d80804672d39716caf6d6b236548",

"timestamp": 1686150010

},

{

"file_size": 563708,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 71256,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13295,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ec4ae655adbbb3805d80b71db833024062f40a30",

"timestamp": 1686150022

},

{

"file_size": 563708,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 71256,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13295,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ec4ae655adbbb3805d80b71db833024062f40a30",

"timestamp": 1686150022

},

{

"file_size": 23674771,

"file_type": "PE/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1113582,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 898210,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c3b9b20d2b059c554bfedcf02f7e20a78ea0b634",

"timestamp": 1686150029

},

{

"file_size": 23674771,

"file_type": "PE/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1113582,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 898210,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c3b9b20d2b059c554bfedcf02f7e20a78ea0b634",

"timestamp": 1686150029

},

{

"file_size": 8696352,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6448188,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5556020,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8c6478d4da8936bbd1c41d55d627e5947f350a3c",

"timestamp": 1686150030

},

{

"file_size": 8696352,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6448188,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5556020,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8c6478d4da8936bbd1c41d55d627e5947f350a3c",

"timestamp": 1686150030

},

{

"file_size": 89737,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27489,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49043,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ea0cd712f5841da8a42c88b5531580a67a46606d",

"timestamp": 1686150040

},

{

"file_size": 89737,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27489,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49043,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ea0cd712f5841da8a42c88b5531580a67a46606d",

"timestamp": 1686150040

},

{

"file_size": 7919852,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5071035,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5906334,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "639f26fcdf4cf23f537da436e579d7642bb88a34",

"timestamp": 1686150042

},

{

"file_size": 7919852,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5071035,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5906334,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "639f26fcdf4cf23f537da436e579d7642bb88a34",

"timestamp": 1686150042

},

{

"file_size": 4740152,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3564800,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3647079,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0e2b28a93eb1a6028a450f2d0fb17b8a4142c838",

"timestamp": 1686150044

},

{

"file_size": 4740152,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3564800,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3647079,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0e2b28a93eb1a6028a450f2d0fb17b8a4142c838",

"timestamp": 1686150044

},

{

"file_size": 8722544,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6754191,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7446396,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "11da04c21b47ff12ad322a6b23556b240c57e132",

"timestamp": 1686150045

},

{

"file_size": 8722544,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6754191,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7446396,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "11da04c21b47ff12ad322a6b23556b240c57e132",

"timestamp": 1686150045

},

{

"file_size": 3826214,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 68922,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3251864,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "57e01329fd57cdf43d48e6126dcb04a9a649f486",

"timestamp": 1686150045

},

{

"file_size": 3826214,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 68922,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3251864,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "57e01329fd57cdf43d48e6126dcb04a9a649f486",

"timestamp": 1686150045

},

{

"file_size": 90401,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 30206,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51760,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "eb539586df1f83a1ad6a46578ae93af47d28e583",

"timestamp": 1686150050

},

{

"file_size": 90401,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 30206,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51760,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "eb539586df1f83a1ad6a46578ae93af47d28e583",

"timestamp": 1686150050

},

{

"file_size": 5196432,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1774761,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1594184,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0dfbab7b39fe2df27cc3c450a33703e862548e7c",

"timestamp": 1686150050

},

{

"file_size": 5196432,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1774761,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1594184,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0dfbab7b39fe2df27cc3c450a33703e862548e7c",

"timestamp": 1686150050

},

{

"file_size": 88693,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25563,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 47117,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4f0abfde4499ca4265efaa76240165eeec26ae9c",

"timestamp": 1686150055

},

{

"file_size": 88693,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25563,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 47117,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4f0abfde4499ca4265efaa76240165eeec26ae9c",

"timestamp": 1686150055

},

{

"file_size": 3114071,

"file_type": "ELF32 Little/SO",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 104418,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2618650,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e99fb966b75da3eb02a16fcac3b36c3a9194b857",

"timestamp": 1686150056

},

{

"file_size": 3114071,

"file_type": "ELF32 Little/SO",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 104418,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2618650,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e99fb966b75da3eb02a16fcac3b36c3a9194b857",

"timestamp": 1686150056

},

{

"file_size": 28120902,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 22260169,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 27281148,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0ac06711934890049220bec85d224ca6a69a4abf",

"timestamp": 1686150060

},

{

"file_size": 28120902,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 22260169,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 27281148,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0ac06711934890049220bec85d224ca6a69a4abf",

"timestamp": 1686150060

},

{

"file_size": 28328686,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6610304,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13148605,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9",

"timestamp": 1686150077

},

{

"file_size": 28328686,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6610304,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13148605,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9",

"timestamp": 1686150077

},

{

"file_size": 28328686,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 22540142,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9",

"timestamp": 1686150077

},

{

"file_size": 18271076,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 273776,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4064513,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8efe34081ab998e156e537df4da387b0a4bd7f08",

"timestamp": 1686150078

},

{

"file_size": 18271076,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 273776,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4064513,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8efe34081ab998e156e537df4da387b0a4bd7f08",

"timestamp": 1686150078

},

{

"file_size": 28018926,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6300544,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12838845,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116",

"timestamp": 1686150083

},

{

"file_size": 28018926,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 22230382,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116",

"timestamp": 1686150083

},

{

"file_size": 28018926,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6300544,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12838845,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116",

"timestamp": 1686150083

},

{

"file_size": 27306734,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5588352,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12126653,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "32c438b9048acb085fda9bd828fe370804e83b5c",

"timestamp": 1686150084

},

{

"file_size": 27306734,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5588352,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12126653,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "32c438b9048acb085fda9bd828fe370804e83b5c",

"timestamp": 1686150084

},

{

"file_size": 27306734,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 21518190,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "32c438b9048acb085fda9bd828fe370804e83b5c",

"timestamp": 1686150084

},

{

"file_size": 81650,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16951,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 39263,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "37b6ec97243b59e031215a7c79c76bd535c94a11",

"timestamp": 1686150090

},

{

"file_size": 81650,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 16951,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 39263,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "37b6ec97243b59e031215a7c79c76bd535c94a11",

"timestamp": 1686150090

},

{

"file_size": 181777,

"file_type": "Document/None/PDF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9977,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8279,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8e5698b6c99e84ef251da396e57801eea4d4a7e0",

"timestamp": 1686150096

},

{

"file_size": 181777,

"file_type": "Document/None/PDF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9977,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8279,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8e5698b6c99e84ef251da396e57801eea4d4a7e0",

"timestamp": 1686150096

},

{

"file_size": 271360,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 119107,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 118595,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2b1c1ebb77a69accf7ade4a6656a229a8236da23",

"timestamp": 1686150101

},

{

"file_size": 271360,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 119107,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 118595,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2b1c1ebb77a69accf7ade4a6656a229a8236da23",

"timestamp": 1686150101

},

{

"file_size": 583414,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 304758,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 30495,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c90a2097bb3ef3b7782b569aad3a7a402c40ece6",

"timestamp": 1686150102

},

{

"file_size": 583414,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 304758,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 30495,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c90a2097bb3ef3b7782b569aad3a7a402c40ece6",

"timestamp": 1686150102

},

{

"file_size": 5011956,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3830891,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4122073,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bceeab17f46e635c4d2d8e83ba98fc53d3b94409",

"timestamp": 1686150104

},

{

"file_size": 5011956,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3830891,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4122073,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bceeab17f46e635c4d2d8e83ba98fc53d3b94409",

"timestamp": 1686150104

},

{

"file_size": 22521,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 17697,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 22133,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7370d7caf811dc3fb9b8ded4fb3a23d36997253d",

"timestamp": 1686150104

},

{

"file_size": 22521,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 17697,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 22133,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7370d7caf811dc3fb9b8ded4fb3a23d36997253d",

"timestamp": 1686150104

},

{

"file_size": 7701312,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5240872,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6126943,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "af1458eda29940c81e42bf6a11d689b9363a575b",

"timestamp": 1686150107

},

{

"file_size": 7701312,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5240872,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6126943,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "af1458eda29940c81e42bf6a11d689b9363a575b",

"timestamp": 1686150107

},

{

"file_size": 8298484,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1572183,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2680377,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "99047e1bf6e16b647f124db80faf90d91947643e",

"timestamp": 1686150109

},

{

"file_size": 8298484,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1572183,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2680377,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "99047e1bf6e16b647f124db80faf90d91947643e",

"timestamp": 1686150109

},

{

"file_size": 105267,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 849,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 30630,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "891e13aa1d764808d787be69ae3e8188345891ed",

"timestamp": 1686150115

},

{

"file_size": 105267,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 849,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 30630,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "891e13aa1d764808d787be69ae3e8188345891ed",

"timestamp": 1686150115

},

{

"file_size": 6390588,

"file_type": "PE+/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3498419,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3285485,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "732c2810e0cecccdfbcf3a052753060d8158643d",

"timestamp": 1686150119

},

{

"file_size": 6390588,

"file_type": "PE+/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3498419,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3285485,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "732c2810e0cecccdfbcf3a052753060d8158643d",

"timestamp": 1686150119

},

{

"file_size": 102498470,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26303220,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 15358931,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "89f539a36777589582b45b5ab3f1c4b8c392a519",

"timestamp": 1686150124

},

{

"file_size": 102498470,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26303220,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 15358931,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "89f539a36777589582b45b5ab3f1c4b8c392a519",

"timestamp": 1686150124

},

{

"file_size": 223744,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 21284,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 15037,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d",

"timestamp": 1686150124

},

{

"file_size": 223744,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 21284,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 15037,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d",

"timestamp": 1686150124

},

{

"file_size": 34840,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1586,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 20241,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "247dda310be523a670399ce08ac7576eeffceba9",

"timestamp": 1686150127

},

{

"file_size": 34840,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1586,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 20241,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "247dda310be523a670399ce08ac7576eeffceba9",

"timestamp": 1686150127

},

{

"file_size": 97689,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 34565,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 56119,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ce2fbbb268352f30e63708658a895b55d5994a21",

"timestamp": 1686150127

},

{

"file_size": 97689,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 34565,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 56119,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ce2fbbb268352f30e63708658a895b55d5994a21",

"timestamp": 1686150127

},

{

"file_size": 608019,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 120997,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 179775,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5",

"timestamp": 1686150128

},

{

"file_size": 608019,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 120997,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 179775,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5",

"timestamp": 1686150128

},

{

"file_size": 7109996,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5978050,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4853648,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2a354db1cbe01973b6ea523d0842327ddafc17b8",

"timestamp": 1686150129

},

{

"file_size": 7109996,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5978050,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4853648,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2a354db1cbe01973b6ea523d0842327ddafc17b8",

"timestamp": 1686150129

},

{

"file_size": 11060751,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 208731,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4067711,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d328639db252e6882cde55b4d96fb6c6917ce647",

"timestamp": 1686150135

},

{

"file_size": 11060751,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 208731,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4067711,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d328639db252e6882cde55b4d96fb6c6917ce647",

"timestamp": 1686150135

},

{

"file_size": 102034,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31083,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 52637,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9d13375b63610249a16e7eec10b2be064c7097f7",

"timestamp": 1686150136

},

{

"file_size": 102034,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31083,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 52637,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9d13375b63610249a16e7eec10b2be064c7097f7",

"timestamp": 1686150136

},

{

"file_size": 24915182,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 19126638,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2",

"timestamp": 1686150137

},

{

"file_size": 24915182,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3196800,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9735101,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2",

"timestamp": 1686150137

},

{

"file_size": 24915182,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3196800,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9735101,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2",

"timestamp": 1686150137

},

{

"file_size": 26192622,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 20404078,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb",

"timestamp": 1686150137

},

{

"file_size": 26192622,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4474240,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11012541,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb",

"timestamp": 1686150137

},

{

"file_size": 26192622,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4474240,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11012541,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb",

"timestamp": 1686150137

},

{

"file_size": 26345710,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 20557166,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "d6d554d74fdfd98418b8fa34338056708291599e",

"timestamp": 1686150137

},

{

"file_size": 26345710,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4627328,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11165629,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d6d554d74fdfd98418b8fa34338056708291599e",

"timestamp": 1686150137

},

{

"file_size": 26345710,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4627328,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11165629,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d6d554d74fdfd98418b8fa34338056708291599e",

"timestamp": 1686150137

},

{

"file_size": 25406702,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3688320,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10226621,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f",

"timestamp": 1686150137

},

{

"file_size": 25406702,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3688320,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10226621,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f",

"timestamp": 1686150137

},

{

"file_size": 25406702,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 19618158,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f",

"timestamp": 1686150137

},

{

"file_size": 25241838,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 19453294,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443",

"timestamp": 1686150138

},

{

"file_size": 25241838,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3523456,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10061757,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443",

"timestamp": 1686150138

},

{

"file_size": 25241838,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3523456,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10061757,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443",

"timestamp": 1686150138

},

{

"file_size": 27273966,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 21485422,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0",

"timestamp": 1686150138

},

{

"file_size": 27273966,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5555584,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12093885,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0",

"timestamp": 1686150138

},

{

"file_size": 27273966,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5555584,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12093885,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0",

"timestamp": 1686150138

},

{

"file_size": 26257134,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4538752,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11077053,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bbda585b97e741d2fb638684255a0c49daafadac",

"timestamp": 1686150138

},

{

"file_size": 26257134,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 20468590,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "bbda585b97e741d2fb638684255a0c49daafadac",

"timestamp": 1686150138

},

{

"file_size": 26257134,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4538752,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11077053,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bbda585b97e741d2fb638684255a0c49daafadac",

"timestamp": 1686150138

},

{

"file_size": 4620288,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2649834,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2685878,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "102d0b298f078b7d115083307e4ca0ed1bcbd134",

"timestamp": 1686150138

},

{

"file_size": 4620288,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2649834,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2685878,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "102d0b298f078b7d115083307e4ca0ed1bcbd134",

"timestamp": 1686150138

},

{

"file_size": 489616,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 38581,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 22168,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "32de67e7b17be1d18964e2086362b34f3c7b3575",

"timestamp": 1686150138

},

{

"file_size": 489616,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 38581,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 22168,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "32de67e7b17be1d18964e2086362b34f3c7b3575",

"timestamp": 1686150138

},

{

"file_size": 33862,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26439,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23818,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "40caa9fe8fa64c0f9ba67298941a34d042cff179",

"timestamp": 1686150138

},

{

"file_size": 33862,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26439,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23818,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "40caa9fe8fa64c0f9ba67298941a34d042cff179",

"timestamp": 1686150138

},

{

"file_size": 85008,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27891,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49445,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "37c285df8d320279049afa0c23fa334a3bbeda77",

"timestamp": 1686150139

},

{

"file_size": 85008,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27891,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49445,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "37c285df8d320279049afa0c23fa334a3bbeda77",

"timestamp": 1686150139

},

{

"file_size": 27974382,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 22185838,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457",

"timestamp": 1686150139

},

{

"file_size": 27974382,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6256000,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12794301,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457",

"timestamp": 1686150139

},

{

"file_size": 27974382,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6256000,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12794301,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457",

"timestamp": 1686150139

},

{

"file_size": 28105966,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6387584,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12925885,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003",

"timestamp": 1686150139

},

{

"file_size": 28105966,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 22317422,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003",

"timestamp": 1686150139

},

{

"file_size": 28105966,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6387584,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12925885,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003",

"timestamp": 1686150139

},

{

"file_size": 29250286,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7531904,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14070205,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec",

"timestamp": 1686150140

},

{

"file_size": 29250286,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7531904,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14070205,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec",

"timestamp": 1686150140

},

{

"file_size": 29250286,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 23461742,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec",

"timestamp": 1686150140

},

{

"file_size": 58288120,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 41036824,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23548621,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c9812fa79f7c7d3a61f8ed156a3f9047aba84256",

"timestamp": 1686150140

},

{

"file_size": 58288120,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 41036824,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 23548621,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c9812fa79f7c7d3a61f8ed156a3f9047aba84256",

"timestamp": 1686150140

},

{

"file_size": 27151086,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5432704,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11971005,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0",

"timestamp": 1686150140

},

{

"file_size": 27151086,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5432704,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11971005,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0",

"timestamp": 1686150140

},

{

"file_size": 27151086,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 21362542,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0",

"timestamp": 1686150140

},

{

"file_size": 25467630,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3749248,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10287549,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "54553aa667794ecaf466add2eb68115e655bb142",

"timestamp": 1686150142

},

{

"file_size": 25467630,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3749248,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10287549,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "54553aa667794ecaf466add2eb68115e655bb142",

"timestamp": 1686150142

},

{

"file_size": 25467630,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 19679086,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "54553aa667794ecaf466add2eb68115e655bb142",

"timestamp": 1686150142

},

{

"file_size": 24958190,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3239808,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9778109,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe",

"timestamp": 1686150142

},

{

"file_size": 24958190,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 19169646,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe",

"timestamp": 1686150142

},

{

"file_size": 24958190,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3239808,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9778109,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe",

"timestamp": 1686150142

},

{

"file_size": 22632960,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12832781,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17325113,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d9470e93a7f0471df16a93a2df001e35f383b358",

"timestamp": 1686150143

},

{

"file_size": 22632960,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12832781,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17325113,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d9470e93a7f0471df16a93a2df001e35f383b358",

"timestamp": 1686150143

},

{

"file_size": 28521710,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6803328,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13341629,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff",

"timestamp": 1686150146

},

{

"file_size": 28521710,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 22733166,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff",

"timestamp": 1686150146

},

{

"file_size": 28521710,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6803328,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13341629,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff",

"timestamp": 1686150146

},

{

"file_size": 28730094,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7011712,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13550013,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "722d9445761cedf9cf95b00a27484c98b198a087",

"timestamp": 1686150147

},

{

"file_size": 28730094,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 22941550,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "722d9445761cedf9cf95b00a27484c98b198a087",

"timestamp": 1686150147

},

{

"file_size": 28730094,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7011712,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13550013,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "722d9445761cedf9cf95b00a27484c98b198a087",

"timestamp": 1686150147

},

{

"file_size": 19508784,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 14359504,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16198715,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",

"timestamp": 1686150151

},

{

"file_size": 19508784,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 14359504,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16198715,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",

"timestamp": 1686150151

},

{

"file_size": 134656,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4983,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3404,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44",

"timestamp": 1686150153

},

{

"file_size": 134656,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4983,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3404,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44",

"timestamp": 1686150153

},

{

"file_size": 123956,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 35591,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 57145,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4151684c657f55df0fbcf6f23e4ff59a3d434933",

"timestamp": 1686150154

},

{

"file_size": 123956,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 35591,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 57145,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4151684c657f55df0fbcf6f23e4ff59a3d434933",

"timestamp": 1686150154

},

{

"file_size": 89099,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27245,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48799,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6",

"timestamp": 1686150158

},

{

"file_size": 89099,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27245,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48799,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6",

"timestamp": 1686150158

},

{

"file_size": 526968,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 46,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 656,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9a1f873e7ca75688bb3ecf3538c673994ea8f06e",

"timestamp": 1686150159

},

{

"file_size": 526968,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 46,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 656,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9a1f873e7ca75688bb3ecf3538c673994ea8f06e",

"timestamp": 1686150159

},

{

"file_size": 3652720,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1101203,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1128397,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "946bccb4633670592563b838e8905d87d32006c9",

"timestamp": 1686150162

},

{

"file_size": 3652720,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1101203,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1128397,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "946bccb4633670592563b838e8905d87d32006c9",

"timestamp": 1686150162

},

{

"file_size": 9176564,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6268070,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7592405,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "30a5cb71610bf97bb780db06d1c3a685558cef60",

"timestamp": 1686150163

},

{

"file_size": 9176564,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6268070,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7592405,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "30a5cb71610bf97bb780db06d1c3a685558cef60",

"timestamp": 1686150163

},

{

"file_size": 6925744,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4923140,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4887861,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c552441469a45b5342205401366537d43dfbf1c3",

"timestamp": 1686150164

},

{

"file_size": 6925744,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4923140,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4887861,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c552441469a45b5342205401366537d43dfbf1c3",

"timestamp": 1686150164

},

{

"file_size": 7991496,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2569503,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3902224,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9f236dccf15907ee09d04f6c8a451bd42b1d4e2d",

"timestamp": 1686150165

},

{

"file_size": 7991496,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2569503,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3902224,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9f236dccf15907ee09d04f6c8a451bd42b1d4e2d",

"timestamp": 1686150165

},

{

"file_size": 5979364,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4057685,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4165750,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "967fcbf4e10d26548398eec462c166d1df722266",

"timestamp": 1686150165

},

{

"file_size": 5979364,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4057685,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4165750,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "967fcbf4e10d26548398eec462c166d1df722266",

"timestamp": 1686150165

},

{

"file_size": 9728028,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6334598,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6463104,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5d2ee739905d5f78b6e31684f3bb92423647692b",

"timestamp": 1686150166

},

{

"file_size": 9728028,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6334598,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6463104,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5d2ee739905d5f78b6e31684f3bb92423647692b",

"timestamp": 1686150166

},

{

"file_size": 8267816,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5914695,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5870746,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bb7e753018fc4b3c1fdc780a364df59d2e566e67",

"timestamp": 1686150167

},

{

"file_size": 8267816,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5914695,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5870746,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bb7e753018fc4b3c1fdc780a364df59d2e566e67",

"timestamp": 1686150167

},

{

"file_size": 6904424,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4921711,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5569145,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "750679ecdaac688baa60e32674e510f60cac2ba1",

"timestamp": 1686150167

},

{

"file_size": 6904424,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4921711,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5569145,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "750679ecdaac688baa60e32674e510f60cac2ba1",

"timestamp": 1686150167

},

{

"file_size": 8668000,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5790672,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5929530,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8d17ecf99008a1800aa77b798c53f75f34db635f",

"timestamp": 1686150167

},

{

"file_size": 8668000,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5790672,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5929530,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8d17ecf99008a1800aa77b798c53f75f34db635f",

"timestamp": 1686150167

},

{

"file_size": 8020420,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1730444,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1955210,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "098c13f1d5cc4b6038d67874cd2340c470047bde",

"timestamp": 1686150168

},

{

"file_size": 8020420,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1730444,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1955210,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "098c13f1d5cc4b6038d67874cd2340c470047bde",

"timestamp": 1686150168

},

{

"file_size": 9653972,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1796540,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1636817,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "683b6403118d4a672e2f31efef768346320c5d5d",

"timestamp": 1686150169

},

{

"file_size": 9653972,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1796540,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1636817,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "683b6403118d4a672e2f31efef768346320c5d5d",

"timestamp": 1686150169

},

{

"file_size": 5534364,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4320126,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4305821,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2627f11c33033737de957cf52cc29297d0810371",

"timestamp": 1686150169

},

{

"file_size": 5534364,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4320126,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4305821,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2627f11c33033737de957cf52cc29297d0810371",

"timestamp": 1686150169

},

{

"file_size": 10148688,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1961186,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2836228,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9834a9b1ff7edf23552ac4e15464a50ced1f90fa",

"timestamp": 1686150170

},

{

"file_size": 10148688,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1961186,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2836228,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9834a9b1ff7edf23552ac4e15464a50ced1f90fa",

"timestamp": 1686150170

},

{

"file_size": 8828660,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6406510,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6382932,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "48bd69a510ba602c73863ad2afb6b1455e858335",

"timestamp": 1686150170

},

{

"file_size": 8828660,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6406510,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6382932,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "48bd69a510ba602c73863ad2afb6b1455e858335",

"timestamp": 1686150170

},

{

"file_size": 6136097,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 3709386,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "5bc8ccc3bfd1b1c9bb5c14f442c70a32efa61a71",

"timestamp": 1686150172

},

{

"file_size": 19905987,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2216386,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1636129,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09",

"timestamp": 1686150174

},

{

"file_size": 19905987,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2216386,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1636129,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09",

"timestamp": 1686150174

},

{

"file_size": 1215488,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 576416,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "059403186f3a5d4832bd7bf3e137ab532076c37c",

"timestamp": 1686150175

},

{

"file_size": 62215476,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25262900,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 53345796,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "af6b75fe56e8568402c36c11a851c31519729d09",

"timestamp": 1686150176

},

{

"file_size": 62215476,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25262900,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 53345796,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "af6b75fe56e8568402c36c11a851c31519729d09",

"timestamp": 1686150176

},

{

"file_size": 62215476,

"file_type": "Binary/Archive/ZIP",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 53626293,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "af6b75fe56e8568402c36c11a851c31519729d09",

"timestamp": 1686150176

},

{

"file_size": 8790228,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5984952,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7594298,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "791352f0f97961d04505e72dbbc4c90521823212",

"timestamp": 1686150176

},

{

"file_size": 8790228,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5984952,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7594298,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "791352f0f97961d04505e72dbbc4c90521823212",

"timestamp": 1686150176

},

{

"file_size": 3970896,

"file_type": "PE/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1384326,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3217764,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "739c8e7a85bf46ced7d5926d46f5327b03c13e39",

"timestamp": 1686150177

},

{

"file_size": 3970896,

"file_type": "PE/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1384326,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3217764,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "739c8e7a85bf46ced7d5926d46f5327b03c13e39",

"timestamp": 1686150177

},

{

"file_size": 370759,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 120638,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "d15409e85cbcd767078d35da6402415a8786b261",

"timestamp": 1686150178

},

{

"file_size": 19508784,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 14359504,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16198715,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",

"timestamp": 1686150178

},

{

"file_size": 19508784,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 14359504,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16198715,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",

"timestamp": 1686150178

},

{

"file_size": 9376260,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6790310,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7997401,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "69b79a4acbecc8d616965ccde616fbed0bce6bb6",

"timestamp": 1686150180

},

{

"file_size": 9376260,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6790310,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7997401,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "69b79a4acbecc8d616965ccde616fbed0bce6bb6",

"timestamp": 1686150180

},

{

"file_size": 25092884,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3544155,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3318615,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0061d1045777f0d4ffa785a37224981e663cadef",

"timestamp": 1686150187

},

{

"file_size": 25092884,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3544155,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3318615,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0061d1045777f0d4ffa785a37224981e663cadef",

"timestamp": 1686150187

},

{

"file_size": 29217518,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 23428974,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0",

"timestamp": 1686150197

},

{

"file_size": 29217518,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7499136,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14037437,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0",

"timestamp": 1686150197

},

{

"file_size": 29217518,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7499136,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14037437,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0",

"timestamp": 1686150197

},

{

"file_size": 29422318,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7703936,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14242237,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594",

"timestamp": 1686150197

},

{

"file_size": 29422318,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 23633774,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594",

"timestamp": 1686150197

},

{

"file_size": 29422318,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7703936,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14242237,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594",

"timestamp": 1686150197

},

{

"file_size": 25040110,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3321728,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9860029,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229",

"timestamp": 1686150199

},

{

"file_size": 25040110,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 19251566,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229",

"timestamp": 1686150199

},

{

"file_size": 25040110,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3321728,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 9860029,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229",

"timestamp": 1686150199

},

{

"file_size": 28910318,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7191936,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13730237,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64",

"timestamp": 1686150200

},

{

"file_size": 28910318,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7191936,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 13730237,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64",

"timestamp": 1686150200

},

{

"file_size": 28910318,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 23121774,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64",

"timestamp": 1686150200

},

{

"file_size": 32130008,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 977110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 761738,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5",

"timestamp": 1686150201

},

{

"file_size": 32130008,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 977110,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 761738,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5",

"timestamp": 1686150201

},

{

"file_size": 66892302,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3139247,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2558990,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5e440414494a26e2ee213b9b681d867ad39b9f80",

"timestamp": 1686150214

},

{

"file_size": 66892302,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3139247,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2558990,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5e440414494a26e2ee213b9b681d867ad39b9f80",

"timestamp": 1686150214

},

{

"file_size": 166833664,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 143364306,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 146750644,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6adeec98314a2649c39350736d889cd272a391b8",

"timestamp": 1686150221

},

{

"file_size": 166833664,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 143364306,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 146750644,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6adeec98314a2649c39350736d889cd272a391b8",

"timestamp": 1686150221

},

{

"file_size": 138356736,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 113475200,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 116917070,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "eb3c36c843befc50091898fb978f83d45d32e422",

"timestamp": 1686150228

},

{

"file_size": 138356736,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 113475200,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 116917070,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "eb3c36c843befc50091898fb978f83d45d32e422",

"timestamp": 1686150228

},

{

"file_size": 93670,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28715,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50269,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c3a0a929800a0ebe66ac85e6667c6644e872b09d",

"timestamp": 1686150231

},

{

"file_size": 93670,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28715,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 50269,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c3a0a929800a0ebe66ac85e6667c6644e872b09d",

"timestamp": 1686150231

},

{

"file_size": 8553924,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5876359,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6986177,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a3b265af2589cf44aecb2049803a5a4ff84bb202",

"timestamp": 1686150232

},

{

"file_size": 8553924,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5876359,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6986177,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a3b265af2589cf44aecb2049803a5a4ff84bb202",

"timestamp": 1686150232

},

{

"file_size": 88241,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27207,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48761,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c2643a9a4997e6e3e51685cab2f9c6fd4abc7611",

"timestamp": 1686150237

},

{

"file_size": 88241,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27207,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48761,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c2643a9a4997e6e3e51685cab2f9c6fd4abc7611",

"timestamp": 1686150237

},

{

"file_size": 9414708,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6335661,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6370528,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7d304cf9efb664f2ccd968904d504ed8c576e654",

"timestamp": 1686150239

},

{

"file_size": 9414708,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6335661,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6370528,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7d304cf9efb664f2ccd968904d504ed8c576e654",

"timestamp": 1686150239

},

{

"file_size": 10379992,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6814165,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8323239,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0",

"timestamp": 1686150241

},

{

"file_size": 10379992,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6814165,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8323239,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0",

"timestamp": 1686150241

},

{

"file_size": 5250,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2325,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4097,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "630991c60909126d75f94b113fd177180f6712ea",

"timestamp": 1686150245

},

{

"file_size": 5250,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2325,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4097,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "630991c60909126d75f94b113fd177180f6712ea",

"timestamp": 1686150245

},

{

"file_size": 82432,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3828,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4798,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "797c389bd066a4a04c2bce344cb60123443ec81e",

"timestamp": 1686150247

},

{

"file_size": 82432,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3828,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4798,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "797c389bd066a4a04c2bce344cb60123443ec81e",

"timestamp": 1686150247

},

{

"file_size": 111806,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29792,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51346,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8ad9ad7f0468ebd22e0d9e8384c4a107857333a5",

"timestamp": 1686150247

},

{

"file_size": 111806,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29792,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51346,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8ad9ad7f0468ebd22e0d9e8384c4a107857333a5",

"timestamp": 1686150247

},

{

"file_size": 27570,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 15335,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 19448,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1bfc6472d02cab3b91ce506a17d9cad64804871c",

"timestamp": 1686150248

},

{

"file_size": 27570,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 15335,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 19448,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1bfc6472d02cab3b91ce506a17d9cad64804871c",

"timestamp": 1686150248

},

{

"file_size": 450048,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 288291,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 221176,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "111bcee00d7c3d6df8c1420ee0de782eb1937133",

"timestamp": 1686150248

},

{

"file_size": 450048,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 288291,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 221176,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "111bcee00d7c3d6df8c1420ee0de782eb1937133",

"timestamp": 1686150248

},

{

"file_size": 2600888,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2163112,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2014788,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7e32d3bc9afd569852093401de5c4bb5f44b76ff",

"timestamp": 1686150249

},

{

"file_size": 2600888,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2163112,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2014788,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7e32d3bc9afd569852093401de5c4bb5f44b76ff",

"timestamp": 1686150249

},

{

"file_size": 175221,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 35882,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 57436,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "423a146bc73d434a9f39de260f567dd8d0258d47",

"timestamp": 1686150250

},

{

"file_size": 175221,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 35882,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 57436,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "423a146bc73d434a9f39de260f567dd8d0258d47",

"timestamp": 1686150250

},

{

"file_size": 8509312,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6222960,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6167524,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "19b22d0a540bac402aa018c7df49bd97bf02f44a",

"timestamp": 1686150251

},

{

"file_size": 8509312,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6222960,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6167524,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "19b22d0a540bac402aa018c7df49bd97bf02f44a",

"timestamp": 1686150251

},

{

"file_size": 80864416,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2597762,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2017505,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e8a00ce275d0d66559cadb01b10a0ae2d441c60d",

"timestamp": 1686150258

},

{

"file_size": 80864416,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2597762,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2017505,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e8a00ce275d0d66559cadb01b10a0ae2d441c60d",

"timestamp": 1686150258

},

{

"file_size": 20964640,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7215661,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11972784,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e8aeecd01fdf0e1521090598c2180f5cb575f6e6",

"timestamp": 1686150261

},

{

"file_size": 20964640,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7215661,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11972784,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e8aeecd01fdf0e1521090598c2180f5cb575f6e6",

"timestamp": 1686150261

},

{

"file_size": 275456,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5162,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6481,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec",

"timestamp": 1686150261

},

{

"file_size": 275456,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5162,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6481,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec",

"timestamp": 1686150261

},

{

"file_size": 87323,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27477,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49031,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "19f3b61586f5cb7808ed718fae3b99408fcde7b8",

"timestamp": 1686150263

},

{

"file_size": 87323,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27477,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49031,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "19f3b61586f5cb7808ed718fae3b99408fcde7b8",

"timestamp": 1686150263

},

{

"file_size": 12437976,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10483381,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10170287,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bd599890f96bfd2cb617bc1155bd15fc40a084ed",

"timestamp": 1686150266

},

{

"file_size": 12437976,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 10483381,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10170287,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "bd599890f96bfd2cb617bc1155bd15fc40a084ed",

"timestamp": 1686150266

},

{

"file_size": 10148938,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 864896,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14986,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0233a0fec543e6232060515a2e26cc58c2a75623",

"timestamp": 1686150268

},

{

"file_size": 10148938,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 864896,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 14986,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0233a0fec543e6232060515a2e26cc58c2a75623",

"timestamp": 1686150268

},

{

"file_size": 9892620,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6562492,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7558230,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a",

"timestamp": 1686150270

},

{

"file_size": 9892620,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6562492,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 7558230,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a",

"timestamp": 1686150270

},

{

"file_size": 9560808,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6901970,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6907982,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fbcc73b821ae5184783a597050d8ebd62835bfc9",

"timestamp": 1686150270

},

{

"file_size": 9560808,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6901970,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6907982,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fbcc73b821ae5184783a597050d8ebd62835bfc9",

"timestamp": 1686150270

},

{

"file_size": 18831446,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 265862,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12964500,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "25e03817dafe65daaa426190b00318324d21cf71",

"timestamp": 1686150270

},

{

"file_size": 18831446,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 265862,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12964500,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "25e03817dafe65daaa426190b00318324d21cf71",

"timestamp": 1686150270

},

{

"file_size": 8165976,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3933805,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4859118,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f4678063bfee99893461cd18f9ec4556382d102f",

"timestamp": 1686150272

},

{

"file_size": 8165976,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3933805,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4859118,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f4678063bfee99893461cd18f9ec4556382d102f",

"timestamp": 1686150272

},

{

"file_size": 101077,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27765,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49319,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "62ea9191258518515b4be63a7c69a39b918bd28a",

"timestamp": 1686150272

},

{

"file_size": 101077,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27765,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49319,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "62ea9191258518515b4be63a7c69a39b918bd28a",

"timestamp": 1686150272

},

{

"file_size": 8092688,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1464386,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2192617,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e1e78ef90f835f32fb9bd89fc074c22f7748f3e3",

"timestamp": 1686150273

},

{

"file_size": 8092688,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1464386,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2192617,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e1e78ef90f835f32fb9bd89fc074c22f7748f3e3",

"timestamp": 1686150273

},

{

"file_size": 9136128,

"file_type": "PE/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3935869,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3109983,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "48672736929745d0f2716882ccdb099501cb6b1e",

"timestamp": 1686150274

},

{

"file_size": 9136128,

"file_type": "PE/.Net Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3935869,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3109983,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "48672736929745d0f2716882ccdb099501cb6b1e",

"timestamp": 1686150274

},

{

"file_size": 6035544,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2875148,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3522427,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91",

"timestamp": 1686150275

},

{

"file_size": 6035544,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 2875148,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3522427,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91",

"timestamp": 1686150275

},

{

"file_size": 13500336,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11443773,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11133887,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1ceec28970dbdc86c09768fdc2bfa305fce4d261",

"timestamp": 1686150276

},

{

"file_size": 13500336,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 11443773,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11133887,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1ceec28970dbdc86c09768fdc2bfa305fce4d261",

"timestamp": 1686150276

},

{

"file_size": 3376319,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 245960,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 15314,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "efd9d71b0975e5847c4615faf5afc5e9f7210ae3",

"timestamp": 1686150277

},

{

"file_size": 3376319,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 245960,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 15314,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "efd9d71b0975e5847c4615faf5afc5e9f7210ae3",

"timestamp": 1686150277

},

{

"file_size": 103016,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 33875,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 55429,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e412e2c41f29f865786ecf493deafd266c779d88",

"timestamp": 1686150277

},

{

"file_size": 103016,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 33875,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 55429,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e412e2c41f29f865786ecf493deafd266c779d88",

"timestamp": 1686150277

},

{

"file_size": 7885612,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6087984,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6053339,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "80430d7fd0fc7c60d98a89aed4c7bb4495aa6379",

"timestamp": 1686150278

},

{

"file_size": 7885612,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6087984,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6053339,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "80430d7fd0fc7c60d98a89aed4c7bb4495aa6379",

"timestamp": 1686150278

},

{

"file_size": 14178816,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4320653,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5427992,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ebde3e5d4f5dad37d897d676df2240e7e40e08fe",

"timestamp": 1686150278

},

{

"file_size": 14178816,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4320653,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5427992,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ebde3e5d4f5dad37d897d676df2240e7e40e08fe",

"timestamp": 1686150278

},

{

"file_size": 272896,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8053,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6460,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3a1800e643dae8652354dc0e1d09e0fdd010f6a4",

"timestamp": 1686150279

},

{

"file_size": 272896,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 8053,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6460,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3a1800e643dae8652354dc0e1d09e0fdd010f6a4",

"timestamp": 1686150279

},

{

"file_size": 689819,

"file_type": "Document/None/RTF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 533244,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 590406,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5eb3615197888c564cc0190dcb59bc20c7f5cbd9",

"timestamp": 1686150283

},

{

"file_size": 689819,

"file_type": "Document/None/RTF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 533244,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 590406,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "5eb3615197888c564cc0190dcb59bc20c7f5cbd9",

"timestamp": 1686150283

},

{

"file_size": 7179516,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1496148,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1515461,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8a89d0ad8c999e16a2226fddf4096770486212dd",

"timestamp": 1686150284

},

{

"file_size": 7179516,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1496148,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1515461,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8a89d0ad8c999e16a2226fddf4096770486212dd",

"timestamp": 1686150284

},

{

"file_size": 8096528,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5711198,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5832392,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0e753811a1a4bda820926842ce75c4e28c955919",

"timestamp": 1686150287

},

{

"file_size": 8096528,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5711198,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5832392,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0e753811a1a4bda820926842ce75c4e28c955919",

"timestamp": 1686150287

},

{

"file_size": 1766139,

"file_type": "Text/None",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 260148,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 825848,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8a6f27250902702f78938252e2671205790648d4",

"timestamp": 1686150288

},

{

"file_size": 1766139,

"file_type": "Text/None",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 260148,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 825848,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8a6f27250902702f78938252e2671205790648d4",

"timestamp": 1686150288

},

{

"file_size": 10031584,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6627232,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6604495,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8913aed7d56e63add8ed8f65622454ab0b0ed007",

"timestamp": 1686150290

},

{

"file_size": 10031584,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6627232,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6604495,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8913aed7d56e63add8ed8f65622454ab0b0ed007",

"timestamp": 1686150290

},

{

"file_size": 6598488,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1651604,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2536422,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513",

"timestamp": 1686150293

},

{

"file_size": 6598488,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1651604,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2536422,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513",

"timestamp": 1686150293

},

{

"file_size": 8198736,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1724241,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1717079,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2a770424281587e72a70f2b38c6393ee43fcb8fe",

"timestamp": 1686150293

},

{

"file_size": 8198736,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1724241,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1717079,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "2a770424281587e72a70f2b38c6393ee43fcb8fe",

"timestamp": 1686150293

},

{

"file_size": 8041928,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6164307,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6028674,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "58a086af9f4be29846114490255f118299ee9988",

"timestamp": 1686150298

},

{

"file_size": 8041928,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6164307,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6028674,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "58a086af9f4be29846114490255f118299ee9988",

"timestamp": 1686150298

},

{

"file_size": 22636544,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12836365,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17328505,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4a066f4da5351af20dcc6848fcca14ac7237022d",

"timestamp": 1686150304

},

{

"file_size": 22636544,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 12836365,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 17328505,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4a066f4da5351af20dcc6848fcca14ac7237022d",

"timestamp": 1686150304

},

{

"file_size": 31212344,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25069984,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 24741844,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "de4fab5048313f8ea6d87b1821bfc8707463f688",

"timestamp": 1686150308

},

{

"file_size": 31212344,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 25069984,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 24741844,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "de4fab5048313f8ea6d87b1821bfc8707463f688",

"timestamp": 1686150308

},

{

"file_size": 46181234,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28136043,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 340000,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a7dd7dbd677a352cade7696363a2b69827ed9efa",

"timestamp": 1686150316

},

{

"file_size": 46181234,

"file_type": "PE/.Net Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 28136043,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 340000,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a7dd7dbd677a352cade7696363a2b69827ed9efa",

"timestamp": 1686150316

},

{

"file_size": 4268456,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1053136,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1079585,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "55d4bb310cf6f691bf7917630349e60f91e69883",

"timestamp": 1686150328

},

{

"file_size": 4268456,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1053136,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1079585,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "55d4bb310cf6f691bf7917630349e60f91e69883",

"timestamp": 1686150328

},

{

"file_size": 711168,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 22283,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 140714,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1cc796892a6c83da4f9d64c7ac496f48e9e87462",

"timestamp": 1686150331

},

{

"file_size": 711168,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 22283,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 140714,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1cc796892a6c83da4f9d64c7ac496f48e9e87462",

"timestamp": 1686150331

},

{

"file_size": 81041,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26719,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48030,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fac13be0be3051b4ea5dd0299de7297c50eca677",

"timestamp": 1686150331

},

{

"file_size": 81041,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26719,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 48030,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "fac13be0be3051b4ea5dd0299de7297c50eca677",

"timestamp": 1686150331

},

{

"file_size": 2149088,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1486348,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1792360,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "918840817f162ce48336914897b0a2b9e94159c6",

"timestamp": 1686150332

},

{

"file_size": 2149088,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1486348,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1792360,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "918840817f162ce48336914897b0a2b9e94159c6",

"timestamp": 1686150332

},

{

"file_size": 83456,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3829,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4736,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7d2d0a954430071976be168e02000021fe3f8d47",

"timestamp": 1686150334

},

{

"file_size": 83456,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3829,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4736,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7d2d0a954430071976be168e02000021fe3f8d47",

"timestamp": 1686150334

},

{

"file_size": 81703,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29471,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51025,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0de6b65809ff0a806b84af7878f46ab7b0961e58",

"timestamp": 1686150335

},

{

"file_size": 81703,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 29471,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 51025,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "0de6b65809ff0a806b84af7878f46ab7b0961e58",

"timestamp": 1686150335

},

{

"file_size": 1986332,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1489941,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1578610,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "cefdbcf177848c3dbc4660ffa92e0971429717e6",

"timestamp": 1686150335

},

{

"file_size": 1986332,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1489941,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1578610,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "cefdbcf177848c3dbc4660ffa92e0971429717e6",

"timestamp": 1686150335

},

{

"file_size": 454144,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 282176,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 220548,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e4794fefadbba8fcb81540281ccccb949cccd828",

"timestamp": 1686150336

},

{

"file_size": 454144,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 282176,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 220548,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "e4794fefadbba8fcb81540281ccccb949cccd828",

"timestamp": 1686150336

},

{

"file_size": 18366038,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7030388,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12499092,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "b8c11b6867eaec662e5217df5c861393fa6220e6",

"timestamp": 1686150336

},

{

"file_size": 18366038,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7030388,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12499092,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "b8c11b6867eaec662e5217df5c861393fa6220e6",

"timestamp": 1686150336

},

{

"file_size": 8588884,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6284895,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6248087,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d9a5feabf05c02918500526e08a432cee2b65615",

"timestamp": 1686150337

},

{

"file_size": 8588884,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6284895,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6248087,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d9a5feabf05c02918500526e08a432cee2b65615",

"timestamp": 1686150337

},

{

"file_size": 9326836,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6567307,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6759624,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "dfb89e0653f80361906802592cd76c3dfbbe0881",

"timestamp": 1686150337

},

{

"file_size": 9326836,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6567307,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6759624,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "dfb89e0653f80361906802592cd76c3dfbbe0881",

"timestamp": 1686150337

},

{

"file_size": 150057,

"file_type": "Document/None/PDF",

"rule": [

{

"identifier": "ExampleRule",

"matched_data": [

{

"match_offset": 116422,

"matched_string": "dGV4dCBoZXJl\n",

"string_identifier": "JG15X3RleHRfc3RyaW5n\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset2",

"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",

"sample_available": false,

"sha1": "db9a5761f9beda80273964d79aa8bf589ea00f9d",

"timestamp": 1686150338

},

{

"file_size": 101408,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27646,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49200,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "920811cc5d0f3a9218886cc0c35f60793859ccff",

"timestamp": 1686150340

},

{

"file_size": 101408,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 27646,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 49200,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "920811cc5d0f3a9218886cc0c35f60793859ccff",

"timestamp": 1686150340

},

{

"file_size": 17661014,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6325364,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11794068,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "86e5a6461a4c70641f1d9f05b363a6ee9ad9e967",

"timestamp": 1686150341

},

{

"file_size": 17661014,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6325364,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11794068,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "86e5a6461a4c70641f1d9f05b363a6ee9ad9e967",

"timestamp": 1686150341

},

{

"file_size": 17709654,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6374004,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11842708,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d0286f449fe9b310149eba7c643ef32980b20c0a",

"timestamp": 1686150343

},

{

"file_size": 17709654,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6374004,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 11842708,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d0286f449fe9b310149eba7c643ef32980b20c0a",

"timestamp": 1686150343

},

{

"file_size": 18516054,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7180404,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12649108,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a629d0a626ea29b61a59fa12f74ecae92f111d2b",

"timestamp": 1686150345

},

{

"file_size": 18516054,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7180404,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12649108,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "a629d0a626ea29b61a59fa12f74ecae92f111d2b",

"timestamp": 1686150345

},

{

"file_size": 13872608,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9059948,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8952253,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9583081e5b7c0f4f74b2222a23fc058d667ab595",

"timestamp": 1686150351

},

{

"file_size": 13872608,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9059948,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8952253,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9583081e5b7c0f4f74b2222a23fc058d667ab595",

"timestamp": 1686150351

},

{

"file_size": 82432,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3812,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4691,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "39d12fff02df078867efb755f7353480b5f6c0bc",

"timestamp": 1686150357

},

{

"file_size": 82432,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3812,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4691,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "39d12fff02df078867efb755f7353480b5f6c0bc",

"timestamp": 1686150357

},

{

"file_size": 2272971,

"file_type": "Text/None",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 74664,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 619547,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "67c71d50582dea8fedfe6a3b234936a626ffaeb2",

"timestamp": 1686150357

},

{

"file_size": 2272971,

"file_type": "Text/None",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 74664,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 619547,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "67c71d50582dea8fedfe6a3b234936a626ffaeb2",

"timestamp": 1686150357

},

{

"file_size": 8879376,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5745648,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5751012,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1a773ba334a1fc0f818bbd42f77a4e1d946065a9",

"timestamp": 1686150360

},

{

"file_size": 8879376,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5745648,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5751012,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1a773ba334a1fc0f818bbd42f77a4e1d946065a9",

"timestamp": 1686150360

},

{

"file_size": 7755441,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 406771,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 21825,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "812184db6861a00260557e33605b51d0042ff585",

"timestamp": 1686150360

},

{

"file_size": 7755441,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 406771,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 21825,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "812184db6861a00260557e33605b51d0042ff585",

"timestamp": 1686150360

},

{

"file_size": 5618928,

"file_type": "MachO32 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3904124,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4378424,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d1b2e67d1e6066e353d169cfcdcb67b76360ad94",

"timestamp": 1686150361

},

{

"file_size": 5618928,

"file_type": "MachO32 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3904124,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4378424,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "d1b2e67d1e6066e353d169cfcdcb67b76360ad94",

"timestamp": 1686150361

},

{

"file_size": 7870848,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5851887,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5929958,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "350122e4dba72eec4fcf1b5b91d172335c85d7a9",

"timestamp": 1686150369

},

{

"file_size": 7870848,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5851887,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5929958,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "350122e4dba72eec4fcf1b5b91d172335c85d7a9",

"timestamp": 1686150369

},

{

"file_size": 8173600,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5940668,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5601532,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ecc1080cc4303734260b958a79cefb40ae6d0153",

"timestamp": 1686150372

},

{

"file_size": 8173600,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 5940668,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5601532,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "ecc1080cc4303734260b958a79cefb40ae6d0153",

"timestamp": 1686150372

},

{

"file_size": 366711,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 83827,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 363899,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "cf2f0e2acfc86560055a39013db63285b1d78a03",

"timestamp": 1686150388

},

{

"file_size": 366711,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 83827,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 363899,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "cf2f0e2acfc86560055a39013db63285b1d78a03",

"timestamp": 1686150388

},

{

"file_size": 9487360,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6897389,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6936885,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4106e8b239bb92d9fa524b3a6d667c7115b0b666",

"timestamp": 1686150401

},

{

"file_size": 9487360,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6897389,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6936885,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4106e8b239bb92d9fa524b3a6d667c7115b0b666",

"timestamp": 1686150401

},

{

"file_size": 58555814,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1184014,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10951600,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7c14bdf271b74f35da06091594293c7502c82107",

"timestamp": 1686150401

},

{

"file_size": 58555814,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1184014,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 10951600,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "7c14bdf271b74f35da06091594293c7502c82107",

"timestamp": 1686150401

},

{

"file_size": 366706,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 83826,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 363894,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "52a6a217b72415fc38bde13c0f077e47671a7845",

"timestamp": 1686150410

},

{

"file_size": 366706,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 83826,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 363894,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "52a6a217b72415fc38bde13c0f077e47671a7845",

"timestamp": 1686150410

},

{

"file_size": 21275520,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7310445,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12111641,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9dc59205f47be9eac8046b5b259f2ccf65ceddc6",

"timestamp": 1686150414

},

{

"file_size": 21275520,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7310445,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12111641,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "9dc59205f47be9eac8046b5b259f2ccf65ceddc6",

"timestamp": 1686150414

},

{

"file_size": 86684,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 34414,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 55968,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4120782b6b598f4a7e95b4c480c791cffe37a268",

"timestamp": 1686150422

},

{

"file_size": 86684,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 34414,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 55968,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4120782b6b598f4a7e95b4c480c791cffe37a268",

"timestamp": 1686150422

},

{

"file_size": 5327272,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3979083,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2767474,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "eb86c40eb9e7de2c827db61b705530e5945c4562",

"timestamp": 1686150442

},

{

"file_size": 5327272,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3979083,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2767474,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "eb86c40eb9e7de2c827db61b705530e5945c4562",

"timestamp": 1686150442

},

{

"file_size": 1686113,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 192055,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16350,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8d02b28113241f8c6bb4f6313a19950876eca116",

"timestamp": 1686150448

},

{

"file_size": 1686113,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 192055,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 16350,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "8d02b28113241f8c6bb4f6313a19950876eca116",

"timestamp": 1686150448

},

{

"file_size": 35515,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 34829,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 22757,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4767545f40d35fbfee5bbd359fe6be615e679ff9",

"timestamp": 1686150452

},

{

"file_size": 35515,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 34829,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 22757,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4767545f40d35fbfee5bbd359fe6be615e679ff9",

"timestamp": 1686150452

},

{

"file_size": 7892976,

"file_type": "ELF64 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3577820,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3615204,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "94c89fd87cf33f18c9b1783bb133633aa5b28234",

"timestamp": 1686150454

},

{

"file_size": 7892976,

"file_type": "ELF64 Little/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3577820,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 3615204,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "94c89fd87cf33f18c9b1783bb133633aa5b28234",

"timestamp": 1686150454

},

{

"file_size": 242700,

"file_type": "Document/None/RTF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31895,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 41619,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3d526a12778e918e2350d23aa02bfa7cd2c448d0",

"timestamp": 1686150455

},

{

"file_size": 242700,

"file_type": "Document/None/RTF",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 31895,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 41619,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3d526a12778e918e2350d23aa02bfa7cd2c448d0",

"timestamp": 1686150455

},

{

"file_size": 7525504,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1861301,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1676862,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "b2eed81dd77100042b7e918b4f5cacc2d6444aa6",

"timestamp": 1686150455

},

{

"file_size": 7525504,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 1861301,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1676862,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "b2eed81dd77100042b7e918b4f5cacc2d6444aa6",

"timestamp": 1686150455

},

{

"file_size": 74127,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26665,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 47554,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c1ad6cf9c783302cedf77c209ae4d5a11d05b07f",

"timestamp": 1686150464

},

{

"file_size": 74127,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 26665,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 47554,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "c1ad6cf9c783302cedf77c209ae4d5a11d05b07f",

"timestamp": 1686150464

},

{

"file_size": 6306744,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4682682,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5358994,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1fa90eebb148c20a065f0a78d5794f00c7bb51a4",

"timestamp": 1686150481

},

{

"file_size": 6306744,

"file_type": "DEX/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 4682682,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 5358994,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "1fa90eebb148c20a065f0a78d5794f00c7bb51a4",

"timestamp": 1686150481

},

{

"file_size": 8729572,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3118958,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2893418,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6eebfafb77dac46dd9a0541cbd719f59d18ae74a",

"timestamp": 1686150486

},

{

"file_size": 8729572,

"file_type": "PE/Exe/NSIS",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3118958,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 2893418,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6eebfafb77dac46dd9a0541cbd719f59d18ae74a",

"timestamp": 1686150486

},

{

"file_size": 662567,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 467856,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 24033,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4273c4cdb874a9caeddfb76f5e712480246928a6",

"timestamp": 1686150489

},

{

"file_size": 662567,

"file_type": "Email/None/MIME",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 467856,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 24033,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4273c4cdb874a9caeddfb76f5e712480246928a6",

"timestamp": 1686150489

},

{

"file_size": 366703,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 83825,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 363891,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4791aa7a9d8123b974c9b3e41fc3269bfa287c28",

"timestamp": 1686150489

},

{

"file_size": 366703,

"file_type": "Text/HTML/HTML",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 83825,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 363891,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "4791aa7a9d8123b974c9b3e41fc3269bfa287c28",

"timestamp": 1686150489

},

{

"file_size": 18824790,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 259206,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12957844,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3d779c8998dfba56449ad09dbd24db692d2b6528",

"timestamp": 1686150490

},

{

"file_size": 18824790,

"file_type": "PE/Dll",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 259206,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 12957844,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "3d779c8998dfba56449ad09dbd24db692d2b6528",

"timestamp": 1686150490

},

{

"file_size": 8471556,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7414380,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6887310,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f10efe378fb0fa90ca1ee5dcdfee615b1473a74e",

"timestamp": 1686150490

},

{

"file_size": 8471556,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 7414380,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 6887310,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "f10efe378fb0fa90ca1ee5dcdfee615b1473a74e",

"timestamp": 1686150490

},

{

"file_size": 81408,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3819,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4611,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "76c28f712820786cbe6cbeb7f9789480a7ac3b23",

"timestamp": 1686150491

},

{

"file_size": 81408,

"file_type": "Binary/Archive/Compound",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 3819,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 4611,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "76c28f712820786cbe6cbeb7f9789480a7ac3b23",

"timestamp": 1686150491

},

{

"file_size": 13890720,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9051048,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8736852,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "121299e36826d127762d70605c78118223be66a3",

"timestamp": 1686150497

},

{

"file_size": 13890720,

"file_type": "PE+/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 9051048,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 8736852,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "121299e36826d127762d70605c78118223be66a3",

"timestamp": 1686150497

},

{

"file_size": 18482183,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6662509,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1459423,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "SuperHunt",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6010aef2725e64cdeab0e91df479bf0e0a7be14c",

"timestamp": 1686150499

},

{

"file_size": 18482183,

"file_type": "PE/Exe",

"rule": [

{

"identifier": "Example",

"matched_data": [

{

"match_offset": 6662509,

"matched_string": "cGF5\n",

"string_identifier": "JHN0cmluZzE=\n"

},

{

"match_offset": 1459423,

"matched_string": "aW1tZWRpYXRlbHk=\n",

"string_identifier": "JHN0cmluZzI=\n"

}

],

"meta": [],

"tag": []

}

],

"ruleset_name": "ruleset1",

"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",

"sample_available": false,

"sha1": "6010aef2725e64cdeab0e91df479bf0e0a7be14c",

"timestamp": 1686150499

}

],

"last_timestamp": 1686150499,

"name": "YARA Match Continuous Feed",

"time_range": {

"from": "Wed, 07 Jun 2023 14:55:26 +0000",

"to": "Wed, 07 Jun 2023 15:08:19 +0000"

}

}

}

}

}

}

Human Readable Output

ReversingLabs YARA Matches Feed for time value 1686149726

Last timestamp: 1686150499 From: Wed, 07 Jun 2023 14:55:26 +0000 To: Wed, 07 Jun 2023 15:08:19 +0000

Entries

file_size	file_type	rule	ruleset_name	ruleset_sha1	sample_available	sha1	timestamp
3276768	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	6c9a7e771632738a4d86e8211be63306b3c31739	1686149729
3276768	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	6c9a7e771632738a4d86e8211be63306b3c31739	1686149729
700972	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327393, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9	1686149748
700972	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327393, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9	1686149748
701035	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327456, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	327da64e3c8bd70b5868a11b90345ffb83faf169	1686149771
701035	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327456, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	327da64e3c8bd70b5868a11b90345ffb83faf169	1686149771
2495206	PE/Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 1508164, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	8b16533fe15079a2797c5edb655e7faa0136a2c3	1686149775
136068	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90723, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 126493, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	4b69b90535fffc35b944af09c4fecd1ea45bdf03	1686149791
136068	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90723, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 126493, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	4b69b90535fffc35b944af09c4fecd1ea45bdf03	1686149791
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	9833e067786155c711abd4748f0134dce2a50f70	1686149812
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	9833e067786155c711abd4748f0134dce2a50f70	1686149812
60165	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7	1686149812
60165	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7	1686149812
348160	PE/Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	8a5f73ba3d164d764f3247e1a4d8910f1c82118e	1686149813
2032952	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1691838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1680161, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3ef76796bc39440ff9e380ee0870e082a7d4d827	1686149813
2032952	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1691838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1680161, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3ef76796bc39440ff9e380ee0870e082a7d4d827	1686149813
152263	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108863, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 66000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	672718e4181413228e56e9aca75af311e5113b34	1686149815
152263	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108863, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 66000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	672718e4181413228e56e9aca75af311e5113b34	1686149815
3594552	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2695368, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2746903, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3c1e2700b7b75d6f064f1a4cd92348cbbd12445e	1686149821
3594552	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2695368, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2746903, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3c1e2700b7b75d6f064f1a4cd92348cbbd12445e	1686149821
629694	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 195141, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 142128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	689fa08d967cd23c51d86f5f31245b2c4b4cb8f4	1686149825
629694	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 195141, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 142128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	689fa08d967cd23c51d86f5f31245b2c4b4cb8f4	1686149825
60165	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7	1686149825
60165	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7	1686149825
7876608	ELF64 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	be246b1372fc383087a49f7b217d57f60a91282e	1686149830
7876608	ELF64 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	be246b1372fc383087a49f7b217d57f60a91282e	1686149830
163095	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92470, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152391, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	38351d1f1fd246eed1a5319c70e6db239cf08961	1686149832
163095	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92470, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152391, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	38351d1f1fd246eed1a5319c70e6db239cf08961	1686149832
4435792	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8c2ac756b84dad335730361f0ae794d427f59ac8	1686149840
4435792	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8c2ac756b84dad335730361f0ae794d427f59ac8	1686149840
118346	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16163, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 93519, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	33b343dbf5e945badbde855fccd9d41cc6721b57	1686149841
118346	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16163, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 93519, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	33b343dbf5e945badbde855fccd9d41cc6721b57	1686149841
421625	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 254252, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 61027, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	97de77df7de1563a15054f68142f815b4df26ef8	1686149841
421625	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 254252, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 61027, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	97de77df7de1563a15054f68142f815b4df26ef8	1686149841
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	6c4a87910eafb345ad3b07f13dced51376ccc93f	1686149842
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	6c4a87910eafb345ad3b07f13dced51376ccc93f	1686149842
4091720	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1530891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1420528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	f0a94f8d3ba71b06bc7a463241233c2db1cf4a36	1686149842
4091720	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1530891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1420528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	f0a94f8d3ba71b06bc7a463241233c2db1cf4a36	1686149842
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	5c880504fedd3ee67d06ecb36ef7247a6b26cd48	1686149844
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	5c880504fedd3ee67d06ecb36ef7247a6b26cd48	1686149844
151754	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108353, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	1a9bc0dd119fa6b5b15042468d54a26cccccbeaa	1686149844
151754	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108353, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	1a9bc0dd119fa6b5b15042468d54a26cccccbeaa	1686149844
151042	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 107641, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65289, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8	1686149844
151042	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 107641, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65289, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8	1686149844
6321416	ELF64 Little/SO	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 361578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 283948, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7	1686149845
6321416	ELF64 Little/SO	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 361578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 283948, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7	1686149845
7876608	ELF64 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	be246b1372fc383087a49f7b217d57f60a91282e	1686149847
7876608	ELF64 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	be246b1372fc383087a49f7b217d57f60a91282e	1686149847
154712	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111318, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	846e91cbdccfbacf3790aaaa5aad6357394ec328	1686149848
154712	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111318, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	846e91cbdccfbacf3790aaaa5aad6357394ec328	1686149848
2037575	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 700877, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1730255, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	66ea67dd377be2868f91cada78056d679c37ad14	1686149849
2037575	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 700877, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1730255, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	66ea67dd377be2868f91cada78056d679c37ad14	1686149849
4435792	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8c2ac756b84dad335730361f0ae794d427f59ac8	1686149849
4435792	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8c2ac756b84dad335730361f0ae794d427f59ac8	1686149849
25735	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	2983e913f00f2919c3ef8af5984fc1d4165ef459	1686149851
25735	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	2983e913f00f2919c3ef8af5984fc1d4165ef459	1686149851
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	94d4edb7622aa1bc73976a43641f0f7aa673e515	1686149851
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	94d4edb7622aa1bc73976a43641f0f7aa673e515	1686149851
5899328	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3609590, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3648212, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	1e005a0d0a4e445a22845e20f507c9986ab8c981	1686149855
5899328	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3609590, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3648212, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	1e005a0d0a4e445a22845e20f507c9986ab8c981	1686149855
477009	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 117834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	c4362fdfb7e929c0befe19e1fdbb503e340713ef	1686149858
477009	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 117834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	c4362fdfb7e929c0befe19e1fdbb503e340713ef	1686149858
146948	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 103548, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60815, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	6aca08c08a657c545ca575cc33e124e0e38f8730	1686149865
146948	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 103548, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60815, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	6aca08c08a657c545ca575cc33e124e0e38f8730	1686149865
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	042e4cb27fc3d6fd7c73e3a217a872495a05c90a	1686149866
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	042e4cb27fc3d6fd7c73e3a217a872495a05c90a	1686149866
739873	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	2a8b44ff48c01cb281e6fc55079211d061ead5c5	1686149873
739873	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	2a8b44ff48c01cb281e6fc55079211d061ead5c5	1686149873
1001023	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	f5d3401062623204bff214eef2887ca59171fc8d	1686149874
1001023	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	f5d3401062623204bff214eef2887ca59171fc8d	1686149874
344860	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227575, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0	1686149875
344860	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227575, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0	1686149875
6738008	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2615445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2651672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3ac8e4d7748a9ca0affb66f81978d33e683c4814	1686149879
6738008	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2615445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2651672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3ac8e4d7748a9ca0affb66f81978d33e683c4814	1686149879
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	dc5645d2051ac4aac468e02b4ebf62628a73605f	1686149880
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	dc5645d2051ac4aac468e02b4ebf62628a73605f	1686149880
6343328	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4122595, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4778117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	2db6a690c35f5f29fc0986760df02acf70d67abf	1686149881
6343328	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4122595, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4778117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	2db6a690c35f5f29fc0986760df02acf70d67abf	1686149881
154231	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3af52ef8aff5735d794cb2611de951f786961c03	1686149900
154231	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3af52ef8aff5735d794cb2611de951f786961c03	1686149900
739903	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	e4965ce5cd511a3efd00a2caba635bfab3f4e805	1686149921
739903	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	e4965ce5cd511a3efd00a2caba635bfab3f4e805	1686149921
5685433	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 150959, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2075729, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	6974c8390c179c1a4a9dca8947a1f2378852faad	1686149931
5685433	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 150959, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2075729, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	6974c8390c179c1a4a9dca8947a1f2378852faad	1686149931
11163136	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9002020, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8469401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	07a157e4e612f74d0b01b2844eca8afdc2a43955	1686149931
11163136	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9002020, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8469401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	07a157e4e612f74d0b01b2844eca8afdc2a43955	1686149931
1408268	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	440bb2c50ba55eebe34ef8a4e201a17144bd5bc2	1686149934
1408268	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	440bb2c50ba55eebe34ef8a4e201a17144bd5bc2	1686149934
2397377	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 91153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1061201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	6cea94c3692b8930e8a4991d94810f01dffafd47	1686149935
2397377	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 91153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1061201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	6cea94c3692b8930e8a4991d94810f01dffafd47	1686149935
22505546	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4456790, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3991479, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8d8af50cf52f96e217de076f925b6bc41f8d0ec5	1686149935
22505546	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4456790, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3991479, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8d8af50cf52f96e217de076f925b6bc41f8d0ec5	1686149935
42817592	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30365472, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 40659304, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb	1686149945
42817592	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30365472, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 40659304, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb	1686149945
31211008	PE+/Exe/QTinstaller	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16799441, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16899630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8cd67cceebf916ebc1dfa0f3caac9941d2da7318	1686149953
31211008	PE+/Exe/QTinstaller	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16799441, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16899630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8cd67cceebf916ebc1dfa0f3caac9941d2da7318	1686149953
173951	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28226, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc	1686149961
173951	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28226, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc	1686149961
1001232	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	81722e46258f2181c4488ed7e4e016465a054df5	1686149962
1001232	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	81722e46258f2181c4488ed7e4e016465a054df5	1686149962
1408625	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	e497ae5b73b87142c68aa32ca6c8ddc0384a3279	1686149962
1408625	Text/Go	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	e497ae5b73b87142c68aa32ca6c8ddc0384a3279	1686149962
3276768	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	d6a75b67f5d2e46acd4429b58e972867e9cd5d3a	1686149979
3276768	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	d6a75b67f5d2e46acd4429b58e972867e9cd5d3a	1686149979
91161	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50403, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	9dcc23c9b21440ad706a182c116309563cd3ffdd	1686149982
91161	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50403, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	9dcc23c9b21440ad706a182c116309563cd3ffdd	1686149982
10193920	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8189124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8246307, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3d30c8a0198738772f116ae497f63a98e3860397	1686149986
10193920	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8189124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8246307, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3d30c8a0198738772f116ae497f63a98e3860397	1686149986
10953728	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8832644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8334233, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	688225294de1ce81a0b86856e9473a44d79cb2c7	1686149992
10953728	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8832644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8334233, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	688225294de1ce81a0b86856e9473a44d79cb2c7	1686149992
13879776	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9063260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8955389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	6b2579402e748c7ca1efe1f9bb1829b935e2e7a3	1686149994
13879776	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9063260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8955389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	6b2579402e748c7ca1efe1f9bb1829b935e2e7a3	1686149994
24079793	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18057198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8412693, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	1f43bab8c6957fa362fb90c9729c1916eab2bcd0	1686150002
24079793	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18057198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8412693, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	1f43bab8c6957fa362fb90c9729c1916eab2bcd0	1686150002
6474752	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533793, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	4cde41ec566dfd3b8bc329e318c4f17e2b4f4829	1686150005
6474752	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533793, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	4cde41ec566dfd3b8bc329e318c4f17e2b4f4829	1686150005
932698	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 326870, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54869, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	2cbeabd2324a2a2d98c144c6d884e587223e2ec6	1686150015
932698	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 326870, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54869, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	2cbeabd2324a2a2d98c144c6d884e587223e2ec6	1686150015
72837	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 19785, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 43263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	c7d16b5e7cf3bfff42d2247043551c4175d61d20	1686150016
72837	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 19785, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 43263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	c7d16b5e7cf3bfff42d2247043551c4175d61d20	1686150016
36540577	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3889929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16366923, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	a805ed283e310974d552b3b322b4f18891255757	1686150017
36540577	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3889929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16366923, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	a805ed283e310974d552b3b322b4f18891255757	1686150017
5047332	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	546ddfb350387e7df8ca8266f8b2b038c7eef2d3	1686150017
5047332	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	546ddfb350387e7df8ca8266f8b2b038c7eef2d3	1686150017
24901120	PE+/Exe/QTinstaller	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14371897, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14466070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	fd39aae727a929c51b958ee707c238bfb473ad15	1686150022
24901120	PE+/Exe/QTinstaller	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14371897, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14466070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	fd39aae727a929c51b958ee707c238bfb473ad15	1686150022
34397761	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6212556, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12877011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	1b67acf2821d6fef6927fc280bc43d62c10f3453	1686150023
34397761	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6212556, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12877011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	1b67acf2821d6fef6927fc280bc43d62c10f3453	1686150023
15989124	Binary/Archive/ZIP	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 12610545, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	fbeba4bc92ad9ef8a63969244cefd0a89a82faca	1686150024
30287982	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26848016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26812902, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	6b0fbcfd179386a5843a327f505fc9792d0ceb73	1686150026
30287982	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26848016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26812902, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	6b0fbcfd179386a5843a327f505fc9792d0ceb73	1686150026
9734975	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3297128, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3361389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8710a30f251eb354a10b9b3ded8f39dcb2511270	1686150030
9734975	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3297128, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3361389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8710a30f251eb354a10b9b3ded8f39dcb2511270	1686150030
36550757	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3894018, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16377103, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	2d01a780e7061977aa595ed1ab064a64ca72673f	1686150034
36550757	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3894018, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16377103, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	2d01a780e7061977aa595ed1ab064a64ca72673f	1686150034
30241965	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1270683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19094887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	e73e925688406110576d482b6349f6b4abf6e791	1686150034
30241965	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1270683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19094887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	e73e925688406110576d482b6349f6b4abf6e791	1686150034
1159176	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 917880, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1076516, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	75de010f85713ee4d027ad3b425d8810b83e26c5	1686150036
1159176	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 917880, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1076516, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	75de010f85713ee4d027ad3b425d8810b83e26c5	1686150036
932902	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 216644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	69d5e05c0d3120adbf821c2c81745278e84af7bb	1686150036
932902	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 216644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	69d5e05c0d3120adbf821c2c81745278e84af7bb	1686150036
9079296	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6536009, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6512841, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	d8abe35af92e46e46ba9279fe6026b44680e4c24	1686150040
9079296	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6536009, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6512841, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	d8abe35af92e46e46ba9279fe6026b44680e4c24	1686150040
36641188	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3930181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16467533, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	013bd97c6dedc7caabd9b4a867374ae3b0ac264c	1686150043
36641188	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3930181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16467533, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	013bd97c6dedc7caabd9b4a867374ae3b0ac264c	1686150043
34865877	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13375873, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 34219704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3aa2b177f8a825c6b13e4599eb6958557835926a	1686150046
34865877	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13375873, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 34219704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3aa2b177f8a825c6b13e4599eb6958557835926a	1686150046
57024799	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11320886, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48226201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b	1686150048
57024799	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11320886, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48226201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b	1686150048
348160	PE/Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	68000a66e0df17b4742280453a78dbd56240d1ee	1686150052
2395811	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1060182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7	1686150054
2395811	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1060182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7	1686150054
36590144	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3909772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16416489, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	4cdaa1a635a89f003730568320dd1843b0b4eb9b	1686150060
36590144	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3909772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16416489, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	4cdaa1a635a89f003730568320dd1843b0b4eb9b	1686150060
36515211	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3879798, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16341556, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3354aa087f5e69e2514eb45f86481e3b48dd8c71	1686150061
36515211	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3879798, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16341556, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3354aa087f5e69e2514eb45f86481e3b48dd8c71	1686150061
33694294	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23513731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24426219, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	b530c39a703be42f39ea9b0871269121fde6889f	1686150062
33694294	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23513731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24426219, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	b530c39a703be42f39ea9b0871269121fde6889f	1686150062
36537740	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3888816, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16364086, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	33fb0fe07bf41fecddca87af88764a6133dadd47	1686150065
36537740	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3888816, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16364086, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	33fb0fe07bf41fecddca87af88764a6133dadd47	1686150065
36770403	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3981874, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16596748, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	fff92cc57a76f6fd2fb1a9f83323935488263d20	1686150067
36770403	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3981874, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16596748, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	fff92cc57a76f6fd2fb1a9f83323935488263d20	1686150067
58043690	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11416838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11383531, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc	1686150088
58043690	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11416838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11383531, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc	1686150088
43296371	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2845294, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 36059397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	82b57851ed6f20a92ee947f7475ba2f1483fbe40	1686150095
43296371	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2845294, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 36059397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	82b57851ed6f20a92ee947f7475ba2f1483fbe40	1686150095
928842	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 50772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 106169, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce	1686150097
928842	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 50772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 106169, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce	1686150097
932389	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331131, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50692, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3857f93365c892ca7633a9c53730d6bc1d831a0f	1686150102
932389	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331131, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50692, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3857f93365c892ca7633a9c53730d6bc1d831a0f	1686150102
928275	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 323826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51157, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	5c92ee4a922e8257741a8147f427470ec1fb2cc7	1686150102
928275	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 323826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51157, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	5c92ee4a922e8257741a8147f427470ec1fb2cc7	1686150102
932276	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 124645, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 684889, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	65dd53f03df7c7fc23c681906bc82faef89b6229	1686150102
932276	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 124645, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 684889, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	65dd53f03df7c7fc23c681906bc82faef89b6229	1686150102
36531162	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3886168, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16357507, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	4a50c617873f2fe6d95c80c122ed16c47a1418e1	1686150102
36531162	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3886168, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16357507, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	4a50c617873f2fe6d95c80c122ed16c47a1418e1	1686150102
931071	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	5f98263a56a793c9a5b1eb4137b241b3f2b3a92f	1686150103
931071	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	5f98263a56a793c9a5b1eb4137b241b3f2b3a92f	1686150103
7549400	ELF32 Little/SO	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 313894, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 370505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	33c1abb22a7c450ec7a56d86ed55f2309033a1ad	1686150103
7549400	ELF32 Little/SO	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 313894, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 370505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	33c1abb22a7c450ec7a56d86ed55f2309033a1ad	1686150103
1331824	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 913341, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 824258, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	0a67ebac16528d81e4d4a57c24f5ec98bffe78ba	1686150104
1331824	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 913341, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 824258, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	0a67ebac16528d81e4d4a57c24f5ec98bffe78ba	1686150104
968667	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495188, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	388a688ff5360dc566ae1e02c5744423b1474a8c	1686150104
968667	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495188, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	388a688ff5360dc566ae1e02c5744423b1474a8c	1686150104
931717	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 423260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51749, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3ea76a30076f6773a77a0d38cb4329bb87ccdca6	1686150105
931717	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 423260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51749, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3ea76a30076f6773a77a0d38cb4329bb87ccdca6	1686150105
8185728	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6588985, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7149558, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	f9042e40b9e538738ff824c1ab905857b9cdc83d	1686150106
8185728	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6588985, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7149558, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	f9042e40b9e538738ff824c1ab905857b9cdc83d	1686150106
930985	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 322357, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50952, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	6beac76e3513c3e844b4a273ee08a7489a850526	1686150106
930985	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 322357, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50952, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	6beac76e3513c3e844b4a273ee08a7489a850526	1686150106
926603	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47177, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 694431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	c8cef867ea206871eb64383f00f2fabaadb7c276	1686150109
926603	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47177, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 694431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	c8cef867ea206871eb64383f00f2fabaadb7c276	1686150109
935797	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 138034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 342929, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	73dafc4fdeb216048d15665f036646f99af73913	1686150109
935797	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 138034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 342929, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	73dafc4fdeb216048d15665f036646f99af73913	1686150109
931560	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 51372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 609695, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	0123930e0a777ee12c0a73cf035b5bd7f779ec85	1686150109
931560	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 51372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 609695, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	0123930e0a777ee12c0a73cf035b5bd7f779ec85	1686150109
935998	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338376, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59214, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4	1686150110
935998	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338376, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59214, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4	1686150110
933412	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 43451, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 185008, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	101516f0f938f540ac87d4f88875c39c267ea29e	1686150112
933412	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 43451, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 185008, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	101516f0f938f540ac87d4f88875c39c267ea29e	1686150112
6701832	PE+/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	d194592f1c5946d2d49bc657e9924290ce2e2d2e	1686150114
6701832	PE+/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	d194592f1c5946d2d49bc657e9924290ce2e2d2e	1686150114
3276768	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	afa59c4de068f13d617a8090c55f7d0b645d9782	1686150114
3276768	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	afa59c4de068f13d617a8090c55f7d0b645d9782	1686150114
173795	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	bd0f7e58c1600c5a717fcf060c6c260d9d865d22	1686150115
173795	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	bd0f7e58c1600c5a717fcf060c6c260d9d865d22	1686150115
931770	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118609, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 175602, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	d85fbe69e08f57750f22ef20ad20e3bb08fb53df	1686150115
931770	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118609, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 175602, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	d85fbe69e08f57750f22ef20ad20e3bb08fb53df	1686150115
929834	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 55696, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 651831, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	b4c897b4aaa258b27ee0ff7edf553735481f565d	1686150116
929834	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 55696, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 651831, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	b4c897b4aaa258b27ee0ff7edf553735481f565d	1686150116
23668351	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 774742, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23214826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	4af3d5aee88996ec6952ea9e598b434ee4dc0c28	1686150119
23668351	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 774742, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23214826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	4af3d5aee88996ec6952ea9e598b434ee4dc0c28	1686150119
9095348	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2065896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1838594, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	c8e8441cdad2974770adb2fd9091f4f590188968	1686150123
9095348	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2065896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1838594, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	c8e8441cdad2974770adb2fd9091f4f590188968	1686150123
930687	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 180327, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	961e3cd96bfa7943f71109d0c235fd8b38376f60	1686150124
930687	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 180327, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	961e3cd96bfa7943f71109d0c235fd8b38376f60	1686150124
931377	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 401046, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 129705, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	0bb2964f5efb578d0ecc0cf06417d686dde59f77	1686150125
931377	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 401046, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 129705, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	0bb2964f5efb578d0ecc0cf06417d686dde59f77	1686150125
927231	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 57153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 688672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0	1686150125
927231	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 57153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 688672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0	1686150125
3331072	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2187152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2194102, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	089a0358b27ea0c5d92c823b63add32457501a5e	1686150126
3331072	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2187152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2194102, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	089a0358b27ea0c5d92c823b63add32457501a5e	1686150126
8126464	ELF64 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3474544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3515704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	20a165c1eb816ff4ad7d55d49e70a41c1198ead8	1686150128
8126464	ELF64 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3474544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3515704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	20a165c1eb816ff4ad7d55d49e70a41c1198ead8	1686150128
36633572	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3927134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16459918, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	583d27662efc73f5f42eb81609770e692e9a65ed	1686150129
36633572	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3927134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16459918, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	583d27662efc73f5f42eb81609770e692e9a65ed	1686150129
34389577	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210700, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869171, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce	1686150135
34389577	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210700, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869171, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce	1686150135
935988	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331334, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52342, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	2129c563cfbfbab0111c73f31184e0bf4b1bc3a6	1686150139
935988	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331334, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52342, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	2129c563cfbfbab0111c73f31184e0bf4b1bc3a6	1686150139
930473	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338428, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59098, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	787d91817a5dd4cf63d0454eb240052aa9687619	1686150140
930473	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338428, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59098, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	787d91817a5dd4cf63d0454eb240052aa9687619	1686150140
12013103	PE/Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 9115816, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	6a335f4e638e564f836057fe6e0e2af05ec33da8	1686150140
6699288	PE+/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815385, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed	1686150143
6699288	PE+/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815385, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed	1686150143
929276	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 403386, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	9454c50693d7b390806ced4ef36b9b857b8629fa	1686150149
929276	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 403386, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	9454c50693d7b390806ced4ef36b9b857b8629fa	1686150149
930806	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 184147, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	274b00db13eebcd6082de509d400fe5251a98f03	1686150149
930806	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 184147, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	274b00db13eebcd6082de509d400fe5251a98f03	1686150149
61184217	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45211537, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58260786, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	d9db0d9b40773587e3f3504ee62dd13f356e2042	1686150152
61184217	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45211537, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58260786, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	d9db0d9b40773587e3f3504ee62dd13f356e2042	1686150152
73081759	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12895085, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30003463, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	824ad09d431328843657589c773b0b69b87fe04e	1686150157
73081759	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12895085, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30003463, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	824ad09d431328843657589c773b0b69b87fe04e	1686150157
10032511	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1605113, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7068039, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	5ba002fd1aa0d945d508de71864be5fbee45f4fb	1686150162
10032511	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1605113, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7068039, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	5ba002fd1aa0d945d508de71864be5fbee45f4fb	1686150162
931686	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 48187, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 409598, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	e5842bab24fad9c4287acfed037aab491c47df01	1686150163
931686	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 48187, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 409598, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	e5842bab24fad9c4287acfed037aab491c47df01	1686150163
26278447	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23857885, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23869615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	290617954cdec1062ac608739fe91ff59390d697	1686150167
26278447	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23857885, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23869615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	290617954cdec1062ac608739fe91ff59390d697	1686150167
34389577	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210892, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869363, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	6da793ceb98fba2eca7bf612512c1f19acd4169a	1686150172
34389577	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210892, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869363, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	6da793ceb98fba2eca7bf612512c1f19acd4169a	1686150172
8946132	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3674270, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3441202, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	90edd03ca6404f5463883a9636f3c0f9898e07bd	1686150179
8946132	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3674270, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3441202, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	90edd03ca6404f5463883a9636f3c0f9898e07bd	1686150179
9193604	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1891954, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3260593, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990	1686150180
9193604	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1891954, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3260593, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990	1686150180
12764160	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8980721, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12260413, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	7b6aa3b5779ec0d82fee559fc4d63ad480d51081	1686150184
12764160	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8980721, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12260413, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	7b6aa3b5779ec0d82fee559fc4d63ad480d51081	1686150184
3310440	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1999564, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 785846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	1f432e629ddc3a46933533ecbb34fea9957e75fb	1686150210
3310440	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1999564, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 785846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	1f432e629ddc3a46933533ecbb34fea9957e75fb	1686150210
9573220	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6332741, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7759019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	e65b15c85ad58e8c03d631bc18c60cb8158f284e	1686150242
9573220	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6332741, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7759019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	e65b15c85ad58e8c03d631bc18c60cb8158f284e	1686150242
930740	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	b873436ccab36552c99f8fe7061bdbe272d3ce8f	1686150266
930740	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	b873436ccab36552c99f8fe7061bdbe272d3ce8f	1686150266
348160	PE/Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	d69278c938ecff91cb1de3e41eb4ad2ada3d7fd7	1686150275
348160	PE/Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	9e0b73ab7dd3c5393d59f189f72d86969fe810e6	1686150278
96404	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34942, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23974, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	40ae8ce4fd7be204b022a24d145bc76724f29a25	1686150284
96404	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34942, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23974, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	40ae8ce4fd7be204b022a24d145bc76724f29a25	1686150284
491771	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31265, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 449442, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	311b155865c0b0031906cc3cb642c1451c728b49	1686150285
491771	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31265, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 449442, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	311b155865c0b0031906cc3cb642c1451c728b49	1686150285
15222705	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3256698, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10462094, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8077d9e9178106ee04bb064f0c4836609b2651a3	1686150286
15222705	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3256698, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10462094, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8077d9e9178106ee04bb064f0c4836609b2651a3	1686150286
30296948	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26842835, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26807721, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	083b1295e2caf60b6a41f01b6f87667b98430091	1686150290
30296948	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26842835, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26807721, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	083b1295e2caf60b6a41f01b6f87667b98430091	1686150290
6537308	PE/Exe/Py2ExeInstaller	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5693089, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2822995, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1	1686150294
6537308	PE/Exe/Py2ExeInstaller	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5693089, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2822995, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1	1686150294
7247380	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4008699, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4004292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	dc5923d8b5caae31db125694e113c3838d645180	1686150295
7247380	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4008699, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4004292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	dc5923d8b5caae31db125694e113c3838d645180	1686150295
4502016	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3630751, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3591330, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	0577c58640804c401b437230cced87df2345e29c	1686150298
4502016	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3630751, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3591330, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	0577c58640804c401b437230cced87df2345e29c	1686150298
12545978	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10606314, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2930691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	a74dd66fb887d1af674a86bf6a29b7689e13bcfe	1686150302
12545978	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10606314, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2930691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	a74dd66fb887d1af674a86bf6a29b7689e13bcfe	1686150302
21330944	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15508458, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14984430, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	d7d92eeac776fff79b8bb27ae022acb7b2a72d46	1686150317
21330944	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15508458, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14984430, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	d7d92eeac776fff79b8bb27ae022acb7b2a72d46	1686150317
931771	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 414713, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8cb8155899b4297fa0a00e46789aadf71b9ebae0	1686150327
931771	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 414713, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8cb8155899b4297fa0a00e46789aadf71b9ebae0	1686150327
468938	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20060, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 207216, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	7f8905edbfd2e186ed2a4752c8be165a486871c0	1686150330
468938	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20060, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 207216, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	7f8905edbfd2e186ed2a4752c8be165a486871c0	1686150330
3557888	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 509291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28	1686150332
3557888	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 509291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28	1686150332
7852544	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6486978, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6455842, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	4a080485c96493bd3debfad49a284a34760e9b70	1686150343
7852544	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6486978, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6455842, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	4a080485c96493bd3debfad49a284a34760e9b70	1686150343
15735	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11559, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9762, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	aa7abe3707df21fd8e0aab4609e413c9e9395efe	1686150351
15735	Text/TypeScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11559, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9762, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	aa7abe3707df21fd8e0aab4609e413c9e9395efe	1686150351
931613	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 123803, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 294152, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4	1686150352
931613	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 123803, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 294152, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4	1686150352
948192	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 612819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 588226, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	a6d3081cbeb195d1edfc1099435bf0f9afaf711a	1686150354
948192	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 612819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 588226, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	a6d3081cbeb195d1edfc1099435bf0f9afaf711a	1686150354
5127484	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	ab46a7097d5e33fcc3eefcb097cf651d4b79327e	1686150356
5127484	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	ab46a7097d5e33fcc3eefcb097cf651d4b79327e	1686150356
25453056	PE+/Exe/QTinstaller	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15179465, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15285982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	ade4a102d363465fc686f2205ccc541641212b76	1686150357
25453056	PE+/Exe/QTinstaller	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15179465, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15285982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	ade4a102d363465fc686f2205ccc541641212b76	1686150357
43717981	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22952660, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21572538, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	730b962ad50fa2261e7cc4cda3cd478e29433cb6	1686150363
43717981	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22952660, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21572538, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	730b962ad50fa2261e7cc4cda3cd478e29433cb6	1686150363
10340152	PE/.Net Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 615180, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	2715497b02f441d8f7fd55bcbc73e2dc912c284f	1686150364
25406657	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5367098, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5417667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	cec13f5281df131634a68b0f404360f783f557ec	1686150371
25406657	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5367098, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5417667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	cec13f5281df131634a68b0f404360f783f557ec	1686150371
931361	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46225, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 192292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	5c4e9cc203c98e89a989478efaca334e8779af81	1686150371
931361	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46225, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 192292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	5c4e9cc203c98e89a989478efaca334e8779af81	1686150371
23095627	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369170, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21391369, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	06f8373056da04c985cd04b94e51ec666612d2cd	1686150371
23095627	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369170, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21391369, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	06f8373056da04c985cd04b94e51ec666612d2cd	1686150371
348160	PE/Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	147ae394a900a5d3d735e77dfd86ce49a0991862	1686150374
20372117	PE/Exe/NSIS	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 7242654, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	4f66b0d78adce76fe167fea619b1130503438559	1686150375
20280576	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8292185, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8209778, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8db22983306a388d96017ffdb3ab1e00d7ebb43c	1686150377
20280576	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8292185, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8209778, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8db22983306a388d96017ffdb3ab1e00d7ebb43c	1686150377
10182656	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3152562, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3805148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	59f6e8d7adc5364174e1ae0f192ad10d2f9d0117	1686150379
10182656	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3152562, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3805148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	59f6e8d7adc5364174e1ae0f192ad10d2f9d0117	1686150379
930152	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 412452, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	112c3ef4d7d4fee90f4367199ad90568e963cf66	1686150382
930152	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 412452, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	112c3ef4d7d4fee90f4367199ad90568e963cf66	1686150382
8814592	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4011313, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4713025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	775b98352e38f238b29f95040424f6c1ac503e8f	1686150386
8814592	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4011313, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4713025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	775b98352e38f238b29f95040424f6c1ac503e8f	1686150386
3282432	PE+/Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 1698382, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	true	89c5c42946f23ab8da17d62395ec0801fc1ff93f	1686150394
6444832	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4974746, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5726860, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	dd3646cd6dab41f30705c102b56e633b952bb475	1686150397
6444832	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4974746, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5726860, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	dd3646cd6dab41f30705c102b56e633b952bb475	1686150397
6474752	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533783, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591836, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	696ff8fef64c56e79ea3da6812c7a2edafdc029d	1686150401
6474752	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533783, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591836, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	696ff8fef64c56e79ea3da6812c7a2edafdc029d	1686150401
86433	Binary/None	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28868, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50260, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	7195310aa4920e2cb39ddc26b248143499d3b126	1686150413
86433	Binary/None	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28868, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50260, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	7195310aa4920e2cb39ddc26b248143499d3b126	1686150413
3267040	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2062484, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2095349, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16	1686150421
3267040	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2062484, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2095349, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16	1686150421
47601	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 33096, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	3175ad779cc055b571f0fd1acbd8cc9bfe520280	1686150431
47601	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 33096, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	3175ad779cc055b571f0fd1acbd8cc9bfe520280	1686150431
154756	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111362, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	220680831449b8f6588a9cce44741fab554a7ba7	1686150441
154756	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111362, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	220680831449b8f6588a9cce44741fab554a7ba7	1686150441
151462	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108062, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65135, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	1878b427f101a316442c57209fa17cbe6a1ca0fe	1686150448
151462	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108062, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65135, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	1878b427f101a316442c57209fa17cbe6a1ca0fe	1686150448
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	a9627215cb7c1b43c9f5f594a82a2c1559857d7b	1686150449
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	a9627215cb7c1b43c9f5f594a82a2c1559857d7b	1686150449
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	2d0ed62c390430662fc33d8f57b4eb121139ca54	1686150449
89327	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	2d0ed62c390430662fc33d8f57b4eb121139ca54	1686150449
159341	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 115940, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 73406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	a554594c774d4b5d41f7a5234e2905e14b034987	1686150450
159341	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 115940, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 73406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	a554594c774d4b5d41f7a5234e2905e14b034987	1686150450
126381	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 70625, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53368, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	505c406d7ea1a2f47312b0966be841028ae919e7	1686150450
126381	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 70625, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53368, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	505c406d7ea1a2f47312b0966be841028ae919e7	1686150450
14417	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11214, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12222, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	60281e56f446d4a3656a25658ffcbd74f12c5bf4	1686150454
14417	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11214, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12222, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	60281e56f446d4a3656a25658ffcbd74f12c5bf4	1686150454
154369	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110973, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	c099dd547b58e74ed8d9c2c6d579ab8e41269500	1686150455
154369	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110973, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	c099dd547b58e74ed8d9c2c6d579ab8e41269500	1686150455
155384	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4	1686150457
155384	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4	1686150457
154219	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68400, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	995fd53ad16804fccf466264417695e6b0ab6e20	1686150463
154219	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68400, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	995fd53ad16804fccf466264417695e6b0ab6e20	1686150463
381079	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 176266, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 345615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	593b0f2c47aa6bd73428f10ea0360725faf06c42	1686150465
381079	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 176266, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 345615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	593b0f2c47aa6bd73428f10ea0360725faf06c42	1686150465
163098	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92473, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152394, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	942e2fb470bd4008055a8bce6749e9bbccb75ea1	1686150468
163098	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92473, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152394, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	942e2fb470bd4008055a8bce6749e9bbccb75ea1	1686150468
13861856	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9049728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8942045, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	59dafd4d926ab9a9c34899540af51135fe4bd8da	1686150470
13861856	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9049728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8942045, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	59dafd4d926ab9a9c34899540af51135fe4bd8da	1686150470
164398	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3527, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58716, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	d968e98107f741326dca87d26537cc180932e35f	1686150471
164398	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3527, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58716, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	d968e98107f741326dca87d26537cc180932e35f	1686150471
1747296	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1673385, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1497969, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	99917368bb78857bf2f837dce851312a70b9ada7	1686150471
1747296	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1673385, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1497969, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	99917368bb78857bf2f837dce851312a70b9ada7	1686150471
11576577	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10342763, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10354427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	dff8243d0b4a32e46a8ac8021d97b0aad21830a4	1686150472
11576577	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10342763, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10354427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	dff8243d0b4a32e46a8ac8021d97b0aad21830a4	1686150472
154378	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110980, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	ea9236fdef65fc30c10218b2140d0942adc1f22b	1686150472
154378	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110980, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	ea9236fdef65fc30c10218b2140d0942adc1f22b	1686150472
39268559	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 64836, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 605486, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	54edf295efcf05160d27fb6834a3caf9f2209ba7	1686150475
39268559	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 64836, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 605486, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	54edf295efcf05160d27fb6834a3caf9f2209ba7	1686150475
444715	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15462, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 193293, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	55fc77d16e940a3be013328da7d777f419def447	1686150476
444715	Text/JavaScript	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15462, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 193293, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	55fc77d16e940a3be013328da7d777f419def447	1686150476
146027	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 102626, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60254, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	969c08328198fbb0749411234c6a00b0ce5a003d	1686150478
146027	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 102626, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60254, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	969c08328198fbb0749411234c6a00b0ce5a003d	1686150478
154393	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0	1686150478
154393	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0	1686150478
407815	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 133036, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 80620, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	e35210e1fd190655438816adbb94a276948585d1	1686150478
407815	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 133036, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 80620, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	e35210e1fd190655438816adbb94a276948585d1	1686150478
20620343	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33910, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 196832, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	a2acda4f1d103c3935fecaceb702793840da5de2	1686150481
20620343	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33910, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 196832, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	a2acda4f1d103c3935fecaceb702793840da5de2	1686150481
6009840	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4616975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4984614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	58d3d4e8011ca5aa7a827bdb32984b46691cb5a9	1686150481
6009840	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4616975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4984614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	58d3d4e8011ca5aa7a827bdb32984b46691cb5a9	1686150481
20632380	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 208986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	d2778f896a3ff2d865af50cbcd529dafcf714393	1686150482
20632380	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 208986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	d2778f896a3ff2d865af50cbcd529dafcf714393	1686150482
273248	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	34578885caf1a2e0b48b46d4e70eb01445acc5f0	1686150482
273248	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	34578885caf1a2e0b48b46d4e70eb01445acc5f0	1686150482
344762	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	b6caa5f15f08024eda95d3eb61de207ea1db5ca7	1686150483
344762	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	b6caa5f15f08024eda95d3eb61de207ea1db5ca7	1686150483
273249	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	ddff15d4914ff06b55fbac496362aaae7a2d3c9b	1686150484
273249	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	ddff15d4914ff06b55fbac496362aaae7a2d3c9b	1686150484
456700	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 430650, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 214898, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	a3342c659d56113fcf63287f1f2b51015a32a9fe	1686150491
456700	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 430650, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 214898, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	a3342c659d56113fcf63287f1f2b51015a32a9fe	1686150491
20655221	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19076, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	e1a3dcfe7846ac93feb3b6c0d368c619551e2060	1686150496
20655221	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19076, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	e1a3dcfe7846ac93feb3b6c0d368c619551e2060	1686150496
1808816	PE/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 201237, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 166562, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	true	8cee4323aa88793881d1e9753476ffd85e9909d2	1686150498
1808816	PE/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 201237, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 166562, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	true	8cee4323aa88793881d1e9753476ffd85e9909d2	1686150498
17414211	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1697169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 341432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	86323712891af72832dd179625c1c9e5f47ef5dc	1686149728
17414211	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1697169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 341432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	86323712891af72832dd179625c1c9e5f47ef5dc	1686149728
97050	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27202, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48756, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4b894706af749cdad62ced56233c32dc85274212	1686149728
97050	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27202, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48756, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4b894706af749cdad62ced56233c32dc85274212	1686149728
735478	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555378, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	2d4d4a0e0efea6efab5dff40951a996b10fe594c	1686149732
735478	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555378, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	2d4d4a0e0efea6efab5dff40951a996b10fe594c	1686149732
609570	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53613, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8	1686149732
609570	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53613, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8	1686149732
8295796	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3332145, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1798128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	eb37a450426a73adc228c0b7af6b389fc7bdf56e	1686149737
8295796	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3332145, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1798128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	eb37a450426a73adc228c0b7af6b389fc7bdf56e	1686149737
13028229	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29013, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 650100, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c38171b6039aed6b7b759e296ace24dc7d025b83	1686149738
13028229	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29013, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 650100, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c38171b6039aed6b7b759e296ace24dc7d025b83	1686149738
7240420	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4735924, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4985544, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	06b99fba88558d39bdb6dbb429327e38bd1a00a6	1686149740
7240420	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4735924, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4985544, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	06b99fba88558d39bdb6dbb429327e38bd1a00a6	1686149740
9198608	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6192194, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6196270, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d537cc50888e2276c7faf74e30d23c170738198a	1686149744
9198608	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6192194, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6196270, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d537cc50888e2276c7faf74e30d23c170738198a	1686149744
26307192	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3868176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3642636, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0503efcbe5861c3e0d079f9becb3485452b97235	1686149749
26307192	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3868176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3642636, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0503efcbe5861c3e0d079f9becb3485452b97235	1686149749
108432	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45813, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17730, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76	1686149755
108432	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45813, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17730, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76	1686149755
22828	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8423, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11498, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	51b0ba00682591290f80e5855f1a4db9998acf09	1686149756
22828	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8423, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11498, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	51b0ba00682591290f80e5855f1a4db9998acf09	1686149756
22894	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11564, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0c6f35b25d6e074fab3199944f85df197e063162	1686149766
22894	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11564, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0c6f35b25d6e074fab3199944f85df197e063162	1686149766
735481	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555379, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733136, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87	1686149767
735481	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555379, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733136, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87	1686149767
69910542	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 432346, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 401816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c10dd19fb20e99ac5e03cc854fcb07f3a4689626	1686149774
69910542	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 432346, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 401816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c10dd19fb20e99ac5e03cc854fcb07f3a4689626	1686149774
78078	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48075, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6b23dddf010be66788315ffbd673a8786e216cca	1686149779
78078	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48075, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6b23dddf010be66788315ffbd673a8786e216cca	1686149779
55035681	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6445000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5864743, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a20295d2941d01ad89f148221bfeeb4a7ae91c8a	1686149785
55035681	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6445000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5864743, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a20295d2941d01ad89f148221bfeeb4a7ae91c8a	1686149785
72160935	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25254788, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62943840, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	3608d31f0528ed78f3b4c7325f48b21eaae7d6e9	1686149790
72160935	Binary/Archive/ZIP	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 64192330, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	3608d31f0528ed78f3b4c7325f48b21eaae7d6e9	1686149790
72160935	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25254788, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62943840, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	3608d31f0528ed78f3b4c7325f48b21eaae7d6e9	1686149790
5053848	PE/Exe/UPX	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 4631537, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	9d94d6d2c676ea1391707da336b08adb51a7602e	1686149811
48064504	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14832618, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6254126, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	949abf3b22fde0d82aabde30b447202a85a22976	1686149814
48064504	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14832618, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6254126, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	949abf3b22fde0d82aabde30b447202a85a22976	1686149814
17363501	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 276134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4050570, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	ea2a042555d2ed5031699ab262dd36ee11140a47	1686149826
17363501	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 276134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4050570, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	ea2a042555d2ed5031699ab262dd36ee11140a47	1686149826
1097787	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1026714, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1022464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8347104bb4f67e9f6a009dddab7d9ba64c1f1f34	1686149827
1097787	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1026714, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1022464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8347104bb4f67e9f6a009dddab7d9ba64c1f1f34	1686149827
9109956	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6903276, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7053407, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	68272eebbf35852ead3ca57e4d4057c1aca9e87f	1686149828
9109956	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6903276, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7053407, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	68272eebbf35852ead3ca57e4d4057c1aca9e87f	1686149828
129965	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28324, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49213, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8862e555dfb36ef346c9ab015e9cdc042742f905	1686149830
129965	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28324, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49213, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8862e555dfb36ef346c9ab015e9cdc042742f905	1686149830
3401029	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 546852, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12694, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4edebb0ccaf461b657eefd6de9daa819718702c5	1686149831
3401029	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 546852, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12694, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4edebb0ccaf461b657eefd6de9daa819718702c5	1686149831
12211580	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1831826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1825431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	bce246203d8df748692e5d67f7b43779ca18fcb8	1686149833
12211580	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1831826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1825431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	bce246203d8df748692e5d67f7b43779ca18fcb8	1686149833
130472	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31577, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53131, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	bb95e8d71ced34ca09a220bcd4740c05bb5beaae	1686149835
130472	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31577, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53131, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	bb95e8d71ced34ca09a220bcd4740c05bb5beaae	1686149835
21856	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	49e3e9c608998a84c76dea1d14979748fa303108	1686149836
21856	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	49e3e9c608998a84c76dea1d14979748fa303108	1686149836
8761628	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5623501, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5729635, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	638ee91a8195f803fb856b9cc58ec90b4e302d2d	1686149838
8761628	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5623501, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5729635, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	638ee91a8195f803fb856b9cc58ec90b4e302d2d	1686149838
80384	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4633, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d71c31ff1506662b75a69ab2f4c470acd4a608c6	1686149840
80384	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4633, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d71c31ff1506662b75a69ab2f4c470acd4a608c6	1686149840
2696810	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11164, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	2bb02417e2229ec6c67723720e8c047473bac428	1686149843
2696810	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11164, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	2bb02417e2229ec6c67723720e8c047473bac428	1686149843
291468	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30654, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 206411, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	861df3d24be5051f03b772a3614ece4f38c9453f	1686149843
291468	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30654, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 206411, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	861df3d24be5051f03b772a3614ece4f38c9453f	1686149843
9605652	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6219463, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7291032, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	dbb08be91da3fbb62d3a940f50ee262b8ee64a00	1686149843
9605652	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6219463, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7291032, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	dbb08be91da3fbb62d3a940f50ee262b8ee64a00	1686149843
7851776	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5738916, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5715983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	44ecf0599917582d655aebecad3bff20428a95d5	1686149844
7851776	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5738916, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5715983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	44ecf0599917582d655aebecad3bff20428a95d5	1686149844
134280	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31122, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52676, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7b954a9a584dfea3b50aa0d266ece12edd920de3	1686149844
134280	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31122, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52676, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7b954a9a584dfea3b50aa0d266ece12edd920de3	1686149844
1566720	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48358, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9ae122565cefb2d077ffd8015b2080dbcd66210a	1686149846
1566720	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48358, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9ae122565cefb2d077ffd8015b2080dbcd66210a	1686149846
1826525	PE/Exe/PECompact	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 61949, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1772779, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	00d16698e37238fa735a1f1728bcbd5a43247e80	1686149846
1826525	PE/Exe/PECompact	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 61949, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1772779, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	00d16698e37238fa735a1f1728bcbd5a43247e80	1686149846
31410	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17271, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d11b319f05e4ca0f27820748b503a59f24beb00d	1686149846
31410	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17271, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d11b319f05e4ca0f27820748b503a59f24beb00d	1686149846
81478	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31946, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 38816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af	1686149850
81478	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31946, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 38816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af	1686149850
718416	Document/None/PDF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140853, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	84c987347c558fb79e603b4ce107e727b35d2ce0	1686149850
718416	Document/None/PDF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140853, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	84c987347c558fb79e603b4ce107e727b35d2ce0	1686149850
7765124	Binary/None/TNEF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1806802, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	1898cb0bd9636e2770bef781e64c14ea930737d9	1686149851
7765124	Binary/None/TNEF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1806802, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	1898cb0bd9636e2770bef781e64c14ea930737d9	1686149851
7445844	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5463059, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5443224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8397215a4ef8f0278ca94ac55bcfb7d951eb5991	1686149852
7445844	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5463059, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5443224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8397215a4ef8f0278ca94ac55bcfb7d951eb5991	1686149852
58880	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	5e3ce373290c3ff3a161f20ce507f566ec02ef37	1686149853
58880	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	5e3ce373290c3ff3a161f20ce507f566ec02ef37	1686149853
34304	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 18191, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6419bbc857dfc05244305301ce04fd3101dfbc4e	1686149856
34304	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 18191, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6419bbc857dfc05244305301ce04fd3101dfbc4e	1686149856
13647	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	f498fa63f00a6c5d563c78597b1e603f00c292ba	1686149856
13647	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	f498fa63f00a6c5d563c78597b1e603f00c292ba	1686149856
10867247	Document/None/PDF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 615042, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2517009, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	80ac906fe3153d272625e4cfd0e953d01dabc718	1686149858
10867247	Document/None/PDF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 615042, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2517009, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	80ac906fe3153d272625e4cfd0e953d01dabc718	1686149858
10866832	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2275907, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2454431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6d61d48bbadf3a5eaeec617653c64493c03abc48	1686149861
10866832	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2275907, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2454431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6d61d48bbadf3a5eaeec617653c64493c03abc48	1686149861
5101876	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 2341502, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	e846d1ab898e95541e6682720022dfb7433b42a1	1686149862
1200556	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 908895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1200168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a7c06c5ff0f929a52d7d9e88315d9dd6109a7939	1686149867
1200556	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 908895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1200168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a7c06c5ff0f929a52d7d9e88315d9dd6109a7939	1686149867
94208	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52375, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54543, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7	1686149871
94208	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52375, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54543, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7	1686149871
4403680	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070028, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1569453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	388bf96870666f99c68015c72e470b96afe330b6	1686149876
4403680	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070028, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1569453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	388bf96870666f99c68015c72e470b96afe330b6	1686149876
124306	Document/None/RTF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 56115, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0c88ebb87d1db36ec61990b11b9046d8bfc84249	1686149876
124306	Document/None/RTF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 56115, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0c88ebb87d1db36ec61990b11b9046d8bfc84249	1686149876
7532560	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5242377, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6199698, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b	1686149880
7532560	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5242377, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6199698, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b	1686149880
89227939	PE+/Exe/SetupFactory	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 3721968, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	14f646a4c56d4a6908589ff38cfbc8904fef7ffd	1686149881
23765288	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23568888, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12392190, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	32e0479375a7efd4648e3243d95c8a184b723ff7	1686149882
23765288	PE/Exe	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 12386158, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	32e0479375a7efd4648e3243d95c8a184b723ff7	1686149882
23765288	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23568888, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12392190, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	32e0479375a7efd4648e3243d95c8a184b723ff7	1686149882
83456	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4722, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	08d52dd79c4506e569f6b44dd040c7666e1c990a	1686149884
83456	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4722, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	08d52dd79c4506e569f6b44dd040c7666e1c990a	1686149884
18747429	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1790351, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 434614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9315db8fd8e974ed3f32fed4af2a87950051db31	1686149884
18747429	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1790351, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 434614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9315db8fd8e974ed3f32fed4af2a87950051db31	1686149884
7971248	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6010248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5922837, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7c0467942d6e3a17cb46f80485735703971be951	1686149899
7971248	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6010248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5922837, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7c0467942d6e3a17cb46f80485735703971be951	1686149899
8746736	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6663701, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6518302, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c3905032ee58bd7252bfea670af4fae789ee65bc	1686149904
8746736	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6663701, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6518302, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c3905032ee58bd7252bfea670af4fae789ee65bc	1686149904
29495534	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7777152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14315453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	5448598e37f1525d59dbde93ed3226c699591660	1686149907
29495534	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23706990, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	5448598e37f1525d59dbde93ed3226c699591660	1686149907
29495534	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7777152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14315453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	5448598e37f1525d59dbde93ed3226c699591660	1686149907
20208408	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8042295, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9983725, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	1274f648fbf7ec60f349f91426520d5fed741a75	1686149911
20208408	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8042295, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9983725, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	1274f648fbf7ec60f349f91426520d5fed741a75	1686149911
9360804	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6623554, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6393329, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a32a21cc68347f914640067d66a8eb9f3d718f97	1686149912
9360804	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6623554, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6393329, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a32a21cc68347f914640067d66a8eb9f3d718f97	1686149912
22696990	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2310626, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	2ee61b0db428bd1943c0a3a23fa9657bdbae4525	1686149917
22696990	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2310626, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	2ee61b0db428bd1943c0a3a23fa9657bdbae4525	1686149917
45056	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26775, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7215, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4a2a97a3ccc4f69e4369540afa9621517b61a70d	1686149924
45056	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26775, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7215, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4a2a97a3ccc4f69e4369540afa9621517b61a70d	1686149924
8178116	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5952245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6078981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6187f8a655a0c8d63f7c0d0159ec48faf3926397	1686149926
8178116	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5952245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6078981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6187f8a655a0c8d63f7c0d0159ec48faf3926397	1686149926
118949	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27159, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48713, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	010536c2287998f486647077d5f5f4cb14216f21	1686149928
118949	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27159, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48713, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	010536c2287998f486647077d5f5f4cb14216f21	1686149928
4397292	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070008, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1563324, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	28104c2b1121a331071889a8285f18e4e5fa857e	1686149932
4397292	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070008, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1563324, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	28104c2b1121a331071889a8285f18e4e5fa857e	1686149932
1126838	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c068b6be9d12ef34c4bff6438217ec83aedb3920	1686149932
1126838	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c068b6be9d12ef34c4bff6438217ec83aedb3920	1686149932
5742	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1420, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1478, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	784251aee0035f509d9a59f46a7854e3156eb1e8	1686149932
5742	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1420, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1478, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	784251aee0035f509d9a59f46a7854e3156eb1e8	1686149932
8342696	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5758241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6719849, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	1a5599d9ac6637d73e45a008eb13963a43a42de5	1686149933
8342696	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5758241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6719849, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	1a5599d9ac6637d73e45a008eb13963a43a42de5	1686149933
10935924	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7358335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7658163, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	ad38d8e905018d8214d3d086a5314bc8baf530f0	1686149935
10935924	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7358335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7658163, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	ad38d8e905018d8214d3d086a5314bc8baf530f0	1686149935
9367552	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3032179, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 699012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd	1686149936
9367552	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3032179, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 699012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd	1686149936
5615616	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 684425, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1855040, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	27177a9974cf5e51e406dfc565abec4323a7f460	1686149938
5615616	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 684425, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1855040, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	27177a9974cf5e51e406dfc565abec4323a7f460	1686149938
12587776	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1885979, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1879584, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	61f1d317d4b637547328d7bbd8db162332ffca96	1686149941
12587776	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1885979, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1879584, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	61f1d317d4b637547328d7bbd8db162332ffca96	1686149941
15528080	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7666937, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9603001, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	90006a605fefb15ef0e3ee3a7913e4e3085aa910	1686149943
15528080	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7666937, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9603001, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	90006a605fefb15ef0e3ee3a7913e4e3085aa910	1686149943
61198027	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3493267, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59650081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	81fdd91f2f3ad757beaa4e99d1e696fe216572a7	1686149946
61198027	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3493267, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59650081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	81fdd91f2f3ad757beaa4e99d1e696fe216572a7	1686149946
92550	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50934, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	11e37775d188125698553bb54b92212db30c9868	1686149952
92550	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50934, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	11e37775d188125698553bb54b92212db30c9868	1686149952
15909007	PE+/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4403826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	3044d17533125b0e81479c13a3938c5f680945dd	1686149952
15909007	PE+/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4403826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	3044d17533125b0e81479c13a3938c5f680945dd	1686149952
7030588	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4138419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3925485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	3e781f619085938c400ef62d124e1c160d8e606d	1686149953
7030588	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4138419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3925485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	3e781f619085938c400ef62d124e1c160d8e606d	1686149953
7891860	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5936181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6065613, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9672712486f68f6ef3fa5ea1051a488652768782	1686149956
7891860	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5936181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6065613, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9672712486f68f6ef3fa5ea1051a488652768782	1686149956
1126838	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c068b6be9d12ef34c4bff6438217ec83aedb3920	1686149974
1126838	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c068b6be9d12ef34c4bff6438217ec83aedb3920	1686149974
58853069	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 453396, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 422866, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7f61bf37ba7a45b4d9686384db4cccec61f67c47	1686149975
58853069	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 453396, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 422866, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7f61bf37ba7a45b4d9686384db4cccec61f67c47	1686149975
80896	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6fc8b4b91789e00438dc40c306b51a4cb607eb8d	1686149975
80896	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6fc8b4b91789e00438dc40c306b51a4cb607eb8d	1686149975
4090442	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2966063, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3005572, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a9102e50f879a876bcde1a65ed9e66061345af38	1686149977
4090442	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2966063, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3005572, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a9102e50f879a876bcde1a65ed9e66061345af38	1686149977
11287504	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9611205, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9336911, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	855439438fa49547ac12bdf953b32f72c719b2c9	1686149980
11287504	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9611205, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9336911, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	855439438fa49547ac12bdf953b32f72c719b2c9	1686149980
51580195	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192859, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1055775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	aa57da659dd7d00cce7d1435bfc8459087f51b6f	1686149983
51580195	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192859, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1055775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	aa57da659dd7d00cce7d1435bfc8459087f51b6f	1686149983
52603562	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5081683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48790340, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7b645c555f2208a68b7d6aff201736b6e111d3cc	1686149989
52603562	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5081683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48790340, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7b645c555f2208a68b7d6aff201736b6e111d3cc	1686149989
12364752	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10579965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10306863, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6c745b37d30bdc06e8ace8b4189538403c4d5c8a	1686149991
12364752	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10579965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10306863, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6c745b37d30bdc06e8ace8b4189538403c4d5c8a	1686149991
113599	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50276, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c797c0ed6564a46ae0ac9973f2b97411dbac4754	1686149993
113599	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50276, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c797c0ed6564a46ae0ac9973f2b97411dbac4754	1686149993
8720028	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6232135, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6035292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a12a22c2b0ecdbeb2f98a592328068591520225e	1686149993
8720028	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6232135, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6035292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a12a22c2b0ecdbeb2f98a592328068591520225e	1686149993
11722184	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10006757, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9731199, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d824b4da35e0527c04c91b45111790421e0df9c3	1686149993
11722184	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10006757, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9731199, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d824b4da35e0527c04c91b45111790421e0df9c3	1686149993
1647430	Document/None/RTF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1504890, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1514081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d416c83fd8bc78cc77ef30a8e5543b59f8b58f90	1686150001
1647430	Document/None/RTF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1504890, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1514081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d416c83fd8bc78cc77ef30a8e5543b59f8b58f90	1686150001
8185068	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1729023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1836665, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a470d52b3da243f0a6e4f29990910c15fe877260	1686150003
8185068	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1729023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1836665, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a470d52b3da243f0a6e4f29990910c15fe877260	1686150003
9058488	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2024065, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2076599, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	28cb515f6029996c620d90852ac18089b1ded110	1686150004
9058488	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2024065, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2076599, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	28cb515f6029996c620d90852ac18089b1ded110	1686150004
6957242	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1535249, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2867970, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	936ed9f8b5e106db89d568cdd6cf0d3768e35e8a	1686150005
6957242	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1535249, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2867970, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	936ed9f8b5e106db89d568cdd6cf0d3768e35e8a	1686150005
11402192	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9748709, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9479007, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	67bf7558493de43e5248d5c3fb0eff9ebe15e025	1686150005
11402192	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9748709, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9479007, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	67bf7558493de43e5248d5c3fb0eff9ebe15e025	1686150005
3560827	ELF64 Little/SO	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134236, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3282561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	09a2f81add6a24707bf53b87fc35649648d83d84	1686150008
3560827	ELF64 Little/SO	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134236, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3282561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	09a2f81add6a24707bf53b87fc35649648d83d84	1686150008
24621335	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1120542, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1090012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	42b2ae12dea46ea047d05762919e9b4bfe5ef788	1686150010
24621335	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1120542, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1090012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	42b2ae12dea46ea047d05762919e9b4bfe5ef788	1686150010
27294631	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2867337, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5192795, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	fadcba6ae6a7d80804672d39716caf6d6b236548	1686150010
27294631	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2867337, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5192795, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	fadcba6ae6a7d80804672d39716caf6d6b236548	1686150010
563708	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 71256, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13295, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	ec4ae655adbbb3805d80b71db833024062f40a30	1686150022
563708	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 71256, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13295, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	ec4ae655adbbb3805d80b71db833024062f40a30	1686150022
23674771	PE/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1113582, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 898210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c3b9b20d2b059c554bfedcf02f7e20a78ea0b634	1686150029
23674771	PE/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1113582, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 898210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c3b9b20d2b059c554bfedcf02f7e20a78ea0b634	1686150029
8696352	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6448188, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5556020, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8c6478d4da8936bbd1c41d55d627e5947f350a3c	1686150030
8696352	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6448188, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5556020, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8c6478d4da8936bbd1c41d55d627e5947f350a3c	1686150030
89737	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49043, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	ea0cd712f5841da8a42c88b5531580a67a46606d	1686150040
89737	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49043, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	ea0cd712f5841da8a42c88b5531580a67a46606d	1686150040
7919852	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5071035, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5906334, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	639f26fcdf4cf23f537da436e579d7642bb88a34	1686150042
7919852	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5071035, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5906334, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	639f26fcdf4cf23f537da436e579d7642bb88a34	1686150042
4740152	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3564800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3647079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0e2b28a93eb1a6028a450f2d0fb17b8a4142c838	1686150044
4740152	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3564800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3647079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0e2b28a93eb1a6028a450f2d0fb17b8a4142c838	1686150044
8722544	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6754191, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7446396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	11da04c21b47ff12ad322a6b23556b240c57e132	1686150045
8722544	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6754191, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7446396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	11da04c21b47ff12ad322a6b23556b240c57e132	1686150045
3826214	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 68922, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3251864, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	57e01329fd57cdf43d48e6126dcb04a9a649f486	1686150045
3826214	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 68922, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3251864, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	57e01329fd57cdf43d48e6126dcb04a9a649f486	1686150045
90401	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	eb539586df1f83a1ad6a46578ae93af47d28e583	1686150050
90401	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	eb539586df1f83a1ad6a46578ae93af47d28e583	1686150050
5196432	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1774761, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1594184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0dfbab7b39fe2df27cc3c450a33703e862548e7c	1686150050
5196432	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1774761, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1594184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0dfbab7b39fe2df27cc3c450a33703e862548e7c	1686150050
88693	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4f0abfde4499ca4265efaa76240165eeec26ae9c	1686150055
88693	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4f0abfde4499ca4265efaa76240165eeec26ae9c	1686150055
3114071	ELF32 Little/SO	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 104418, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2618650, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	e99fb966b75da3eb02a16fcac3b36c3a9194b857	1686150056
3114071	ELF32 Little/SO	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 104418, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2618650, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	e99fb966b75da3eb02a16fcac3b36c3a9194b857	1686150056
28120902	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22260169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 27281148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0ac06711934890049220bec85d224ca6a69a4abf	1686150060
28120902	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22260169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 27281148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0ac06711934890049220bec85d224ca6a69a4abf	1686150060
28328686	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6610304, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13148605, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7929803a26acbb9fbec06ee003d65fb01966f3a9	1686150077
28328686	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6610304, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13148605, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7929803a26acbb9fbec06ee003d65fb01966f3a9	1686150077
28328686	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22540142, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	7929803a26acbb9fbec06ee003d65fb01966f3a9	1686150077
18271076	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4064513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8efe34081ab998e156e537df4da387b0a4bd7f08	1686150078
18271076	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4064513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8efe34081ab998e156e537df4da387b0a4bd7f08	1686150078
28018926	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6300544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12838845, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	3095cf7fcee94f7ca177dd1cb4aea29b5b451116	1686150083
28018926	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22230382, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	3095cf7fcee94f7ca177dd1cb4aea29b5b451116	1686150083
28018926	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6300544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12838845, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	3095cf7fcee94f7ca177dd1cb4aea29b5b451116	1686150083
27306734	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5588352, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12126653, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	32c438b9048acb085fda9bd828fe370804e83b5c	1686150084
27306734	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5588352, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12126653, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	32c438b9048acb085fda9bd828fe370804e83b5c	1686150084
27306734	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21518190, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	32c438b9048acb085fda9bd828fe370804e83b5c	1686150084
81650	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16951, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 39263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	37b6ec97243b59e031215a7c79c76bd535c94a11	1686150090
81650	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16951, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 39263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	37b6ec97243b59e031215a7c79c76bd535c94a11	1686150090
181777	Document/None/PDF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9977, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8279, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8e5698b6c99e84ef251da396e57801eea4d4a7e0	1686150096
181777	Document/None/PDF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9977, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8279, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8e5698b6c99e84ef251da396e57801eea4d4a7e0	1686150096
271360	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 119107, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 118595, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	2b1c1ebb77a69accf7ade4a6656a229a8236da23	1686150101
271360	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 119107, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 118595, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	2b1c1ebb77a69accf7ade4a6656a229a8236da23	1686150101
583414	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 304758, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c90a2097bb3ef3b7782b569aad3a7a402c40ece6	1686150102
583414	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 304758, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c90a2097bb3ef3b7782b569aad3a7a402c40ece6	1686150102
5011956	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3830891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4122073, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	bceeab17f46e635c4d2d8e83ba98fc53d3b94409	1686150104
5011956	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3830891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4122073, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	bceeab17f46e635c4d2d8e83ba98fc53d3b94409	1686150104
22521	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 17697, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7370d7caf811dc3fb9b8ded4fb3a23d36997253d	1686150104
22521	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 17697, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7370d7caf811dc3fb9b8ded4fb3a23d36997253d	1686150104
7701312	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5240872, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6126943, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	af1458eda29940c81e42bf6a11d689b9363a575b	1686150107
7701312	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5240872, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6126943, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	af1458eda29940c81e42bf6a11d689b9363a575b	1686150107
8298484	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572183, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2680377, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	99047e1bf6e16b647f124db80faf90d91947643e	1686150109
8298484	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572183, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2680377, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	99047e1bf6e16b647f124db80faf90d91947643e	1686150109
105267	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	891e13aa1d764808d787be69ae3e8188345891ed	1686150115
105267	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	891e13aa1d764808d787be69ae3e8188345891ed	1686150115
6390588	PE+/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3498419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3285485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	732c2810e0cecccdfbcf3a052753060d8158643d	1686150119
6390588	PE+/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3498419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3285485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	732c2810e0cecccdfbcf3a052753060d8158643d	1686150119
102498470	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26303220, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15358931, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	89f539a36777589582b45b5ab3f1c4b8c392a519	1686150124
102498470	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26303220, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15358931, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	89f539a36777589582b45b5ab3f1c4b8c392a519	1686150124
223744	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 21284, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15037, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d	1686150124
223744	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 21284, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15037, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d	1686150124
34840	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1586, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20241, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	247dda310be523a670399ce08ac7576eeffceba9	1686150127
34840	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1586, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20241, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	247dda310be523a670399ce08ac7576eeffceba9	1686150127
97689	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34565, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 56119, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	ce2fbbb268352f30e63708658a895b55d5994a21	1686150127
97689	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34565, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 56119, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	ce2fbbb268352f30e63708658a895b55d5994a21	1686150127
608019	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 120997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5	1686150128
608019	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 120997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5	1686150128
7109996	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5978050, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4853648, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	2a354db1cbe01973b6ea523d0842327ddafc17b8	1686150129
7109996	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5978050, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4853648, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	2a354db1cbe01973b6ea523d0842327ddafc17b8	1686150129
11060751	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 208731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4067711, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d328639db252e6882cde55b4d96fb6c6917ce647	1686150135
11060751	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 208731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4067711, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d328639db252e6882cde55b4d96fb6c6917ce647	1686150135
102034	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52637, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9d13375b63610249a16e7eec10b2be064c7097f7	1686150136
102034	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52637, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9d13375b63610249a16e7eec10b2be064c7097f7	1686150136
24915182	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19126638, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	3c24cca2a6bfa8faaa35756e6814802dbcd751f2	1686150137
24915182	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3196800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9735101, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	3c24cca2a6bfa8faaa35756e6814802dbcd751f2	1686150137
24915182	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3196800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9735101, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	3c24cca2a6bfa8faaa35756e6814802dbcd751f2	1686150137
26192622	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20404078, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	9c9d925179896d29421f881eb5ad77af9e8bc7fb	1686150137
26192622	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4474240, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11012541, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9c9d925179896d29421f881eb5ad77af9e8bc7fb	1686150137
26192622	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4474240, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11012541, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9c9d925179896d29421f881eb5ad77af9e8bc7fb	1686150137
26345710	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20557166, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	d6d554d74fdfd98418b8fa34338056708291599e	1686150137
26345710	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4627328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11165629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d6d554d74fdfd98418b8fa34338056708291599e	1686150137
26345710	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4627328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11165629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d6d554d74fdfd98418b8fa34338056708291599e	1686150137
25406702	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3688320, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10226621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	1799c607028ad0ed4d15e46bb80cc0a70683e90f	1686150137
25406702	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3688320, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10226621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	1799c607028ad0ed4d15e46bb80cc0a70683e90f	1686150137
25406702	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19618158, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	1799c607028ad0ed4d15e46bb80cc0a70683e90f	1686150137
25241838	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19453294, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	f5be7fa83024d787932ead402e6a0a63da6eb443	1686150138
25241838	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3523456, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10061757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	f5be7fa83024d787932ead402e6a0a63da6eb443	1686150138
25241838	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3523456, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10061757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	f5be7fa83024d787932ead402e6a0a63da6eb443	1686150138
27273966	PE/Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21485422, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	f9461339c56853fd3b535f99bc72bd2b897591d0	1686150138
27273966	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5555584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12093885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	f9461339c56853fd3b535f99bc72bd2b897591d0	1686150138
27273966	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5555584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12093885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	f9461339c56853fd3b535f99bc72bd2b897591d0	1686150138
26257134	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4538752, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11077053, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	bbda585b97e741d2fb638684255a0c49daafadac	1686150138
26257134	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20468590, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	bbda585b97e741d2fb638684255a0c49daafadac	1686150138
26257134	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4538752, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11077053, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	bbda585b97e741d2fb638684255a0c49daafadac	1686150138
4620288	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2649834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2685878, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	102d0b298f078b7d115083307e4ca0ed1bcbd134	1686150138
4620288	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2649834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2685878, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	102d0b298f078b7d115083307e4ca0ed1bcbd134	1686150138
489616	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 38581, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	32de67e7b17be1d18964e2086362b34f3c7b3575	1686150138
489616	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 38581, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	32de67e7b17be1d18964e2086362b34f3c7b3575	1686150138
33862	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26439, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23818, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	40caa9fe8fa64c0f9ba67298941a34d042cff179	1686150138
33862	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26439, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23818, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	40caa9fe8fa64c0f9ba67298941a34d042cff179	1686150138
85008	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49445, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	37c285df8d320279049afa0c23fa334a3bbeda77	1686150139
85008	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49445, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	37c285df8d320279049afa0c23fa334a3bbeda77	1686150139
27974382	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22185838, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	153a8db91757b63b2d6f178bb9d02ea5208c9457	1686150139
27974382	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6256000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12794301, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	153a8db91757b63b2d6f178bb9d02ea5208c9457	1686150139
27974382	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6256000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12794301, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	153a8db91757b63b2d6f178bb9d02ea5208c9457	1686150139
28105966	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6387584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12925885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d50286aa8bb8c3014247b90adb746b25bfd31003	1686150139
28105966	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22317422, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	d50286aa8bb8c3014247b90adb746b25bfd31003	1686150139
28105966	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6387584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12925885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d50286aa8bb8c3014247b90adb746b25bfd31003	1686150139
29250286	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7531904, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14070205, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6c074b89819c235bdeb338af24c7c735ad0035ec	1686150140
29250286	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7531904, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14070205, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6c074b89819c235bdeb338af24c7c735ad0035ec	1686150140
29250286	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23461742, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	6c074b89819c235bdeb338af24c7c735ad0035ec	1686150140
58288120	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 41036824, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23548621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c9812fa79f7c7d3a61f8ed156a3f9047aba84256	1686150140
58288120	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 41036824, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23548621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c9812fa79f7c7d3a61f8ed156a3f9047aba84256	1686150140
27151086	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5432704, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11971005, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6f9101e3313d15831fe21dca4f41cd305a5a42b0	1686150140
27151086	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5432704, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11971005, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6f9101e3313d15831fe21dca4f41cd305a5a42b0	1686150140
27151086	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21362542, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	6f9101e3313d15831fe21dca4f41cd305a5a42b0	1686150140
25467630	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3749248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10287549, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	54553aa667794ecaf466add2eb68115e655bb142	1686150142
25467630	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3749248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10287549, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	54553aa667794ecaf466add2eb68115e655bb142	1686150142
25467630	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19679086, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	54553aa667794ecaf466add2eb68115e655bb142	1686150142
24958190	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3239808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9778109, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	96485038e952a3ea5b05d3b73cb09e16746f05fe	1686150142
24958190	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19169646, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	96485038e952a3ea5b05d3b73cb09e16746f05fe	1686150142
24958190	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3239808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9778109, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	96485038e952a3ea5b05d3b73cb09e16746f05fe	1686150142
22632960	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12832781, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17325113, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d9470e93a7f0471df16a93a2df001e35f383b358	1686150143
22632960	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12832781, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17325113, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d9470e93a7f0471df16a93a2df001e35f383b358	1686150143
28521710	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6803328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13341629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a9e434ae7946b87a7a35e1ceea2a3585c63364ff	1686150146
28521710	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22733166, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	a9e434ae7946b87a7a35e1ceea2a3585c63364ff	1686150146
28521710	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6803328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13341629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a9e434ae7946b87a7a35e1ceea2a3585c63364ff	1686150146
28730094	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7011712, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13550013, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	722d9445761cedf9cf95b00a27484c98b198a087	1686150147
28730094	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22941550, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	722d9445761cedf9cf95b00a27484c98b198a087	1686150147
28730094	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7011712, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13550013, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	722d9445761cedf9cf95b00a27484c98b198a087	1686150147
19508784	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a074e8cd0d7f96a1660eb8034c9d4bb659911d8c	1686150151
19508784	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a074e8cd0d7f96a1660eb8034c9d4bb659911d8c	1686150151
134656	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4983, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44	1686150153
134656	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4983, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44	1686150153
123956	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35591, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4151684c657f55df0fbcf6f23e4ff59a3d434933	1686150154
123956	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35591, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4151684c657f55df0fbcf6f23e4ff59a3d434933	1686150154
89099	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48799, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6	1686150158
89099	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48799, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6	1686150158
526968	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9a1f873e7ca75688bb3ecf3538c673994ea8f06e	1686150159
526968	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9a1f873e7ca75688bb3ecf3538c673994ea8f06e	1686150159
3652720	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1101203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1128397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	946bccb4633670592563b838e8905d87d32006c9	1686150162
3652720	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1101203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1128397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	946bccb4633670592563b838e8905d87d32006c9	1686150162
9176564	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6268070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7592405, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	30a5cb71610bf97bb780db06d1c3a685558cef60	1686150163
9176564	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6268070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7592405, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	30a5cb71610bf97bb780db06d1c3a685558cef60	1686150163
6925744	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4923140, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4887861, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c552441469a45b5342205401366537d43dfbf1c3	1686150164
6925744	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4923140, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4887861, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c552441469a45b5342205401366537d43dfbf1c3	1686150164
7991496	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2569503, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3902224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9f236dccf15907ee09d04f6c8a451bd42b1d4e2d	1686150165
7991496	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2569503, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3902224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9f236dccf15907ee09d04f6c8a451bd42b1d4e2d	1686150165
5979364	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4057685, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4165750, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	967fcbf4e10d26548398eec462c166d1df722266	1686150165
5979364	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4057685, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4165750, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	967fcbf4e10d26548398eec462c166d1df722266	1686150165
9728028	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6334598, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6463104, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	5d2ee739905d5f78b6e31684f3bb92423647692b	1686150166
9728028	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6334598, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6463104, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	5d2ee739905d5f78b6e31684f3bb92423647692b	1686150166
8267816	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5914695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5870746, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	bb7e753018fc4b3c1fdc780a364df59d2e566e67	1686150167
8267816	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5914695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5870746, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	bb7e753018fc4b3c1fdc780a364df59d2e566e67	1686150167
6904424	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4921711, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5569145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	750679ecdaac688baa60e32674e510f60cac2ba1	1686150167
6904424	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4921711, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5569145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	750679ecdaac688baa60e32674e510f60cac2ba1	1686150167
8668000	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5790672, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929530, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8d17ecf99008a1800aa77b798c53f75f34db635f	1686150167
8668000	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5790672, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929530, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8d17ecf99008a1800aa77b798c53f75f34db635f	1686150167
8020420	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1730444, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1955210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	098c13f1d5cc4b6038d67874cd2340c470047bde	1686150168
8020420	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1730444, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1955210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	098c13f1d5cc4b6038d67874cd2340c470047bde	1686150168
9653972	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1796540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636817, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	683b6403118d4a672e2f31efef768346320c5d5d	1686150169
9653972	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1796540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636817, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	683b6403118d4a672e2f31efef768346320c5d5d	1686150169
5534364	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320126, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4305821, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	2627f11c33033737de957cf52cc29297d0810371	1686150169
5534364	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320126, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4305821, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	2627f11c33033737de957cf52cc29297d0810371	1686150169
10148688	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1961186, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2836228, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9834a9b1ff7edf23552ac4e15464a50ced1f90fa	1686150170
10148688	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1961186, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2836228, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9834a9b1ff7edf23552ac4e15464a50ced1f90fa	1686150170
8828660	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6406510, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6382932, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	48bd69a510ba602c73863ad2afb6b1455e858335	1686150170
8828660	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6406510, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6382932, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	48bd69a510ba602c73863ad2afb6b1455e858335	1686150170
6136097	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 3709386, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	5bc8ccc3bfd1b1c9bb5c14f442c70a32efa61a71	1686150172
19905987	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2216386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636129, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09	1686150174
19905987	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2216386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636129, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09	1686150174
1215488	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 576416, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	059403186f3a5d4832bd7bf3e137ab532076c37c	1686150175
62215476	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25262900, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53345796, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	af6b75fe56e8568402c36c11a851c31519729d09	1686150176
62215476	Binary/Archive/ZIP	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25262900, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53345796, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	af6b75fe56e8568402c36c11a851c31519729d09	1686150176
62215476	Binary/Archive/ZIP	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 53626293, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	af6b75fe56e8568402c36c11a851c31519729d09	1686150176
8790228	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5984952, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7594298, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	791352f0f97961d04505e72dbbc4c90521823212	1686150176
8790228	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5984952, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7594298, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	791352f0f97961d04505e72dbbc4c90521823212	1686150176
3970896	PE/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1384326, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3217764, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	739c8e7a85bf46ced7d5926d46f5327b03c13e39	1686150177
3970896	PE/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1384326, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3217764, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	739c8e7a85bf46ced7d5926d46f5327b03c13e39	1686150177
370759	Text/HTML/HTML	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 120638, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	d15409e85cbcd767078d35da6402415a8786b261	1686150178
19508784	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a074e8cd0d7f96a1660eb8034c9d4bb659911d8c	1686150178
19508784	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a074e8cd0d7f96a1660eb8034c9d4bb659911d8c	1686150178
9376260	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6790310, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7997401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	69b79a4acbecc8d616965ccde616fbed0bce6bb6	1686150180
9376260	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6790310, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7997401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	69b79a4acbecc8d616965ccde616fbed0bce6bb6	1686150180
25092884	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3544155, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3318615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0061d1045777f0d4ffa785a37224981e663cadef	1686150187
25092884	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3544155, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3318615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0061d1045777f0d4ffa785a37224981e663cadef	1686150187
29217518	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23428974, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0	1686150197
29217518	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7499136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14037437, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0	1686150197
29217518	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7499136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14037437, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0	1686150197
29422318	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7703936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14242237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a90063b91d8f19cd55120a84a2264dbb56e46594	1686150197
29422318	PE/Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23633774, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	a90063b91d8f19cd55120a84a2264dbb56e46594	1686150197
29422318	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7703936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14242237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a90063b91d8f19cd55120a84a2264dbb56e46594	1686150197
25040110	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3321728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9860029, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229	1686150199
25040110	PE/Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19251566, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229	1686150199
25040110	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3321728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9860029, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229	1686150199
28910318	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7191936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13730237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	765176df2ecd44d2f33c9a3e09cfffd38b86dc64	1686150200
28910318	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7191936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13730237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	765176df2ecd44d2f33c9a3e09cfffd38b86dc64	1686150200
28910318	PE/.Net Dll	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23121774, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	765176df2ecd44d2f33c9a3e09cfffd38b86dc64	1686150200
32130008	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 977110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 761738, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5	1686150201
32130008	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 977110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 761738, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5	1686150201
66892302	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3139247, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2558990, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	5e440414494a26e2ee213b9b681d867ad39b9f80	1686150214
66892302	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3139247, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2558990, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	5e440414494a26e2ee213b9b681d867ad39b9f80	1686150214
166833664	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 143364306, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 146750644, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6adeec98314a2649c39350736d889cd272a391b8	1686150221
166833664	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 143364306, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 146750644, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6adeec98314a2649c39350736d889cd272a391b8	1686150221
138356736	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 113475200, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 116917070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	eb3c36c843befc50091898fb978f83d45d32e422	1686150228
138356736	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 113475200, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 116917070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	eb3c36c843befc50091898fb978f83d45d32e422	1686150228
93670	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28715, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50269, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c3a0a929800a0ebe66ac85e6667c6644e872b09d	1686150231
93670	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28715, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50269, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c3a0a929800a0ebe66ac85e6667c6644e872b09d	1686150231
8553924	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5876359, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6986177, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a3b265af2589cf44aecb2049803a5a4ff84bb202	1686150232
8553924	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5876359, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6986177, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a3b265af2589cf44aecb2049803a5a4ff84bb202	1686150232
88241	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27207, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48761, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c2643a9a4997e6e3e51685cab2f9c6fd4abc7611	1686150237
88241	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27207, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48761, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c2643a9a4997e6e3e51685cab2f9c6fd4abc7611	1686150237
9414708	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6335661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6370528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7d304cf9efb664f2ccd968904d504ed8c576e654	1686150239
9414708	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6335661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6370528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7d304cf9efb664f2ccd968904d504ed8c576e654	1686150239
10379992	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6814165, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8323239, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0	1686150241
10379992	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6814165, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8323239, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0	1686150241
5250	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2325, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4097, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	630991c60909126d75f94b113fd177180f6712ea	1686150245
5250	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2325, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4097, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	630991c60909126d75f94b113fd177180f6712ea	1686150245
82432	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3828, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4798, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	797c389bd066a4a04c2bce344cb60123443ec81e	1686150247
82432	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3828, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4798, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	797c389bd066a4a04c2bce344cb60123443ec81e	1686150247
111806	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29792, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51346, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8ad9ad7f0468ebd22e0d9e8384c4a107857333a5	1686150247
111806	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29792, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51346, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8ad9ad7f0468ebd22e0d9e8384c4a107857333a5	1686150247
27570	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19448, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	1bfc6472d02cab3b91ce506a17d9cad64804871c	1686150248
27570	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19448, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	1bfc6472d02cab3b91ce506a17d9cad64804871c	1686150248
450048	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 288291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 221176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	111bcee00d7c3d6df8c1420ee0de782eb1937133	1686150248
450048	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 288291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 221176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	111bcee00d7c3d6df8c1420ee0de782eb1937133	1686150248
2600888	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2163112, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2014788, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7e32d3bc9afd569852093401de5c4bb5f44b76ff	1686150249
2600888	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2163112, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2014788, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7e32d3bc9afd569852093401de5c4bb5f44b76ff	1686150249
175221	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35882, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57436, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	423a146bc73d434a9f39de260f567dd8d0258d47	1686150250
175221	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35882, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57436, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	423a146bc73d434a9f39de260f567dd8d0258d47	1686150250
8509312	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6222960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6167524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	19b22d0a540bac402aa018c7df49bd97bf02f44a	1686150251
8509312	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6222960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6167524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	19b22d0a540bac402aa018c7df49bd97bf02f44a	1686150251
80864416	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2597762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2017505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	e8a00ce275d0d66559cadb01b10a0ae2d441c60d	1686150258
80864416	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2597762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2017505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	e8a00ce275d0d66559cadb01b10a0ae2d441c60d	1686150258
20964640	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7215661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11972784, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	e8aeecd01fdf0e1521090598c2180f5cb575f6e6	1686150261
20964640	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7215661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11972784, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	e8aeecd01fdf0e1521090598c2180f5cb575f6e6	1686150261
275456	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5162, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6481, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec	1686150261
275456	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5162, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6481, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec	1686150261
87323	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27477, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49031, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	19f3b61586f5cb7808ed718fae3b99408fcde7b8	1686150263
87323	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27477, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49031, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	19f3b61586f5cb7808ed718fae3b99408fcde7b8	1686150263
12437976	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10483381, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10170287, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	bd599890f96bfd2cb617bc1155bd15fc40a084ed	1686150266
12437976	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10483381, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10170287, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	bd599890f96bfd2cb617bc1155bd15fc40a084ed	1686150266
10148938	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 864896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0233a0fec543e6232060515a2e26cc58c2a75623	1686150268
10148938	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 864896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0233a0fec543e6232060515a2e26cc58c2a75623	1686150268
9892620	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6562492, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7558230, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a	1686150270
9892620	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6562492, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7558230, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a	1686150270
9560808	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6901970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6907982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	fbcc73b821ae5184783a597050d8ebd62835bfc9	1686150270
9560808	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6901970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6907982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	fbcc73b821ae5184783a597050d8ebd62835bfc9	1686150270
18831446	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 265862, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12964500, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	25e03817dafe65daaa426190b00318324d21cf71	1686150270
18831446	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 265862, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12964500, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	25e03817dafe65daaa426190b00318324d21cf71	1686150270
8165976	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3933805, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4859118, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	f4678063bfee99893461cd18f9ec4556382d102f	1686150272
8165976	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3933805, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4859118, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	f4678063bfee99893461cd18f9ec4556382d102f	1686150272
101077	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27765, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49319, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	62ea9191258518515b4be63a7c69a39b918bd28a	1686150272
101077	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27765, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49319, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	62ea9191258518515b4be63a7c69a39b918bd28a	1686150272
8092688	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1464386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2192617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	e1e78ef90f835f32fb9bd89fc074c22f7748f3e3	1686150273
8092688	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1464386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2192617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	e1e78ef90f835f32fb9bd89fc074c22f7748f3e3	1686150273
9136128	PE/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3935869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3109983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	48672736929745d0f2716882ccdb099501cb6b1e	1686150274
9136128	PE/.Net Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3935869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3109983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	48672736929745d0f2716882ccdb099501cb6b1e	1686150274
6035544	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2875148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3522427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91	1686150275
6035544	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2875148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3522427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91	1686150275
13500336	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11443773, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11133887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	1ceec28970dbdc86c09768fdc2bfa305fce4d261	1686150276
13500336	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11443773, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11133887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	1ceec28970dbdc86c09768fdc2bfa305fce4d261	1686150276
3376319	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 245960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15314, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	efd9d71b0975e5847c4615faf5afc5e9f7210ae3	1686150277
3376319	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 245960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15314, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	efd9d71b0975e5847c4615faf5afc5e9f7210ae3	1686150277
103016	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33875, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	e412e2c41f29f865786ecf493deafd266c779d88	1686150277
103016	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33875, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	e412e2c41f29f865786ecf493deafd266c779d88	1686150277
7885612	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6087984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6053339, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	80430d7fd0fc7c60d98a89aed4c7bb4495aa6379	1686150278
7885612	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6087984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6053339, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	80430d7fd0fc7c60d98a89aed4c7bb4495aa6379	1686150278
14178816	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320653, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5427992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	ebde3e5d4f5dad37d897d676df2240e7e40e08fe	1686150278
14178816	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320653, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5427992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	ebde3e5d4f5dad37d897d676df2240e7e40e08fe	1686150278
272896	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8053, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	3a1800e643dae8652354dc0e1d09e0fdd010f6a4	1686150279
272896	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8053, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	3a1800e643dae8652354dc0e1d09e0fdd010f6a4	1686150279
689819	Document/None/RTF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 533244, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 590406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	5eb3615197888c564cc0190dcb59bc20c7f5cbd9	1686150283
689819	Document/None/RTF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 533244, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 590406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	5eb3615197888c564cc0190dcb59bc20c7f5cbd9	1686150283
7179516	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1496148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1515461, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8a89d0ad8c999e16a2226fddf4096770486212dd	1686150284
7179516	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1496148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1515461, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8a89d0ad8c999e16a2226fddf4096770486212dd	1686150284
8096528	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5711198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5832392, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0e753811a1a4bda820926842ce75c4e28c955919	1686150287
8096528	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5711198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5832392, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0e753811a1a4bda820926842ce75c4e28c955919	1686150287
1766139	Text/None	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 260148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 825848, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8a6f27250902702f78938252e2671205790648d4	1686150288
1766139	Text/None	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 260148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 825848, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8a6f27250902702f78938252e2671205790648d4	1686150288
10031584	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6627232, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6604495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8913aed7d56e63add8ed8f65622454ab0b0ed007	1686150290
10031584	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6627232, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6604495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8913aed7d56e63add8ed8f65622454ab0b0ed007	1686150290
6598488	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1651604, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2536422, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513	1686150293
6598488	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1651604, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2536422, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513	1686150293
8198736	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1724241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1717079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	2a770424281587e72a70f2b38c6393ee43fcb8fe	1686150293
8198736	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1724241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1717079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	2a770424281587e72a70f2b38c6393ee43fcb8fe	1686150293
8041928	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6164307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6028674, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	58a086af9f4be29846114490255f118299ee9988	1686150298
8041928	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6164307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6028674, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	58a086af9f4be29846114490255f118299ee9988	1686150298
22636544	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12836365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17328505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4a066f4da5351af20dcc6848fcca14ac7237022d	1686150304
22636544	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12836365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17328505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4a066f4da5351af20dcc6848fcca14ac7237022d	1686150304
31212344	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25069984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24741844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	de4fab5048313f8ea6d87b1821bfc8707463f688	1686150308
31212344	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25069984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24741844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	de4fab5048313f8ea6d87b1821bfc8707463f688	1686150308
46181234	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28136043, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 340000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a7dd7dbd677a352cade7696363a2b69827ed9efa	1686150316
46181234	PE/.Net Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28136043, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 340000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a7dd7dbd677a352cade7696363a2b69827ed9efa	1686150316
4268456	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1053136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1079585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	55d4bb310cf6f691bf7917630349e60f91e69883	1686150328
4268456	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1053136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1079585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	55d4bb310cf6f691bf7917630349e60f91e69883	1686150328
711168	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22283, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140714, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	1cc796892a6c83da4f9d64c7ac496f48e9e87462	1686150331
711168	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22283, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140714, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	1cc796892a6c83da4f9d64c7ac496f48e9e87462	1686150331
81041	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26719, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48030, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	fac13be0be3051b4ea5dd0299de7297c50eca677	1686150331
81041	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26719, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48030, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	fac13be0be3051b4ea5dd0299de7297c50eca677	1686150331
2149088	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1486348, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1792360, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	918840817f162ce48336914897b0a2b9e94159c6	1686150332
2149088	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1486348, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1792360, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	918840817f162ce48336914897b0a2b9e94159c6	1686150332
83456	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4736, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7d2d0a954430071976be168e02000021fe3f8d47	1686150334
83456	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4736, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7d2d0a954430071976be168e02000021fe3f8d47	1686150334
81703	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29471, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	0de6b65809ff0a806b84af7878f46ab7b0961e58	1686150335
81703	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29471, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	0de6b65809ff0a806b84af7878f46ab7b0961e58	1686150335
1986332	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1489941, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1578610, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	cefdbcf177848c3dbc4660ffa92e0971429717e6	1686150335
1986332	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1489941, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1578610, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	cefdbcf177848c3dbc4660ffa92e0971429717e6	1686150335
454144	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 282176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 220548, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	e4794fefadbba8fcb81540281ccccb949cccd828	1686150336
454144	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 282176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 220548, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	e4794fefadbba8fcb81540281ccccb949cccd828	1686150336
18366038	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7030388, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12499092, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	b8c11b6867eaec662e5217df5c861393fa6220e6	1686150336
18366038	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7030388, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12499092, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	b8c11b6867eaec662e5217df5c861393fa6220e6	1686150336
8588884	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6284895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6248087, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d9a5feabf05c02918500526e08a432cee2b65615	1686150337
8588884	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6284895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6248087, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d9a5feabf05c02918500526e08a432cee2b65615	1686150337
9326836	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6567307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6759624, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	dfb89e0653f80361906802592cd76c3dfbbe0881	1686150337
9326836	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6567307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6759624, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	dfb89e0653f80361906802592cd76c3dfbbe0881	1686150337
150057	Document/None/PDF	{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 116422, 'matched_string': 'dGV4dCBoZXJl\n'}]}	ruleset2	24239959bf00c630739896da7b08cb59011fc08c	false	db9a5761f9beda80273964d79aa8bf589ea00f9d	1686150338
101408	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27646, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49200, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	920811cc5d0f3a9218886cc0c35f60793859ccff	1686150340
101408	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27646, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49200, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	920811cc5d0f3a9218886cc0c35f60793859ccff	1686150340
17661014	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6325364, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11794068, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	86e5a6461a4c70641f1d9f05b363a6ee9ad9e967	1686150341
17661014	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6325364, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11794068, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	86e5a6461a4c70641f1d9f05b363a6ee9ad9e967	1686150341
17709654	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6374004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11842708, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d0286f449fe9b310149eba7c643ef32980b20c0a	1686150343
17709654	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6374004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11842708, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d0286f449fe9b310149eba7c643ef32980b20c0a	1686150343
18516054	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7180404, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12649108, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	a629d0a626ea29b61a59fa12f74ecae92f111d2b	1686150345
18516054	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7180404, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12649108, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	a629d0a626ea29b61a59fa12f74ecae92f111d2b	1686150345
13872608	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9059948, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8952253, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9583081e5b7c0f4f74b2222a23fc058d667ab595	1686150351
13872608	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9059948, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8952253, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9583081e5b7c0f4f74b2222a23fc058d667ab595	1686150351
82432	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3812, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	39d12fff02df078867efb755f7353480b5f6c0bc	1686150357
82432	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3812, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	39d12fff02df078867efb755f7353480b5f6c0bc	1686150357
2272971	Text/None	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 74664, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 619547, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	67c71d50582dea8fedfe6a3b234936a626ffaeb2	1686150357
2272971	Text/None	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 74664, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 619547, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	67c71d50582dea8fedfe6a3b234936a626ffaeb2	1686150357
8879376	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5745648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5751012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	1a773ba334a1fc0f818bbd42f77a4e1d946065a9	1686150360
8879376	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5745648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5751012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	1a773ba334a1fc0f818bbd42f77a4e1d946065a9	1686150360
7755441	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 406771, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21825, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	812184db6861a00260557e33605b51d0042ff585	1686150360
7755441	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 406771, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21825, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	812184db6861a00260557e33605b51d0042ff585	1686150360
5618928	MachO32 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3904124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4378424, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	d1b2e67d1e6066e353d169cfcdcb67b76360ad94	1686150361
5618928	MachO32 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3904124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4378424, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	d1b2e67d1e6066e353d169cfcdcb67b76360ad94	1686150361
7870848	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5851887, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929958, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	350122e4dba72eec4fcf1b5b91d172335c85d7a9	1686150369
7870848	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5851887, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929958, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	350122e4dba72eec4fcf1b5b91d172335c85d7a9	1686150369
8173600	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5940668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5601532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	ecc1080cc4303734260b958a79cefb40ae6d0153	1686150372
8173600	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5940668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5601532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	ecc1080cc4303734260b958a79cefb40ae6d0153	1686150372
366711	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83827, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363899, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	cf2f0e2acfc86560055a39013db63285b1d78a03	1686150388
366711	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83827, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363899, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	cf2f0e2acfc86560055a39013db63285b1d78a03	1686150388
9487360	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6897389, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6936885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4106e8b239bb92d9fa524b3a6d667c7115b0b666	1686150401
9487360	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6897389, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6936885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4106e8b239bb92d9fa524b3a6d667c7115b0b666	1686150401
58555814	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1184014, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10951600, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	7c14bdf271b74f35da06091594293c7502c82107	1686150401
58555814	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1184014, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10951600, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	7c14bdf271b74f35da06091594293c7502c82107	1686150401
366706	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363894, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	52a6a217b72415fc38bde13c0f077e47671a7845	1686150410
366706	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363894, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	52a6a217b72415fc38bde13c0f077e47671a7845	1686150410
21275520	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7310445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12111641, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	9dc59205f47be9eac8046b5b259f2ccf65ceddc6	1686150414
21275520	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7310445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12111641, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	9dc59205f47be9eac8046b5b259f2ccf65ceddc6	1686150414
86684	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34414, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55968, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4120782b6b598f4a7e95b4c480c791cffe37a268	1686150422
86684	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34414, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55968, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4120782b6b598f4a7e95b4c480c791cffe37a268	1686150422
5327272	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3979083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2767474, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	eb86c40eb9e7de2c827db61b705530e5945c4562	1686150442
5327272	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3979083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2767474, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	eb86c40eb9e7de2c827db61b705530e5945c4562	1686150442
1686113	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192055, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16350, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	8d02b28113241f8c6bb4f6313a19950876eca116	1686150448
1686113	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192055, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16350, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	8d02b28113241f8c6bb4f6313a19950876eca116	1686150448
35515	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4767545f40d35fbfee5bbd359fe6be615e679ff9	1686150452
35515	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4767545f40d35fbfee5bbd359fe6be615e679ff9	1686150452
7892976	ELF64 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3577820, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3615204, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	94c89fd87cf33f18c9b1783bb133633aa5b28234	1686150454
7892976	ELF64 Little/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3577820, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3615204, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	94c89fd87cf33f18c9b1783bb133633aa5b28234	1686150454
242700	Document/None/RTF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 41619, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	3d526a12778e918e2350d23aa02bfa7cd2c448d0	1686150455
242700	Document/None/RTF	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 41619, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	3d526a12778e918e2350d23aa02bfa7cd2c448d0	1686150455
7525504	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1861301, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1676862, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	b2eed81dd77100042b7e918b4f5cacc2d6444aa6	1686150455
7525504	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1861301, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1676862, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	b2eed81dd77100042b7e918b4f5cacc2d6444aa6	1686150455
74127	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26665, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47554, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	c1ad6cf9c783302cedf77c209ae4d5a11d05b07f	1686150464
74127	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26665, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47554, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	c1ad6cf9c783302cedf77c209ae4d5a11d05b07f	1686150464
6306744	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4682682, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5358994, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	1fa90eebb148c20a065f0a78d5794f00c7bb51a4	1686150481
6306744	DEX/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4682682, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5358994, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	1fa90eebb148c20a065f0a78d5794f00c7bb51a4	1686150481
8729572	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3118958, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2893418, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6eebfafb77dac46dd9a0541cbd719f59d18ae74a	1686150486
8729572	PE/Exe/NSIS	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3118958, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2893418, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6eebfafb77dac46dd9a0541cbd719f59d18ae74a	1686150486
662567	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 467856, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24033, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4273c4cdb874a9caeddfb76f5e712480246928a6	1686150489
662567	Email/None/MIME	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 467856, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24033, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4273c4cdb874a9caeddfb76f5e712480246928a6	1686150489
366703	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363891, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	4791aa7a9d8123b974c9b3e41fc3269bfa287c28	1686150489
366703	Text/HTML/HTML	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363891, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	4791aa7a9d8123b974c9b3e41fc3269bfa287c28	1686150489
18824790	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 259206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12957844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	3d779c8998dfba56449ad09dbd24db692d2b6528	1686150490
18824790	PE/Dll	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 259206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12957844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	3d779c8998dfba56449ad09dbd24db692d2b6528	1686150490
8471556	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7414380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6887310, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	f10efe378fb0fa90ca1ee5dcdfee615b1473a74e	1686150490
8471556	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7414380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6887310, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	f10efe378fb0fa90ca1ee5dcdfee615b1473a74e	1686150490
81408	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4611, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	76c28f712820786cbe6cbeb7f9789480a7ac3b23	1686150491
81408	Binary/Archive/Compound	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4611, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	76c28f712820786cbe6cbeb7f9789480a7ac3b23	1686150491
13890720	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9051048, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8736852, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	121299e36826d127762d70605c78118223be66a3	1686150497
13890720	PE+/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9051048, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8736852, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	121299e36826d127762d70605c78118223be66a3	1686150497
18482183	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6662509, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1459423, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	SuperHunt	c739753a2575d69ae31b33122622b6a736660508	false	6010aef2725e64cdeab0e91df479bf0e0a7be14c	1686150499
18482183	PE/Exe	{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6662509, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1459423, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}	ruleset1	c739753a2575d69ae31b33122622b6a736660508	false	6010aef2725e64cdeab0e91df479bf0e0a7be14c	1686150499

reversinglabs-titaniumcloud-yara-retro-hunt-actions

---

Perform various YARA retroactive hunting actions.

Base Command

reversinglabs-titaniumcloud-yara-retro-hunt-actions

Input

Argument Name	Description	Required
yara_retro_action	YARA retro hunt action. Possible values are: ENABLE RETRO HUNT, START RETRO HUNT, CHECK STATUS, CANCEL RETRO HUNT.	Required
ruleset_name	Name of the YARA ruleset.	Required

Context Output

Path	Type	Description
ReversingLabs.enable_yara_retro	Unknown
ReversingLabs.start_yara_retro	Unknown
ReversingLabs.check_yara_retro_status	Unknown
ReversingLabs.cancel_yara_retro	Unknown

Command example

!reversinglabs-titaniumcloud-yara-retro-hunt-actions yara_retro_action="CHECK STATUS" ruleset_name=SuperHunt

Context Example

{

"ReversingLabs": {

"check_yara_retro_status": {

"estimated_finish_time": null,

"finish_time": "2023-05-18T11:31:12",

"progress": null,

"reason": null,

"retro_status": "FINISHED",

"ruleset_name": "SuperHunt",

"start_time": "2023-05-18T11:30:35"

}

}

}

Human Readable Output

{ "estimated_finish_time": null, "finish_time": "2023-05-18T11:31:12", "progress": null, "reason": null, "retro_status": "FINISHED", "ruleset_name": "SuperHunt", "start_time": "2023-05-18T11:30:35" }

reversinglabs-titaniumcloud-yara-retro-matches-feed

---

Returns a recordset of YARA ruleset matches in the specified time range.

Base Command

reversinglabs-titaniumcloud-yara-retro-matches-feed

Input

Argument Name	Description	Required
time_format	Define the time format that is used. Possible values are: utc, timestamp.	Required
time_value	Time value in the defined format.	Required

Context Output

Path	Type	Description
ReversingLabs.yara_retro_matches_feed	Unknown

Command example

!reversinglabs-titaniumcloud-yara-retro-matches-feed time_format=timestamp time_value=1686063146

Context Example

{

"ReversingLabs": {

"yara_retro_matches_feed": {

"rl": {

"feed": {

"entries": [],

"last_timestamp": 1686149546,

"name": "YARA Retro Match Continuous Feed",

"time_range": {

"from": "Tue, 06 Jun 2023 14:52:26 +0000",

"to": "Wed, 07 Jun 2023 14:52:26 +0000"

}

}

}

}

}

}

Human Readable Output

ReversingLabs YARA Retro Matches Feed for time value 1686063146

Last timestamp: 1686149546 From: Tue, 06 Jun 2023 14:52:26 +0000 To: Wed, 07 Jun 2023 14:52:26 +0000

Entries

No entries.

reversinglabs-titaniumcloud-reanalyze-sample

---

Accepts a hash of a sample in the cloud that you want to reanalyze.

Base Command

reversinglabs-titaniumcloud-reanalyze-sample

Input

Argument Name	Description	Required
hash	Hash string.	Required

Context Output

Path	Type	Description
ReversingLabs.reanalyze_sample	Unknown

Command example

!reversinglabs-titaniumcloud-reanalyze-sample hash=21841b32c6165b27dddbd4d6eb3a672defe54271

Context Example

{

"ReversingLabs": {

"reanalyze_sample": "Sample sent for rescanning"

}

}

Human Readable Output

Sample sent for rescanning

reversinglabs-titaniumcloud-imphash-similarity

---

Accepts an imphash and returns a list of SHA-1 hashes of files sharing that imphash.

Base Command

reversinglabs-titaniumcloud-imphash-similarity

Input

Argument Name	Description	Required
imphash	Imphash string.	Required
max_results	Maximum number of returned results. Default is 5000.	Optional

Context Output

Path	Type	Description
ReversingLabs.imphash_similarity	Unknown

Command example

!reversinglabs-titaniumcloud-imphash-similarity imphash=fb815acbc7109e8c83537d7d9c7020be max_results=2

Context Example

{

"ReversingLabs": {

"imphash_similarity": [

"0001af77206c3bc81b26d13bc5e6737770076dbd",

"0001d0cb17013c46d70d9f7bbb2adebf523c65c8"

]

}

}

Human Readable Output

ReversingLabs Imphash Similarity for fb815acbc7109e8c83537d7d9c7020be

SHA-1 list

Hashes
0001af77206c3bc81b26d13bc5e6737770076dbd
0001d0cb17013c46d70d9f7bbb2adebf523c65c8

reversinglabs-titaniumcloud-url-downloaded-files

---

Returns a list of files downloaded from the provided URL.

Base Command

reversinglabs-titaniumcloud-url-downloaded-files

Input

Argument Name	Description	Required
url	URL string.	Required
extended_results	Return extended results. Possible values are: true, false. Default is True.	Optional
classification	Return only results with this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN, UNKNOWN.	Optional
last_analysis	Return results from the last analysis. Possible values are: true, false.	Optional
analysis_id	Return results from a specific analysis.	Optional
results_per_page	Number of results per query. Default is 1000.	Optional
max_results	Maximum number of results. Default is 5000.	Optional

Context Output

Path	Type	Description
ReversingLabs.url_downloaded_files	Unknown

Command example

!reversinglabs-titaniumcloud-url-downloaded-files max_results=2 url=https://www.nytimes.com/ extended_results=true results_per_page=2

Context Example

{

"ReversingLabs": {

"url_downloaded_files": [

{

"classification": "KNOWN",

"first_download": "2022-02-26T15:52:16",

"first_seen": "2022-02-26T16:50:11",

"last_download": "2022-02-26T15:52:16",

"last_seen": "2022-02-26T17:05:38",

"md5": "8f16d9b505328d012335e15ad71dba04",

"sample_available": true,

"sample_size": 1188968,

"sample_type": "Text/HTML/HTML",

"sha1": "001647571e28b34d55e02c9ed298242bf8249931",

"sha256": "12ee005e585d8fce2023a848514b408b70ff4a6b4df5be44ee86d9db3960dadd",

"threat_level": 0,

"trust_factor": 2

},

{

"classification": "KNOWN",

"first_download": "2023-02-22T01:02:45",

"first_seen": "2023-02-22T02:00:22",

"last_download": "2023-02-22T01:02:45",

"last_seen": "2023-03-07T05:07:26",

"md5": "f9b456b6222561142301f223a2c7c9a9",

"sample_available": true,

"sample_size": 52579,

"sample_type": "Text/XML",

"sha1": "0034b543da787385621ef607153058aa176cfbdc",

"sha256": "f55bfb144d01e405ce6a2435292acd90d7292126e4b2c7ab17553c9c4c442a0c",

"threat_level": 0,

"trust_factor": 2

}

]

}

}

Human Readable Output

ReversingLabs Files Downloaded from URL https://www.nytimes.com/

Downloaded files

classification	first_download	first_seen	last_download	last_seen	md5	sample_available	sample_size	sample_type	sha1	sha256	threat_level	trust_factor
KNOWN	2022-02-26T15:52:16	2022-02-26T16:50:11	2022-02-26T15:52:16	2022-02-26T17:05:38	8f16d9b505328d012335e15ad71dba04	true	1188968	Text/HTML/HTML	001647571e28b34d55e02c9ed298242bf8249931	12ee005e585d8fce2023a848514b408b70ff4a6b4df5be44ee86d9db3960dadd	0	2
KNOWN	2023-02-22T01:02:45	2023-02-22T02:00:22	2023-02-22T01:02:45	2023-03-07T05:07:26	f9b456b6222561142301f223a2c7c9a9	true	52579	Text/XML	0034b543da787385621ef607153058aa176cfbdc	f55bfb144d01e405ce6a2435292acd90d7292126e4b2c7ab17553c9c4c442a0c	0	2

reversinglabs-titaniumcloud-url-latest-analyses-feed

---

Returns the latest URL analysis reports.

Base Command

reversinglabs-titaniumcloud-url-latest-analyses-feed

Input

Argument Name	Description	Required
results_per_page	Number of results per query. Default is 1000.	Optional
max_results	Maximum number of results. Default is 5000.	Optional

Context Output

Path	Type	Description
ReversingLabs.url_latest_analyses_feed	Unknown

Command example

!reversinglabs-titaniumcloud-url-latest-analyses-feed results_per_page=2 max_results=2

Context Example

{

"InfoFile": {

"EntryID": "7704@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "text/plain",

"Name": "ReversingLabs Latest URL Analyses Feed",

"Size": 782,

"Type": "ASCII text"

},

"ReversingLabs": {

"url_latest_analyses_feed": [

{

"analysis_id": "1686146896780f90",

"analysis_time": "2023-06-07T14:08:19",

"availability_status": "online",

"final_url": "https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar",

"url": "https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar"

},

{

"analysis_id": "168614689679c15f",

"analysis_time": "2023-06-07T14:08:19",

"availability_status": "online",

"final_url": "https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar",

"url": "https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar"

}

]

}

}

Human Readable Output

ReversingLabs Latest URL Analyses Feed

Latest URL analyses

analysis_id	analysis_time	availability_status	final_url	url
1686146896780f90	2023-06-07T14:08:19	online	https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar	https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar
168614689679c15f	2023-06-07T14:08:19	online	https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar	https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar

reversinglabs-titaniumcloud-url-analyses-feed-from-date

---

Returns URL analyses reports from the defined time onward.

Base Command

reversinglabs-titaniumcloud-url-analyses-feed-from-date

Input

Argument Name	Description	Required
time_format	Define the time format that is used. Possible values are: utc, timestamp.	Required
start_time	Time value in the defined format.	Required
results_per_page	Number of results per query. Default is 1000.	Optional
max_results	Maximum number of results. Default is 5000.	Optional

Context Output

Path	Type	Description
ReversingLabs.url_analyses_feed_from_date	Unknown

Command example

!reversinglabs-titaniumcloud-url-analyses-feed-from-date results_per_page=2 max_results=2 time_format=timestamp start_time=1685976746

Context Example

{

"InfoFile": {

"EntryID": "7695@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "text/plain",

"Name": "ReversingLabs URL Analyses Feed From Date 1685976746",

"Size": 846,

"Type": "ASCII text"

},

"ReversingLabs": {

"url_analyses_feed_from_date": [

{

"analysis_id": "168597674625002a",

"analysis_time": "2023-06-05T14:52:28",

"availability_status": "online",

"final_url": "http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz",

"url": "http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz"

},

{

"analysis_id": "168597674529c352",

"analysis_time": "2023-06-05T14:52:28",

"availability_status": "online",

"final_url": "http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2",

"url": "http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2"

}

]

}

}

Human Readable Output

ReversingLabs URL Analyses Feed From Date 1685976746

URL analyses from specified date

analysis_id	analysis_time	availability_status	final_url	url
168597674625002a	2023-06-05T14:52:28	online	http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz	http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz
168597674529c352	2023-06-05T14:52:28	online	http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2	http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2

reversinglabs-titaniumcloud-domain-report

---

Returns a domain analysis report.

Base Command

reversinglabs-titaniumcloud-domain-report

Input

Argument Name	Description	Required
domain	Domain string.	Required

Context Output

Path	Type	Description
ReversingLabs.domain_report	Unknown	The domain analysis report.

Command example

!reversinglabs-titaniumcloud-domain-report domain=bloom-artists.com

Context Example

{

"DBotScore": {

"Indicator": "bloom-artists.com",

"Reliability": "C - Fairly reliable",

"Score": 0,

"Type": "domain",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"Domain": {

"Name": "bloom-artists.com"

},

"ReversingLabs": {

"domain_report": {

"rl": {

"downloaded_files_statistics": {

"known": 54,

"malicious": 1,

"suspicious": 0,

"total": 55,

"unknown": 0

},

"last_dns_records": [

{

"provider": "ReversingLabs",

"type": "A",

"value": "85.187.128.34"

}

],

"last_dns_records_time": "2023-08-25T09:34:16",

"modified_time": "2023-11-06T12:06:50",

"requested_domain": "bloom-artists.com",

"third_party_reputations": {

"sources": [

{

"detection": "undetected",

"source": "phishing_database",

"update_time": "2023-11-06T02:25:55"

},

{

"detection": "undetected",

"source": "0xSI_f33d",

"update_time": "2023-11-06T06:22:03"

},

{

"detection": "undetected",

"source": "cyradar",

"update_time": "2023-11-06T08:15:05"

},

{

"detect_time": "2023-10-22T21:13:34",

"detection": "malicious",

"source": "adminus_labs",

"update_time": "2023-11-06T12:06:50"

},

{

"detection": "undetected",

"source": "apwg",

"update_time": "2023-11-02T17:30:36"

},

{

"detection": "undetected",

"source": "netstar",

"update_time": "2023-11-06T11:39:40"

},

{

"detection": "undetected",

"source": "threatfox_abuse_ch",

"update_time": "2023-11-06T08:20:49"

},

{

"detection": "undetected",

"source": "botvrij",

"update_time": "2023-11-06T02:26:03"

},

{

"detection": "undetected",

"source": "alphamountain",

"update_time": "2023-11-06T10:57:13"

},

{

"detection": "undetected",

"source": "comodo_valkyrie",

"update_time": "2023-11-06T05:53:24"

},

{

"detection": "undetected",

"source": "web_security_guard",

"update_time": "2022-01-21T06:56:15"

},

{

"detection": "undetected",

"source": "osint",

"update_time": "2023-11-06T01:30:13"

},

{

"detect_time": "2023-10-23T03:27:25",

"detection": "malicious",

"source": "crdf",

"update_time": "2023-11-06T08:34:19"

}

],

"statistics": {

"clean": 0,

"malicious": 2,

"total": 13,

"undetected": 11

}

},

"top_threats": [

{

"files_count": 1,

"threat_level": 5,

"threat_name": "Win32.Trojan.RedLine"

}

]

}

}

}

}

Human Readable Output

ReversingLabs Domain Report for bloom-artists.com

Last DNS records

provider	type	value
ReversingLabs	A	85.187.128.34

Last DNS records time: 2023-08-25T09:34:16

Top threats

files_count	threat_level	threat_name
1	5	Win32.Trojan.RedLine

Third party statistics

CLEAN: 0 MALICIOUS: 2 UNDETECTED: 11 TOTAL: 13

Third party sources

detection	source	update_time
undetected	phishing_database	2023-11-06T02:25:55
undetected	0xSI_f33d	2023-11-06T06:22:03
undetected	cyradar	2023-11-06T08:15:05
malicious	adminus_labs	2023-11-06T12:06:50
undetected	apwg	2023-11-02T17:30:36
undetected	netstar	2023-11-06T11:39:40
undetected	threatfox_abuse_ch	2023-11-06T08:20:49
undetected	botvrij	2023-11-06T02:26:03
undetected	alphamountain	2023-11-06T10:57:13
undetected	comodo_valkyrie	2023-11-06T05:53:24
undetected	web_security_guard	2022-01-21T06:56:15
undetected	osint	2023-11-06T01:30:13
malicious	crdf	2023-11-06T08:34:19

Downloaded files statistics

KNOWN: 54 MALICIOUS: 1 SUSPICIOUS: 0 UNKNOWN: 0 TOTAL: 55

reversinglabs-titaniumcloud-domain-downloaded-files

---

Returns a list of files downloaded from a domain.

Base Command

reversinglabs-titaniumcloud-domain-downloaded-files

Input

Argument Name	Description	Required
domain	Domain string.	Required
classification	Return only files of this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN.	Optional
result_limit	Maximum number of returned results. Default is 50000.	Optional
results_per_page	Number of results returned per request. Default is 1000.	Optional

Context Output

Path	Type	Description
ReversingLabs.domain_downloaded_files	Unknown	The list of files downloaded from a domain.

Command example

!reversinglabs-titaniumcloud-domain-downloaded-files domain=bloom-artists.com classification=MALICIOUS result_limit=10 results_per_page=3

Context Example

{

"DBotScore": {

"Indicator": "bloom-artists.com",

"Reliability": "C - Fairly reliable",

"Score": 0,

"Type": "domain",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"Domain": {

"Name": "bloom-artists.com"

},

"ReversingLabs": {

"domain_downloaded_files": [

{

"classification": "MALICIOUS",

"first_download": "2023-07-08T06:13:02",

"first_seen": "2023-07-08T00:39:23",

"last_download": "2023-07-08T15:11:31",

"last_download_url": "http://bloom-artists.com/wp-includes/class-wp-image-editors.php?filename=winx32apideftype.exe",

"last_seen": "2023-09-26T15:25:41",

"malware_family": "RedLine",

"malware_type": "Trojan",

"md5": "2796bf32abbebdd11a35603f3453214d",

"platform": "Win32",

"sample_available": true,

"sample_size": 3697248,

"sample_type": "PE/Exe",

"sha1": "96826340af3f4708b16f8f0e3eb29ad0ce5bb6f8",

"sha256": "0edc6dae7ee848bf465be34edfc49377b7da304798445685e4a7d45d4983f166",

"threat_level": 5,

"threat_name": "Win32.Trojan.RedLine",

"trust_factor": 5

}

]

}

}

Human Readable Output

ReversingLabs Files downloaded from domain bloom-artists.com

Downloaded files

classification	first_download	first_seen	last_download	last_download_url	last_seen	malware_family	malware_type	md5	platform	sample_available	sample_size	sample_type	sha1	sha256	threat_level	threat_name	trust_factor
MALICIOUS	2023-07-08T06:13:02	2023-07-08T00:39:23	2023-07-08T15:11:31	http://bloom-artists.com/wp-includes/class-wp-image-editors.php?filename=winx32apideftype.exe	2023-09-26T15:25:41	RedLine	Trojan	2796bf32abbebdd11a35603f3453214d	Win32	true	3697248	PE/Exe	96826340af3f4708b16f8f0e3eb29ad0ce5bb6f8	0edc6dae7ee848bf465be34edfc49377b7da304798445685e4a7d45d4983f166	5	Win32.Trojan.RedLine	5

reversinglabs-titaniumcloud-domain-urls

---

Returns a list of URL-s associated with the requested domain.

Base Command

reversinglabs-titaniumcloud-domain-urls

Input

Argument Name	Description	Required
domain	Domain string.	Required
result_limit	Maximum number of returned results. Default is 50000.	Optional
results_per_page	Number of results returned per request. Default is 1000.	Optional

Context Output

Path	Type	Description
ReversingLabs.domain_urls	Unknown	The list of URL-s associated with the requested domain.

Command example

!reversinglabs-titaniumcloud-domain-urls result_limit=10 results_per_page=3 domain=bloom-artists.com

Context Example

{

"DBotScore": {

"Indicator": "bloom-artists.com",

"Reliability": "C - Fairly reliable",

"Score": 0,

"Type": "domain",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"Domain": {

"Name": "bloom-artists.com"

},

"ReversingLabs": {

"domain_urls": [

{

"url": "https://bloom-artists.com/wp-content/uploads/2021/01/cropped-%C3%A8%C2%97%C2%9D%C3%A9%C2%BB%C2%9E%C3%A4%C2%BA%C2%AE%C3%A5%C2%8D%C2%94%C3%A6%C2%9C%C2%83-logo-1-32x32.jpg"

},

{

"url": "https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-custom-header.js?ver=7.2.1"

},

{

"url": "https://bloom-artists.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=6.2.2"

},

{

"url": "https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1"

},

{

"url": "https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1"

},

{

"url": "https://bloom-artists.com/2021/01/15/teacher-2/"

},

{

"url": "https://bloom-artists.com/wp-json/"

},

{

"url": "https://bloom-artists.com/2021/01/15/author-6/"

},

{

"url": "https://bloom-artists.com/wp-content/plugins/convertplug/modules/slide_in/assets/demos"

},

{

"url": "https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.2.1"

}

]

}

}

Human Readable Output

ReversingLabs URL-s associated with domain bloom-artists.com

URL list

url
https://bloom-artists.com/wp-content/uploads/2021/01/cropped-%C3%A8%C2%97%C2%9D%C3%A9%C2%BB%C2%9E%C3%A4%C2%BA%C2%AE%C3%A5%C2%8D%C2%94%C3%A6%C2%9C%C2%83-logo-1-32x32.jpg
https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-custom-header.js?ver=7.2.1
https://bloom-artists.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=6.2.2
https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1
https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1
https://bloom-artists.com/2021/01/15/teacher-2/
https://bloom-artists.com/wp-json/
https://bloom-artists.com/2021/01/15/author-6/
https://bloom-artists.com/wp-content/plugins/convertplug/modules/slide_in/assets/demos
https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.2.1

reversinglabs-titaniumcloud-domain-to-ip

---

Returns a list of IP addresses resolved from a domain.

Base Command

reversinglabs-titaniumcloud-domain-to-ip

Input

Argument Name	Description	Required
domain	Domain string.	Required
result_limit	Maximum number of returned results. Default is 50000.	Optional
results_per_page	Number of results returned per request. Default is 1000.	Optional

Context Output

Path	Type	Description
ReversingLabs.domain_to_ip	Unknown	The list of IP addresses resolved from the domain.

Command example

!reversinglabs-titaniumcloud-domain-to-ip results_per_page=3 domain=bloom-artists.com result_limit=10

Context Example

{

"DBotScore": {

"Indicator": "bloom-artists.com",

"Reliability": "C - Fairly reliable",

"Score": 0,

"Type": "domain",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"Domain": {

"Name": "bloom-artists.com"

},

"ReversingLabs": {

"domain_to_ip": [

{

"ip": "85.187.128.34",

"last_resolution_time": "2023-08-25T09:34:16",

"provider": "ReversingLabs"

}

]

}

}

Human Readable Output

ReversingLabs IP addresses resolved from domain bloom-artists.com

IP address list

ip	last_resolution_time	provider
85.187.128.34	2023-08-25T09:34:16	ReversingLabs

reversinglabs-titaniumcloud-domain-related-domains

---

Returns a list of domains related to the submitted domain.

Base Command

reversinglabs-titaniumcloud-domain-related-domains

Input

Argument Name	Description	Required
domain	Domain string.	Required
result_limit	Maximum number of returned results. Default is 50000.	Optional
results_per_page	Number of results returned per request. Default is 1000.	Optional

Context Output

Path	Type	Description
ReversingLabs.domain_related_domains	Unknown	The list of domains related to the submitted domain.

Command example

!reversinglabs-titaniumcloud-domain-related-domains domain=smsv4.ufcfan.org result_limit=10 results_per_page=3

Context Example

{

"DBotScore": {

"Indicator": "smsv4.ufcfan.org",

"Reliability": "C - Fairly reliable",

"Score": 0,

"Type": "domain",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"Domain": {

"Name": "smsv4.ufcfan.org"

},

"ReversingLabs": {

"domain_related_domains": [

{

"domain": "mstanley.ufcfan.org"

},

{

"domain": "ketogendietmo.ufcfan.org"

},

{

"domain": "vmze-crypto511386.marketscoin.ufcfan.org"

},

{

"domain": "cxip-crypto665491.marketscoin.ufcfan.org"

},

{

"domain": "xgzc-crypto767019.marketscoin.ufcfan.org"

},

{

"domain": "dejar-de-roncar.ufcfan.org"

},

{

"domain": "uolv-crypto969448.marketscoin.ufcfan.org"

},

{

"domain": "nowornever1.ufcfan.org"

},

{

"domain": "the.ufcfan.org"

},

{

"domain": "onedrshapointooo.ufcfan.org"

}

]

}

}

Human Readable Output

ReversingLabs domains related to domain smsv4.ufcfan.org

Domain list

domain
mstanley.ufcfan.org
ketogendietmo.ufcfan.org
vmze-crypto511386.marketscoin.ufcfan.org
cxip-crypto665491.marketscoin.ufcfan.org
xgzc-crypto767019.marketscoin.ufcfan.org
dejar-de-roncar.ufcfan.org
uolv-crypto969448.marketscoin.ufcfan.org
nowornever1.ufcfan.org
the.ufcfan.org
onedrshapointooo.ufcfan.org

reversinglabs-titaniumcloud-ip-report

---

Returns an IP address analysis report.

Base Command

reversinglabs-titaniumcloud-ip-report

Input

Argument Name	Description	Required
ip	IP address.	Required

Context Output

Path	Type	Description
ReversingLabs.ip_report	Unknown	The IP address analysis report.

Command example

!reversinglabs-titaniumcloud-ip-report ip=5.42.64.70

Context Example

{

"DBotScore": {

"Indicator": "5.42.64.70",

"Reliability": "C - Fairly reliable",

"Score": 0,

"Type": "ip",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"IP": {

"Address": "5.42.64.70"

},

"ReversingLabs": {

"ip_report": {

"rl": {

"downloaded_files_statistics": {

"known": 0,

"malicious": 0,

"suspicious": 0,

"total": 0,

"unknown": 0

},

"modified_time": "2023-11-06T12:00:35",

"requested_ip": "5.42.64.70",

"third_party_reputations": {

"sources": [

{

"detection": "undetected",

"source": "adminus_labs",

"update_time": "2023-11-06T12:00:35"

},

{

"detection": "undetected",

"source": "apwg",

"update_time": "2023-11-01T21:23:52"

},

{

"detection": "undetected",

"source": "threatfox_abuse_ch",

"update_time": "2023-11-06T08:20:49"

},

{

"detection": "undetected",

"source": "alphamountain",

"update_time": "2023-11-06T10:57:13"

},

{

"detection": "undetected",

"source": "osint",

"update_time": "2023-11-06T01:30:13"

},

{

"detection": "undetected",

"source": "feodotracker",

"update_time": "2023-11-06T05:28:24"

},

{

"detect_time": "2023-10-27T03:54:23",

"detection": "malicious",

"source": "crdf",

"update_time": "2023-11-06T08:34:19"

}

],

"statistics": {

"clean": 0,

"malicious": 1,

"total": 7,

"undetected": 6

}

}

}

}

}

}

Human Readable Output

ReversingLabs IP address report for 5.42.64.70

Downloaded files statistics

KNOWN: 0 MALICIOUS: 0 SUSPICIOUS: 0 UNKNOWN: 0 TOTAL: 0

Third party statistics

CLEAN: 0 MALICIOUS: 1 UNDETECTED: 6 TOTAL: 7

Third party sources

detection	source	update_time
undetected	adminus_labs	2023-11-06T12:00:35
undetected	apwg	2023-11-01T21:23:52
undetected	threatfox_abuse_ch	2023-11-06T08:20:49
undetected	alphamountain	2023-11-06T10:57:13
undetected	osint	2023-11-06T01:30:13
undetected	feodotracker	2023-11-06T05:28:24
malicious	crdf	2023-11-06T08:34:19

reversinglabs-titaniumcloud-ip-downloaded-files

---

Returns a list of files downloaded from an IP address.

Base Command

reversinglabs-titaniumcloud-ip-downloaded-files

Input

Argument Name	Description	Required
ip	IP address.	Required
classification	Return only files of this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN.	Optional
result_limit	Maximum number of returned results. Default is 50000.	Optional
results_per_page	Number of results returned per request. Default is 1000.	Optional

Context Output

Path	Type	Description
ReversingLabs.ip_downloaded_files	Unknown	The list of files downloaded from an IP address.

Command example

!reversinglabs-titaniumcloud-ip-downloaded-files ip=61.253.71.111 result_limit=10 results_per_page=3 classification=KNOWN

Context Example

{

"DBotScore": {

"Indicator": "61.253.71.111",

"Reliability": "C - Fairly reliable",

"Score": 0,

"Type": "ip",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"IP": {

"Address": "61.253.71.111"

},

"ReversingLabs": {

"ip_downloaded_files": [

{

"classification": "KNOWN",

"first_download": "2023-07-07T17:19:28",

"first_seen": "2023-07-07T17:19:28",

"last_download": "2023-07-07T17:19:28",

"last_download_url": "http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E",

"last_seen": "2023-07-07T19:59:59",

"md5": "797eccd405422c693c0191979ff6ef4a",

"sample_available": true,

"sample_size": 556,

"sample_type": "Text/JSON",

"sha1": "91b32dca495014f75ffdee6faa698bdf6434d8fb",

"sha256": "4b89d4825098a840cd456b2b5885dcb2877f64860849241fa1f61ae222ad17bf",

"threat_level": 0,

"trust_factor": 5

},

{

"classification": "KNOWN",

"first_download": "2023-06-02T11:22:59",

"first_seen": "2023-06-02T11:22:59",

"last_download": "2023-06-02T11:22:59",

"last_download_url": "http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288",

"last_seen": "2023-07-24T13:15:30",

"md5": "c64e2b30fda16b0196942265d3dd5fef",

"sample_available": true,

"sample_size": 560,

"sample_type": "Text/JSON",

"sha1": "d8e27451c3045d36059275900c471d6fbb0cabf4",

"sha256": "196a50b5dd9a72e24acb81c757df553d1e0f5c072d52672decb5c598f203b4c5",

"threat_level": 0,

"trust_factor": 5

},

{

"classification": "KNOWN",

"first_download": "2023-07-06T13:27:18",

"first_seen": "2023-07-06T13:27:18",

"last_download": "2023-07-06T13:27:18",

"last_download_url": "http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702",

"last_seen": "2023-07-13T18:31:02",

"md5": "4dea2d4466b52c08d0b8276dd0c45172",

"sample_available": true,

"sample_size": 556,

"sample_type": "Text/JSON",

"sha1": "e8f717a59b8c1c5290797642d9442612ea234657",

"sha256": "8575ac48af341192f571d55002370cc945c56dd43655731d76348f4df6d232a7",

"threat_level": 0,

"trust_factor": 5

}

]

}

}

Human Readable Output

ReversingLabs Files downloaded from IP address 61.253.71.111

Downloaded files

classification	first_download	first_seen	last_download	last_download_url	last_seen	md5	sample_available	sample_size	sample_type	sha1	sha256	threat_level	trust_factor
KNOWN	2023-07-07T17:19:28	2023-07-07T17:19:28	2023-07-07T17:19:28	http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E	2023-07-07T19:59:59	797eccd405422c693c0191979ff6ef4a	true	556	Text/JSON	91b32dca495014f75ffdee6faa698bdf6434d8fb	4b89d4825098a840cd456b2b5885dcb2877f64860849241fa1f61ae222ad17bf	0	5
KNOWN	2023-06-02T11:22:59	2023-06-02T11:22:59	2023-06-02T11:22:59	http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288	2023-07-24T13:15:30	c64e2b30fda16b0196942265d3dd5fef	true	560	Text/JSON	d8e27451c3045d36059275900c471d6fbb0cabf4	196a50b5dd9a72e24acb81c757df553d1e0f5c072d52672decb5c598f203b4c5	0	5
KNOWN	2023-07-06T13:27:18	2023-07-06T13:27:18	2023-07-06T13:27:18	http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702	2023-07-13T18:31:02	4dea2d4466b52c08d0b8276dd0c45172	true	556	Text/JSON	e8f717a59b8c1c5290797642d9442612ea234657	8575ac48af341192f571d55002370cc945c56dd43655731d76348f4df6d232a7	0	5

reversinglabs-titaniumcloud-ip-urls

---

Returns a list of URL-s associated with an IP address.

Base Command

reversinglabs-titaniumcloud-ip-urls

Input

Argument Name	Description	Required
ip	IP address.	Required
result_limit	Maximum number of returned results. Default is 50000.	Optional
results_per_page	Number of results returned per request. Default is 1000.	Optional

Context Output

Path	Type	Description
ReversingLabs.ip_urls	Unknown	The list of URL-s associated with an IP address.

Command example

!reversinglabs-titaniumcloud-ip-urls ip=61.253.71.111 result_limit=10 results_per_page=3

Context Example

{

"DBotScore": {

"Indicator": "61.253.71.111",

"Reliability": "C - Fairly reliable",

"Score": 0,

"Type": "ip",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"IP": {

"Address": "61.253.71.111"

},

"ReversingLabs": {

"ip_urls": [

{

"url": "http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288"

},

{

"url": "http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E"

},

{

"url": "http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702"

}

]

}

}

Human Readable Output

ReversingLabs URL-s associated with IP address 61.253.71.111

URL list

url
http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288
http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E
http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702

reversinglabs-titaniumcloud-ip-to-domain

---

Returns a list of IP to domain mappings.

Base Command

reversinglabs-titaniumcloud-ip-to-domain

Input

Argument Name	Description	Required
ip	IP address.	Required
result_limit	Maximum number of returned results. Default is 50000.	Optional
results_per_page	Number of results returned per request. Default is 1000.	Optional

Context Output

Path	Type	Description
ReversingLabs.ip_to_domain	Unknown	The list of IP to domain mappings.

Command example

!reversinglabs-titaniumcloud-ip-to-domain results_per_page=3 ip=61.253.71.111 result_limit=10

Context Example

{

"DBotScore": {

"Indicator": "61.253.71.111",

"Reliability": "C - Fairly reliable",

"Score": 0,

"Type": "ip",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"IP": {

"Address": "61.253.71.111"

},

"ReversingLabs": {

"ip_to_domain": [

{

"host_name": "zexeq.com",

"last_resolution_time": "2023-07-07T17:19:28",

"provider": "ReversingLabs"

}

]

}

}

Human Readable Output

ReversingLabs IP to domain mappings for IP address 61.253.71.111

Domain list

host_name	last_resolution_time	provider
zexeq.com	2023-07-07T17:19:28	ReversingLabs

reversinglabs-titaniumcloud-network-reputation

---

Returns network reputation for requested network locations.

Base Command

reversinglabs-titaniumcloud-network-reputation

Input

Argument Name	Description	Required
network_locations	A comma-separated list of network locations. The list should have no spaces.	Required

Context Output

Path	Type	Description
ReversingLabs.network_reputation	Unknown	Network reputation.

Command example

!reversinglabs-titaniumcloud-network-reputation network_locations=http://43.138.221.139/jquery-3.3.1.min.js,61.253.71.111,bloom-artists.com

Context Example

{

"ReversingLabs": {

"network_reputation": {

"rl": {

"entries": [

{

"associated_malware": false,

"categories": [

"phishing",

"command_and_control"

],

"classification": "malicious",

"first_seen": "2022-09-11T11:54:39",

"last_seen": "2023-04-14T11:15:51",

"reason": "third_party_reputation",

"requested_network_location": "http://43.138.221.139/jquery-3.3.1.min.js",

"third_party_reputations": {

"clean": 0,

"malicious": 2,

"total": 19,

"undetected": 17

},

"type": "url"

},

{

"associated_malware": false,

"first_seen": "2023-11-06T13:10:15",

"last_seen": "2023-07-24T13:15:52",

"requested_network_location": "61.253.71.111",

"third_party_reputations": {

"clean": 0,

"malicious": 0,

"total": 7,

"undetected": 7

},

"type": "ip"

},

{

"associated_malware": true,

"first_seen": "2023-10-22T21:13:34",

"last_seen": "2023-10-23T03:27:25",

"requested_network_location": "bloom-artists.com",

"third_party_reputations": {

"clean": 0,

"malicious": 2,

"total": 13,

"undetected": 11

},

"type": "domain"

}

]

}

}

}

}

Human Readable Output

ReversingLabs Reputation for the following network locations: http://43.138.221.139/jquery-3.3.1.min.js, 61.253.71.111, bloom-artists.com

Network locations

associated_malware	categories	classification	first_seen	last_seen	reason	requested_network_location	third_party_reputations_clean	third_party_reputations_malicious	third_party_reputations_total	third_party_reputations_undetected	type
false	phishing, command_and_control	malicious	2022-09-11T11:54:39	2023-04-14T11:15:51	third_party_reputation	http://43.138.221.139/jquery-3.3.1.min.js	0	2	19	17	url
false			2023-11-06T13:10:15	2023-07-24T13:15:52		61.253.71.111	0	0	7	7	ip
true			2023-10-22T21:13:34	2023-10-23T03:27:25		bloom-artists.com	0	2	13	11	domain

reversinglabs-titaniumcloud-network-reputation-override

---

Sets and removes user-requested network reputation overrides.

Base Command

reversinglabs-titaniumcloud-network-reputation-override

Input

Argument Name	Description	Required
set_overrides_list	Network locations whose reputations should be overriden. The locations should be written as a string in the following format - 'network_location,location_type,new_classification|network_location,location_type,new_classification|network_location,location_type,new_classification'.	Optional
remove_overrides_list	Network locations whose reputation overrides should be removed. The locations should be written as a string in the following format - 'network_location,location_type|network_location,location_type|network_location,location_type'.	Optional

Context Output

Path	Type	Description
ReversingLabs.network_reputation_override	Unknown	Network reputation user override.

Command example

!reversinglabs-titaniumcloud-network-reputation-override set_overrides_list="http://163.197.220.144/5x8x,url,suspicious|http://163.197.220.144/j.ad,url,known" remove_overrides_list="http://43.138.221.139/jquery-3.3.1.min.js,url"

Context Example

{

"ReversingLabs": {

"network_reputation_override": {

"rl": {

"user_override": {

"created_overrides": [

{

"classification": "suspicious",

"network_location": "http://163.197.220.144/5x8x",

"reason": "user_override",

"type": "url"

},

{

"classification": "known",

"network_location": "http://163.197.220.144/j.ad",

"reason": "user_override",

"type": "url"

}

],

"removed_overrides": [

{

"network_location": "http://43.138.221.139/jquery-3.3.1.min.js",

"type": "url"

}

]

}

}

}

}

}

Human Readable Output

ReversingLabs Network reputation user override

Created overrides

classification	network_location	reason	type
suspicious	http://163.197.220.144/5x8x	user_override	url
known	http://163.197.220.144/j.ad	user_override	url

Removed overrides

network_location	type
http://43.138.221.139/jquery-3.3.1.min.js	url

reversinglabs-titaniumcloud-network-reputation-overrides-list

---

Lists the active network reputation overrides.

Base Command

reversinglabs-titaniumcloud-network-reputation-overrides-list

Input

Argument Name	Description	Required
result_limit	Maximum number of returned results. Default is 50000.	Optional

Context Output

Path	Type	Description
ReversingLabs.network_reputation_overrides_list	Unknown	Network reputation overrides list.

Command example

!reversinglabs-titaniumcloud-network-reputation-overrides-list result_limit=10

Context Example

{

"ReversingLabs": {

"network_reputation_overrides_list": [

{

"network_location": "https://cisco.com/",

"type": "url"

},

{

"network_location": "http://banco.colpatria.com.co/banca-virtual/login/",

"type": "url"

},

{

"network_location": "http://cvisd.com/",

"type": "url"

},

{

"network_location": "https://ca-sil.com/",

"type": "url"

},

{

"network_location": "http://partner.frontread.com/",

"type": "url"

},

{

"network_location": "https://eclipse.org/",

"type": "url"

},

{

"network_location": "http://163.197.220.144/5x8x",

"type": "url"

},

{

"network_location": "https://ajestudios.com/",

"type": "url"

},

{

"network_location": "https://openairmt.org/",

"type": "url"

},

{

"network_location": "https://synnexfpt.com/",

"type": "url"

}

]

}

}

Human Readable Output

ReversingLabs Network reputation active user overrides list

Network location list

network_location	type
https://cisco.com/	url
http://banco.colpatria.com.co/banca-virtual/login/	url
http://cvisd.com/	url
https://ca-sil.com/	url
http://partner.frontread.com/	url
https://eclipse.org/	url
http://163.197.220.144/5x8x	url
https://ajestudios.com/	url
https://openairmt.org/	url
https://synnexfpt.com/	url

reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis

---

Submit an existing sample for dynamic analysis.

Base Command

reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis

Input

Argument Name	Description	Required
sha1	Sample SHA-1 hash.	Required
platform	Desired platform; See the API documentation for possible values.	Required

Context Output

Path	Type	Description
ReversingLabs.detonate_sample_dynamic	Unknown	The dynamic analysis.

Command example

!reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 platform=windows10

Context Example

{

"ReversingLabs": {

"detonate_sample_dynamic": {

"rl": {

"analysis_id": "9084a751-cd94-4b2f-8d01-e5bf9542dc89",

"requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"status": "started"

}

}

}

}

Human Readable Output

ReversingLabs submit sample 21841b32c6165b27dddbd4d6eb3a672defe54271 for Dynamic Analysis

Status: started Requested hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 Analysis ID: 9084a751-cd94-4b2f-8d01-e5bf9542dc89

reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results

---

Retrieve dynamic analysis results for a sample.

Base Command

reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results

Input

Argument Name	Description	Required
sha1	Sample SHA-1 hash.	Required
analysis_id	ID of a specific analysis to fetch.	Optional
latest_analysis	Fetch the latest analysis. Possible values are: true, false. Default is false.	Optional

Context Output

Path	Type	Description
File.MD5	String	MD5 hash.
File.SHA1	String	SHA1 hash.
File.SHA256	String	SHA256 hash.
DBotScore.Score	Number	The actual score.
DBotScore.Type	String	The indicator type.
DBotScore.Indicator	String	The indicator that was tested.
DBotScore.Vendor	String	The vendor used to calculate the score.
ReversingLabs.sample_dynamic_analysis_results	Unknown	The sample dynamic analysis results.

Command example

!reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 analysis_id=08249dbc-77bf-482e-be4d-b8fa58de01c7 latest_analysis=false

Context Example

{

"DBotScore": {

"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"Reliability": "C - Fairly reliable",

"Score": 3,

"Type": "file",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"File": {

"Hashes": [

{

"type": "MD5",

"value": "d5720ea13de22edcbe76d20c7908c0bf"

},

{

"type": "SHA1",

"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"

},

{

"type": "SHA256",

"value": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19"

}

],

"MD5": "d5720ea13de22edcbe76d20c7908c0bf",

"Malicious": {

"Description": "MALICIOUS",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"SHA256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19"

},

"InfoFile": {

"EntryID": "8950@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Info": "text/plain",

"Name": "Dynamic analysis report file for sample 21841b32c6165b27dddbd4d6eb3a672defe54271",

"Size": 1985565,

"Type": "ASCII text, with very long lines"

},

"ReversingLabs": {

"sample_dynamic_analysis_results": {

"rl": {

"report": {

"analysis_duration": 211,

"analysis_id": "08249dbc-77bf-482e-be4d-b8fa58de01c7",

"analysis_time": "2023-07-16T11:08:11",

"behavioral": [

{

"file_actions": [

{

"action_type": "file_opened",

"file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}",

"file_path": "\\DEVICE",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "Output",

"file_path": "\\Device\\ConDrv\\",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dhcpcsvc.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINDOWS",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ipconfig.exe.mui",

"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}",

"file_path": "\\DEVICE",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Connect",

"file_path": "\\Device\\ConDrv\\",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CONOUT$",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reference",

"file_path": "\\Device\\ConDrv\\",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IPHLPAPI.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Input",

"file_path": "\\Device\\ConDrv\\",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dhcpcsvc6.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Nsi",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Server",

"file_path": "\\Device\\ConDrv",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DNSAPI.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SysWOW64",

"file_path": "C:\\WINDOWS",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "\\KnownDlls32\\RPCRT4.dll"

},

{

"module_name": "\\KnownDlls32\\dhcpcsvc6.DLL"

},

{

"module_name": "\\KnownDlls32\\NSI.dll"

},

{

"module_name": "\\KnownDlls32\\KERNEL32.DLL"

},

{

"module_name": "\\KnownDlls32\\KERNELBASE.dll"

},

{

"module_name": "\\KnownDlls32\\DNSAPI.dll"

},

{

"module_name": "\\KnownDlls32\\WS2_32.dll"

},

{

"module_name": "\\KnownDlls32\\kernel32.dll"

},

{

"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"

},

{

"module_name": "\\KnownDlls32\\msvcrt.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\IPHLPAPI.DLL"

},

{

"module_name": "\\KnownDlls\\wow64.dll"

},

{

"module_name": "\\KnownDlls32\\IPHLPAPI.DLL"

},

{

"module_name": "\\KnownDlls32\\sechost.dll"

},

{

"module_name": "unknown"

},

{

"module_name": "\\KnownDlls\\wow64log.dll"

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"

},

{

"module_name": "\\KnownDlls\\wow64cpu.dll"

},

{

"module_name": "\\KnownDlls\\wow64win.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\dhcpcsvc6.dll"

},

{

"module_name": "\\KnownDlls32\\dhcpcsvc.DLL"

},

{

"module_name": "C:\\Windows\\SysWOW64\\dnsapi.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\en-US\\ipconfig.exe.mui"

},

{

"module_name": "\\KnownDlls32\\SspiCli.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\dhcpcsvc.dll"

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection"

},

{

"module_name": "\\KnownDlls32\\CRYPTBASE.dll"

}

],

"process": {

"name": "ipconfig.exe",

"parameters": "ipconfig /renew"

},

"process_actions": [

{

"action_type": "process_terminated",

"path": "C:\\Windows\\SysWOW64\\ipconfig.exe",

"status": "success or wait"

},

{

"action_type": "process_queried",

"path": "C:\\Windows\\SysWOW64\\ipconfig.exe",

"status": "success or wait"

}

]

},

{

"file_actions": [

{

"action_type": "file_opened",

"file_name": "uxtheme.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ole32.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "comctl32.DLL",

"file_path": "C:\\WINDOWS\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "conhost.exe",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINDOWS",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403",

"file_path": "C:\\WINDOWS\\WinSxS",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "conhost.exe.mui",

"file_path": "C:\\WINDOWS\\system32\\en-US",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uxtheme.dll.Config",

"file_path": "C:\\WINDOWS\\system32",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "user32.dll.mui",

"file_path": "C:\\WINDOWS\\System32\\en-US",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WindowsShell.Manifest",

"file_path": "C:\\WINDOWS",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dwmapi.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ipconfig.exe",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "\\KnownDlls\\profapi.dll"

},

{

"module_name": "\\KnownDlls\\windows.storage.dll"

},

{

"module_name": "\\KnownDlls\\gdi32full.dll"

},

{

"module_name": "\\KnownDlls\\msvcp_win.dll"

},

{

"module_name": "\\KnownDlls\\KERNEL32.DLL"

},

{

"module_name": "\\KnownDlls\\combase.dll"

},

{

"module_name": "\\KnownDlls\\uxtheme.dll"

},

{

"module_name": "\\KnownDlls\\shcore.dll"

},

{

"module_name": "C:\\Windows\\System32\\en-US\\user32.dll.mui"

},

{

"module_name": "\\KnownDlls\\sechost.dll"

},

{

"module_name": "\\KnownDlls\\shlwapi.dll"

},

{

"module_name": "\\KnownDlls\\win32u.dll"

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"

},

{

"module_name": "\\KnownDlls\\cfgmgr32.dll"

},

{

"module_name": "C:\\Windows\\System32\\uxtheme.dll"

},

{

"module_name": "\\KnownDlls\\RPCRT4.dll"

},

{

"module_name": "\\KnownDlls\\kernel.appcore.dll"

},

{

"module_name": "\\KnownDlls\\ucrtbase.dll"

},

{

"module_name": "\\KnownDlls\\FLTLIB.DLL"

},

{

"module_name": "\\Sessions\\1\\Windows\\ThemeSection"

},

{

"module_name": "\\KnownDlls\\KERNELBASE.dll"

},

{

"module_name": "C:\\Windows\\System32\\ole32.dll"

},

{

"module_name": "C:\\Windows\\System32\\dwmapi.dll"

},

{

"module_name": "\\KnownDlls\\shell32.dll"

},

{

"module_name": "unknown"

},

{

"module_name": "\\KnownDlls\\IMM32.DLL"

},

{

"module_name": "\\KnownDlls\\bcryptPrimitives.dll"

},

{

"module_name": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403\\comctl32.dll"

},

{

"module_name": "\\KnownDlls\\user32.dll"

},

{

"module_name": "C:\\Windows\\WindowsShell.Manifest"

},

{

"module_name": "\\KnownDlls\\OLEAUT32.dll"

},

{

"module_name": "\\KnownDlls\\MSCTF.dll"

},

{

"module_name": "C:\\Windows\\System32\\en-US\\Conhost.exe.mui"

},

{

"module_name": "\\KnownDlls\\msvcrt.dll"

},

{

"module_name": "\\KnownDlls\\powrprof.dll"

},

{

"module_name": "C:\\Windows\\System32\\imm32.dll"

},

{

"module_name": "\\KnownDlls\\advapi32.dll"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"

},

{

"module_name": "\\KnownDlls\\dwmapi.dll"

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection"

},

{

"module_name": "\\KnownDlls\\GDI32.dll"

},

{

"module_name": "\\Windows\\Theme596611661",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\Windows\\Theme3441928617",

"module_tag": ""

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1076:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1076:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4548:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4548:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7568:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7568:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7880:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7880:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6668:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6668:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6932:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6932:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6064:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6064:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3916:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3916:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7428:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7428:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7652:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7652:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2636:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2636:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5268:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5268:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4588:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4588:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8060:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8060:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8132:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8132:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8112:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8112:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1848:304:WilStaging_02",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1848:120:WilError_01",

"status": "success or wait"

}

],

"process": {

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1"

},

"process_actions": [

{

"action_type": "process_queried",

"path": "C:\\Windows\\System32\\conhost.exe",

"status": "success or wait"

}

]

},

{

"file_actions": [

{

"action_type": "file_created",

"file_name": "Start Menu",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "WS2_32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WININET.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Startup",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINDOWS",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Roaming",

"file_path": "C:\\Users\\user\\AppData",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.done.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "win32u.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTBASE.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cfgmgr32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shcore.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "USER32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ADVAPI32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "GDI32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bcryptPrimitives.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntdll.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msvcp_win.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SspiCli.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Programs",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "combase.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "windows.storage.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "apphelp.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Startup",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "RPCRT4.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ucrtbase.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KERNEL32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sysmain.sdb",

"file_path": "C:\\WINDOWS\\AppPatch",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "user",

"file_path": "C:\\Users",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "SHELL32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sechost.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shlwapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gdi32full.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "kernel.appcore.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "powrprof.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "FLTLIB.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "profapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KERNELBASE.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Tox.exe",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msvcrt.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "\\KnownDlls32\\msvcp_win.dll"

},

{

"module_name": "\\KnownDlls32\\RPCRT4.dll"

},

{

"module_name": "\\KnownDlls32\\WS2_32.dll"

},

{

"module_name": "\\KnownDlls32\\USER32.dll"

},

{

"module_name": "\\KnownDlls32\\combase.dll"

},

{

"module_name": "\\KnownDlls32\\profapi.dll"

},

{

"module_name": "\\KnownDlls32\\windows.storage.dll"

},

{

"module_name": "\\KnownDlls32\\FLTLIB.DLL"

},

{

"module_name": "\\KnownDlls32\\KERNEL32.DLL"

},

{

"module_name": "\\KnownDlls32\\kernel.appcore.dll"

},

{

"module_name": "\\KnownDlls32\\KERNELBASE.dll"

},

{

"module_name": "\\KnownDlls32\\win32u.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\apphelp.dll"

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"

},

{

"module_name": "\\KnownDlls32\\IMM32.DLL"

},

{

"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"

},

{

"module_name": "\\KnownDlls32\\kernel32.dll"

},

{

"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"

},

{

"module_name": "\\KnownDlls32\\powrprof.dll"

},

{

"module_name": "\\KnownDlls32\\msvcrt.dll"

},

{

"module_name": "\\KnownDlls\\wow64.dll"

},

{

"module_name": "\\KnownDlls32\\sechost.dll"

},

{

"module_name": "unknown"

},

{

"module_name": "\\KnownDlls\\wow64log.dll"

},

{

"module_name": "\\KnownDlls32\\apphelp.dll"

},

{

"module_name": "\\KnownDlls\\wow64cpu.dll"

},

{

"module_name": "\\KnownDlls32\\cfgmgr32.dll"

},

{

"module_name": "\\KnownDlls\\wow64win.dll"

},

{

"module_name": "\\KnownDlls32\\ucrtbase.dll"

},

{

"module_name": "\\KnownDlls32\\GDI32.dll"

},

{

"module_name": "\\KnownDlls32\\WININET.DLL"

},

{

"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"

},

{

"module_name": "\\KnownDlls32\\SspiCli.dll"

},

{

"module_name": "\\KnownDlls32\\shlwapi.dll"

},

{

"module_name": "\\KnownDlls32\\shcore.dll"

},

{

"module_name": "\\KnownDlls32\\SHELL32.DLL"

},

{

"module_name": "C:\\Windows\\apppatch\\sysmain.sdb"

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection"

},

{

"module_name": "\\KnownDlls32\\CRYPTBASE.dll"

},

{

"module_name": "\\KnownDlls32\\gdi32full.dll"

},

{

"module_name": "\\KnownDlls32\\ADVAPI32.dll"

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",

"status": "object name exists"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8020:64:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8020:168:WilStaging_02",

"status": "success or wait"

}

],

"process": {

"name": "Tox.exe",

"parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" "

},

"process_actions": [

{

"action_type": "process_queried",

"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",

"status": "success or wait"

},

{

"action_type": "process_terminated",

"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",

"status": "success or wait"

}

],

"registry_actions": [

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "buffer overflow"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Tox.exe",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\NULL",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",

"status": "object name not found"

}

]

},

{

"file_actions": [

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "R000000000013.clb",

"file_path": "C:\\WINDOWS\\Registration",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Startup",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",

"status": "object name collision"

},

{

"action_type": "file_created",

"file_name": "Start Menu",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "uxtheme.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WININET.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ole32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.done.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "user",

"file_path": "C:\\Users",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "Desktop",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINDOWS",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Roaming",

"file_path": "C:\\Users\\user\\AppData",

"status": "object name collision"

},

{

"action_type": "file_created",

"file_name": "Programs",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "dwmapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TextInputFramework.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntmarta.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CoreUIComponents.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CoreMessaging.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wintypes.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "StaticCache.dat",

"file_path": "C:\\Windows\\Fonts",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "staticcache.dat",

"file_path": "C:\\Windows\\Fonts",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "USER32.dll.mui",

"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "\\KnownDlls32\\windows.storage.dll"

},

{

"module_name": "\\KnownDlls32\\OLEAUT32.dll"

},

{

"module_name": "\\KnownDlls32\\powrprof.dll"

},

{

"module_name": "\\KnownDlls32\\msvcrt.dll"

},

{

"module_name": "\\KnownDlls32\\combase.dll"

},

{

"module_name": "unknown"

},

{

"module_name": "\\KnownDlls\\wow64cpu.dll"

},

{

"module_name": "\\KnownDlls32\\clbcatq.dll"

},

{

"module_name": "\\KnownDlls32\\ucrtbase.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll"

},

{

"module_name": "C:\\Windows\\Registration\\R000000000013.clb"

},

{

"module_name": "\\KnownDlls32\\RPCRT4.dll"

},

{

"module_name": "\\KnownDlls32\\FLTLIB.DLL"

},

{

"module_name": "\\KnownDlls32\\KERNEL32.DLL"

},

{

"module_name": "\\KnownDlls32\\cfgmgr32.dll"

},

{

"module_name": "\\KnownDlls32\\uxtheme.dll"

},

{

"module_name": "\\KnownDlls32\\SHELL32.DLL"

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection"

},

{

"module_name": "\\KnownDlls32\\shcore.dll"

},

{

"module_name": "\\KnownDlls32\\WS2_32.dll"

},

{

"module_name": "\\KnownDlls32\\kernel.appcore.dll"

},

{

"module_name": "\\KnownDlls32\\win32u.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll"

},

{

"module_name": "\\KnownDlls32\\IMM32.DLL"

},

{

"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"

},

{

"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"

},

{

"module_name": "\\KnownDlls32\\sechost.dll"

},

{

"module_name": "\\KnownDlls\\wow64win.dll"

},

{

"module_name": "\\KnownDlls32\\GDI32.dll"

},

{

"module_name": "\\KnownDlls32\\SspiCli.dll"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__"

},

{

"module_name": "\\KnownDlls32\\msvcp_win.dll"

},

{

"module_name": "\\KnownDlls32\\USER32.dll"

},

{

"module_name": "\\KnownDlls32\\KERNELBASE.dll"

},

{

"module_name": "\\KnownDlls32\\profapi.dll"

},

{

"module_name": "\\KnownDlls32\\kernel32.dll"

},

{

"module_name": "\\KnownDlls\\wow64.dll"

},

{

"module_name": "\\KnownDlls\\wow64log.dll"

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"

},

{

"module_name": "\\KnownDlls32\\shlwapi.dll"

},

{

"module_name": "\\KnownDlls32\\WININET.DLL"

},

{

"module_name": "\\KnownDlls32\\CRYPTBASE.dll"

},

{

"module_name": "\\KnownDlls32\\gdi32full.dll"

},

{

"module_name": "\\KnownDlls32\\ADVAPI32.dll"

},

{

"module_name": "\\KnownDlls32\\ole32.dll"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1"

},

{

"module_name": "C:\\Windows\\Fonts\\StaticCache.dat"

},

{

"module_name": "\\KnownDlls32\\ntmarta.dll"

},

{

"module_name": "\\KnownDlls32\\CoreMessaging.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\ole32.dll"

},

{

"module_name": "\\KnownDlls32\\dwmapi.dll"

},

{

"module_name": "\\Sessions\\1\\Windows\\ThemeSection"

},

{

"module_name": "\\KnownDlls32\\MSCTF.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\TextInputFramework.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\en-US\\user32.dll.mui"

},

{

"module_name": "C:\\Windows\\SysWOW64\\ntmarta.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\CoreMessaging.dll"

},

{

"module_name": "\\KnownDlls32\\TextInputFramework.dll"

},

{

"module_name": "\\KnownDlls32\\wintypes.dll"

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory"

},

{

"module_name": "\\KnownDlls32\\CoreUIComponents.dll"

},

{

"module_name": "C:\\Windows\\SysWOW64\\dwmapi.dll"

},

{

"module_name": "\\Sessions\\1\\Windows\\Theme3441928617",

"module_tag": ""

},

{

"module_name": "\\Windows\\Theme596611661",

"module_tag": ""

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",

"status": "object name exists"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7716:64:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7716:168:WilStaging_02",

"status": "success or wait"

}

],

"process": {

"name": "rl_file.exe",

"parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" "

},

"process_actions": [

{

"action_type": "process_queried",

"path": "C:\\Users\\user\\Desktop\\rl_file.exe",

"status": "success or wait"

},

{

"action_type": "process_terminated",

"path": "C:\\Users\\user\\Desktop\\rl_file.exe",

"status": "success or wait"

}

],

"registry_actions": [

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "buffer overflow"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\NULL",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\App Management",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\Compatibility\\rl_file.exe",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\App Management",

"status": "object name not found"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",

"status": "object name not found"

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Input",

"status": "success or wait"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",

"status": "success or wait"

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM",

"status": "object name not found"

}

]

},

{

"file_actions": [

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cs-CZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-GT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.done.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "History",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "USER32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ms-MY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "it-IT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ZA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "edputil.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-AT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-TN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-RE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uxtheme.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "chrome_shutdown_ms.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "af-ZA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UsageLogs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-BH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ucrtbase.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Temp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "DefaultLayouts.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "DefaultLayouts.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Feeds",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Feeds Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Chrome",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "it-IT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Credentials",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "tox.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-YE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hi-IN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-ML",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-419",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "BrowserMetrics",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTBASE.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ActiveSync",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-IE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-GT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "3534848bb9f4cb71",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-BZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Windows",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-FR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-SN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-MA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shlwapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OLEAUT32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "id-ID",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-RE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "eu-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ID",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bcrypt.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WININET.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-MY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "GDI32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ha-Latn-NG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rsaenh.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sl-SI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hu-HU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msvcp_win.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTSP.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Startup",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "es-HN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v2.0_32",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLDAPI.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MicrosoftEdge",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-SA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "DefaultLayouts.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sq-AL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Event Viewer",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.decrypt.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "hu-HU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-OM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tox.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "object name not found"

},

{

"action_type": "file_read",

"file_name": "brndlog.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WS2_32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fa-IR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "win32u.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sk-SK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Microsoft",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Firefox",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-SN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MountPointManager",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-HK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "kernel.appcore.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-BE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-GB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gl-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "c:",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "GameDVR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-029",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-MX",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WidevineCdm",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bg-BG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KERNELBASE.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-DZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-FR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KERNEL32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "input",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "desktop.ini",

"file_path": "C:\\Users",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "af-ZA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-QA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-EG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sysmain.sdb",

"file_path": "C:\\WINDOWS\\AppPatch",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-NZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-IQ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "apphelp.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-KW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-EC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ZW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-LY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CrashReports",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hy-AM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Low",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tr-TR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "eu-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "brndlog.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-SG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fi-FI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hr-BA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-VE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pt-PT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nb-NO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-MX",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-MA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "user",

"file_path": "C:\\Users",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "nl-BE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ka-GE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "clbcatq.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AppData",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-UY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "History.IE5",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-SG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-LB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-DO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sechost.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DBG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ZA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-EC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "desktop.ini",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sw-KE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-AR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-IN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DBG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pnacl",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-UY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shcore.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-AE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msdtadmin",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v4.0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Vault",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bg-BG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Low",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OriginTrials",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Unistore",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "it-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-JM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Microsoft",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Mozilla",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "History",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-KW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-NZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PROPSYS.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cfgmgr32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-MA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "et-EE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fi-FI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "combase.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Tox.exe",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PeerDistRepub",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-DO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pl-PL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "RPCRT4.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-NI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DefaultLayouts.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "kk-KZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "rl_file.exe:Zone.Identifier",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "he-IL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "da-DK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rl_file.exe",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Crashpad",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-GB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Google",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-LB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "et-EE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-IN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Windows.StateRepositoryPS.dll",

"file_path": "C:\\Windows\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-OM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Packages",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "chrome_shutdown_ms.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gl-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-JO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hy-AM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bcryptPrimitives.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KsecDD",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WER",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "DefaultLayouts.xml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nl-NL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Default",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-JO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "unknown",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-JM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-TT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "el-GR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-HT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msvcrt.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Office",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-BO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-HT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntdll.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-IQ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-LU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "lv-LV",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "brndlog.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "user",

"file_path": "C:\\Users",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "it-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Feeds",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mk-MK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-LI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "windows.storage.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gdi32full.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-YE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UsageLogs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-US",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "kk-KZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Desktop",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v4.0_32",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "he-IL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rl_file.exe:Zone.Identifier",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-AE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tox.log",

"file_path": "C:\\Users\\user\\AppData\\Roaming",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-AU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v4.0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-AU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Credentials",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v2.0_32",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Local",

"file_path": "C:\\Users\\user\\AppData",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Chrome",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Caches",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "ca-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SHELL32.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bn-BD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PROPSYS.dll.mui",

"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "GameDVR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-DZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pt-BR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-MC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ConnectedDevicesPlatform",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Microsoft Help",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Publishers",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-QA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-AR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "User Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "iertutil.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cversions.1.db",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-NI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-LU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-TN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "desktop.ini",

"file_path": "C:\\Users",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TokenBroker",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ro-MD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-SA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-MC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hr-BA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "oleaut32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Caches",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CrashReports",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fa-IR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Safe Browsing",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "lt-LT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "id-ID",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "el-GR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-EG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "History.IE5",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hr-HR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-SY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Temp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "input",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-HK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ms-BN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sv-FI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Start Menu",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "ca-ES-valencia",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Comms",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINDOWS",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-IE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-DE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ole32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Comms",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cs-CZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-TT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-MY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-US",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Acrobat",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ro-RO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ID",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "rl_file.exe",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hi-IN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bn-BD",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-SV",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PepperFlash",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-LU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "FLTLIB.DLL",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CLR_v4.0_32",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneDrive",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-BH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "powrprof.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Feeds Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ShaderCache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Roaming",

"file_path": "C:\\Users\\user\\AppData",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "Users",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "R000000000013.clb",

"file_path": "C:\\WINDOWS\\Registration",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "profapi.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_shutdown_ms.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "chrome_shutdown_ms.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ADVAPI32.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "da-DK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-MA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Tox.exe",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Unistore",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Programs",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "de-DE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-HN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-SY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "D3DSCache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-LU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UsageLogs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0_32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-ML",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-BO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "L.user",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ConnectedDevicesPlatform",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "chrome_shutdown_ms.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-VE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-ZW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "brndlog.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WinTypes.dll",

"file_path": "C:\\Windows\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Google",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "D3DSCache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "desktop.ini",

"file_path": "C:\\Users\\user\\Desktop",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-PA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uk-UA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-BZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-BE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "3D Objects",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "History.IE5",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ka-GE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MEIPreload",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "12.0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fr-CH",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UnistoreDB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sv-SE",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ElevatedDiagnostics",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-SV",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "User",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DC",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "C:",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "brndlog.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ru-RU",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-029",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "es-CL",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ar-LY",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hr-HR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARM",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "az-Latn-AZ",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "updates",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PlayReady",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Profiles",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Color",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SspiCli.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Color",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "urlmon.dll",

"file_path": "C:\\WINDOWS\\SysWOW64",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Adobe",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-AT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nn-NO",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "VirtualStore",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application Data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UnistoreDB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ca-ES",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "S",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "de-LI",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WindowsApps",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "lt-LT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DBG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ElevatedDiagnostics",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "weakrefobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sre_parse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "fileinput.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "objimpl.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "encoder.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "threads.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "struct.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "calendar.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "events.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "parsetok.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyframe.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "calltip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "NEWS.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "csv.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "complexobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rpc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "imghdr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "codeop.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fork_wait.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "client.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "oem.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "CREDITS.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pystrhex.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "nntplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mainmenu.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ffdh3072.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "warnings.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "doctest.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "genobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "parsetok.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gdb_sample.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "copy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "copyreg.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tracemalloc.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "query.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1258.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "config.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp858.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pytime.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "imghdr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "poplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "secrets.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "warnings.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "copy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp875.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "mimetypes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "import.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1251.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "traceback.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pystrtod.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "imghdr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "intrcheck.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp932.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "idle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bisect_cmd.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "wave.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "opcode.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "memoryobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "iomenu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "keycert2.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bisect.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1250.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LICENSE.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ipaddress.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dbapi2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pydebug.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "textwrap.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "weakrefobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Python.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "config.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "weakref.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "lzma.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pymem.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "listobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "osmodule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp273.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "genericpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "os.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "moduleobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bltinmodule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tempfile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cmd.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "debugobj.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pkgutil.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "turtle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "numbers.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pydebug.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "import.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "utils.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pprint.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bytesobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sunau.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_collections_abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "patcomp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_py_abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "traceback.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "formatter.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "lzma.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bad_getattr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1253.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "enumobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyclbr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "optparse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "codecs.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "debugger.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1125.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uuid.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1140.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp856.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dbapi2.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "errors.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "posixpath.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ann_module6.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "context.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "window.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_sitebuiltins.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ann_module5.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "queue.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1255.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "message.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "random.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "squeezer.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "has_key.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bad_getattr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ann_module7.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "message.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dump.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "py_compile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "poplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "opcode.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sysconfig.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pymacro.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "parsetok.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "filecmp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_markupbase.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp864.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ann_module7.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ann_module.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "eval.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "koi8_u.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sunau.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "undo.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "GrShaderCache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pstats.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "zzdummy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pdb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "trsock.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cellobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_compat_pickle.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "plistlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1252.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pydtrace.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "socket.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "frameobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "futures.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_py_abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "list_tests.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gb2312.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bad_coding.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "graphlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "codeop.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "hmac.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sunau.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "euc_kr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "euc_kr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "big5.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "filecmp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "nturl2path.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "profile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "shutil.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "parser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "socket.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "text.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "keycertecc.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "schema.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "base64.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_endian.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "gzip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pickletools.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "queues.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pythread.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "utils.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "weakref.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "boolobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bdb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "runpy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "methodobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ftplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "code.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "query.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "modulefinder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "symtable.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "Python-ast.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cellobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "base.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "typing.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "iomenu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyport.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "datetime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sslproto.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "threads.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp863.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "uuid.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "aifc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_pydecimal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "johab.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ieee754.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "profile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pkgutil.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hyphen-data",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "bdb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "shelve.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "crypt.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "subprocess.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "genericpath.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "gb2312.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "parser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "functools.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "chunk.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "string.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "tupleobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "modulefinder.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tupleobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "netrc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "big5.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "genobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyfpe.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "compileall.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "telnetlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dist.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1251.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "config.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "NEWS2x.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_logs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\npm-cache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "compile.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp865.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "structseq.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1255.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pydebug.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp037.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ipaddress.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bytesobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tracemalloc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "queue.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pymem.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pythread.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dd_SetupUtility.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp858.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tarfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pymacconfig.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "format.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "py_curses.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "help.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nturl2path.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "heapq.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "linecache.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "formatter.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "errors.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "code.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "symtable.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "panel.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "py_curses.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cookiejar.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "datetime.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "heapq.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "datetime.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp949.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mailbox.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tracemalloc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "charset.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "classobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "fnmatch.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "events.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp864.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "osdefs.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Outlook.pst",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bitset.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mimetypes.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cookiejar.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cookiejar.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp864.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "iterators.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "futures.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "mailbox.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "badcert.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "locale.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bad_coding2.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ann_module3.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "platform.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "debugger.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "utf_32.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "NEWS2x.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ann_module2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "image.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pydtrace.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "imghdr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fileinput.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ast.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "policy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "contextlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "outwin.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "kz1048.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "entities.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zipapp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_py_abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pip",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "iterators.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "contextlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "base64.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cgi.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "odictobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "oem.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyframe.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "imp_dummy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "rpc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cProfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_threading_local.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ceval.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "final_b.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "shelve.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "coding20731.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "parser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "osmodule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "kz1048.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dis_module.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "asdl.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ann_module6.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "re.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bdb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "getpass.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "io.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ast.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "aifc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "copy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "textview.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "coding20731.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ascii.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "operator.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "inspect.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "exports.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "koi8_t.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pathlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "objimpl.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp950.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "undo.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "poplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "policy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "binhex.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dump.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "floatobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "idna.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "token.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "socketserver.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "rlcompleter.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "contextlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "struct.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp863.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "gettext.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_collections_abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "idle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "bisect.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "symbol.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp737.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyport.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ann_module2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "descrobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "charset.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "filelist.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tokenize.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyhash.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "typeslots.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "util.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "aifc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1256.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1026.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__main__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tracemalloc.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_aix.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rangeobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "johab.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "kz1048.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tree.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "osdefs.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "asdl.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "oem.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "quoprimime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "smtpd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "utf_32.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bad_getattr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pymacconfig.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "symtable.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pyframe.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "replace.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pyconfig.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ann_module2.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "rangeobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "graminit.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp865.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gzip.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "telnetlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "undo.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp424.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_markupbase.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "gnu.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "NEWS2x.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "signal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "koi8_r.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "graphlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sched.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bisect.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dbapi2.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "heapq.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "encoders.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "marshal.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "glob.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "smtplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "modsupport.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "gdb_sample.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zipfile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gbk.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bltinmodule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "config.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ssl.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "zipapp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dataclasses.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "difflib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "traceback.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pstats.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "mimetypes.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "xdrlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "floatobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp424.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sysconfig.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "badcert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "cProfile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp863.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "base.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "generator.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1253.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "parsetok.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "base64.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "decimal.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "LICENSE.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pymem.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "code.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp865.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "policy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "compileall.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "gzip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_aix.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "filecmp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "codeop.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "extend.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "enum.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pystate.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "text.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "generator.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "patchlevel.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "editor.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp737.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NEWS.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp500.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_compat_pickle.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pystate.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "euc_jp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "idna.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "glob.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sliceobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_sitebuiltins.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pygram.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1253.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp424.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "fileobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "trsock.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "server.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "eval.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp775.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "browser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "macosx.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "fnmatch.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "debug.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyexpat.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "reprlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cookiejar.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "longobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "xdrlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "eval.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "exports.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "bltinmodule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "heapq.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tmpjnl2abyncacert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "stat.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "final_b.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1258.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyconfig.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "abstract.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "heapq.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "koi8_t.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "listobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sunau.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ast.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sslproto.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "reprlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ndbm.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "calltip.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bad_coding2.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "NEWS.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "enumobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "frameobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "linecache.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "object.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "timeit.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "secrets.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ann_module3.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tupleobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "decimal.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "token.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "structmember.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp858.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp874.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "stringprep.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pyfpe.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp875.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "code.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "panel.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "search.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ffdh3072.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "idna.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp037.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "streams.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1125.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "shelve.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dis.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyhash.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_compression.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "timeit.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "enumobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1255.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "operator.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp875.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__main__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "kz1048.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "format.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "mailcap.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "optparse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "parser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "abstract.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "bytesobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dist.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Python-ast.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ftplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "lzma.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "asynchat.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "audiotests.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "datetime.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "datetime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "query.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pickletools.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pymem.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ann_module5.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "textwrap.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "osmodule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "traceback.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Python",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "webbrowser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ntpath.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pathlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "rot_13.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "calendar.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "binhex.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "warnings.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "config.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "operator.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__phello__.foo.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "datetime.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "policy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "getpass.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "compile.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "structmember.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "moduleobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "text.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "util.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "objimpl.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "boolobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sre_compile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "allsans.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "base64mime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "entities.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "binhex.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "moduleobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "audio.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "palmos.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "py_compile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_sitebuiltins.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "config.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pathlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "koi8_u.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pythonrun.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "decoder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pylifecycle.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "log.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "uuid.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "keycert4.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "sliceobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "has_key.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "entities.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "config.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zzdummy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pymacconfig.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "plistlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__main__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bisect.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "crypt.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "run.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "code.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tmpjnl2abyncacert.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "coding20731.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "errors.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "idna.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "colorsys.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "codeop.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "text.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "cellobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "log.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyerrors.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ast.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "inspect.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp850.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "decimal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "mailcap.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1255.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "graphlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "doctest.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "csv.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "keycert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\collections",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "threading.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fnmatch.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "imp_dummy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "euc_kr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dataclasses.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "errors.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "TODO.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "image.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "fileinput.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "timeit.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "asdl.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "errors.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "getopt.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "utf_16.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "encoder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "statistics.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "lock_tests.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "final_a.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "numbers.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dataclasses.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "palmos.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dictobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "symtable.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "enum.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "marshal.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp860.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "imp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "badcert.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tabnanny.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_endian.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp950.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__phello__.foo.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tool.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "events.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Package Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "xdrlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Grammar.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pymath.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pylifecycle.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "Python.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NEWS2x.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_weakrefset.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyparse.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "base64mime.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_bootsubprocess.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "classobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "compile.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pythonrun.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ucnhash.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "queue.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "symbol.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tupleobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dictobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "queues.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "setobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ssl.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "textview.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bad_coding2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "numbers.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "copyreg.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tty.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "trace.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "run.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "classobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1140.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "contextvars.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pystrtod.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "runpy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "osdefs.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bad_coding2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "encoder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_parseaddr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "modsupport.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "gdb_sample.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "selectors.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sndhdr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "smtpd.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pymath.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "selectors.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "imaplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "patcomp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "decimal.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "zipapp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "scanner.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pydoc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "history.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "runners.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "netrc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "patchlevel.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tooltip.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "code.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "socket.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "warnings.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "koi8_r.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "errcode.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "HISTORY.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ieee754.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "koi8_u.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tarfile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "patchlevel.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ZxcvbnData",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "FORMS",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pystrcmp.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cgitb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyarena.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "audio.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1256.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "wintypes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "image.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pytime.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "wave.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "keyword.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "unicodeobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "errors.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pystate.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "exports.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rlcompleter.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pymacro.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "descrobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "enum.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "text.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "cgitb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "bitset.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "history.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "descrobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1257.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "traceback.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "configparser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "NEWS.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dis_module.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cmd.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "gbk.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "locks.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "replace.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pipes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shelve.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "getopt.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "code.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "osmodule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "subprocess.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "graminit.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "posixpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pystate.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "symtable.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pyexpat.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pymacconfig.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "longintrepr.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "grammar.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "badkey.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ast.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "core.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "platform.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "history.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "zipfile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "README.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sidebar.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "genericpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "queues.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "text.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "imaplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "keycert2.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ascii.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "netrc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "trsock.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pprint.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hz.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "uu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp856.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "imp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "types.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cgitb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tempfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "gzip.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "imaplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "this.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pygram.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cellobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "codecs.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyconfig.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_osx_support.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "re.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pymem.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "locale.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "euc_jp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "listobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "struct.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "query.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "encoder.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "import.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pytree.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "io.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "utf_16.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyclbr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "main.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "asyncore.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "feedparser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pymacro.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "chunk.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "streams.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "gdb_sample.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ann_module2.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Grammar.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "util.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pydoc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "http",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sre_constants.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pymem.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Grammar.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pipes.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "antigravity.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pprint.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "fractions.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pystrcmp.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyarena.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pymacconfig.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dump.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "fileinput.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "mailcap.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ascii.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "quoprimime.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "format.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "crypt.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "token.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "core.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "weakref.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "wave.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "quoprimime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "quopri.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "longobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "audio.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sliceobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pystrhex.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "stat.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pymath.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "moduleobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "optparse.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "undo.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "opcode.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ceval.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pstats.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "nntplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp874.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "entities.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Outlook.pst",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Outlook",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "codeop.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_weakrefset.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "palmos.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "allsans.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ipaddress.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pickle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp037.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pty.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp864.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "log.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "argparse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "utf_8.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "help.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dis.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "keycertecc.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_parseaddr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "rpc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "calltip.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sre_compile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sre_compile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "typing.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "smtplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "config.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "enum.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "refactor.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "shutil.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "code.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dd_SetupUtility.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "fileobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "streams.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "context.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "audio.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_pyio.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "frameobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ceval.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pickle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "odictobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "server.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1252.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "spawn.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "list_tests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "nturl2path.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pythonrun.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pylifecycle.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "fractions.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1254.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pipes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "debugger.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "smtplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "crypt.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tmpjnl2abyncacert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "eval.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp852.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "patcomp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp857.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "osmodule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sched.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "getpass.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "antigravity.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_aix.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "extend.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bz2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "mailbox.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp273.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wave.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dd_SetupUtility.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "listobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp866.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyclbr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "functools.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "subprocess.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dictobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "asdl.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_parseaddr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "unicodeobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "shlex.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "keycert.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ascii.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1006.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "genericpath.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_bootlocale.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "client.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "compile.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "final_b.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "idnsans.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "gbk.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "symbol.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp856.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "grep.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "autotest.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "traceback.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tooltip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ipaddress.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "opcode.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "parsetok.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1250.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pymem.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "mailbox.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ann_module5.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "asyncore.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "frameobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pystrcmp.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyexpat.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NuGet",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "floatobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "README.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "warnings.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "linecache.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "threads.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "client.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "imp_dummy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pickletools.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_sitebuiltins.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "cgi.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bisect_cmd.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "genobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "feedparser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "zipfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "longintrepr.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ftplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "errcode.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bitset.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "encoders.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "generator.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "replace.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "hashlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "iomenu.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "random.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ceval.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "genobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1257.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "keyword.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sequence.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "setobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "abstract.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "schema.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "uu.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "log.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "longintrepr.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "base.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "complexobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "spawn.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "enum.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bz2.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Common",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "context.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bad_coding.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "log.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fork_wait.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bitset.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "io.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp932.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bz2.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "objimpl.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "copyreg.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "configparser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\collections",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "aifc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "fractions.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "9",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache\\http\\a\\1",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyctype.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cProfile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dist.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "locale.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "core.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CREDITS.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "has_key.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "hz.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sre_parse.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "run.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pyarena.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ann_module7.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cgitb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "io.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "difflib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "grammar.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "final_a.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "locks.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "imaplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "message.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "cmd.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp500.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp866.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "codecs.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "modulefinder.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "textpad.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_compat_pickle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "mainmenu.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "contextvars.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "reprlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp424.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sysconfig.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "rot_13.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "site.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "idnsans.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_bootlocale.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "structseq.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1006.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "longobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dis_module.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "graminit.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "symbol.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "utf_7.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "encoders.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyhash.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ceval.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1006.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "utf_7.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "argparse.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "object.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "schema.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "zipimport.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "squeezer.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "fnmatch.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cmd.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "doctest.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "codecs.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "this.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "selectors.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "mbcs.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "filelist.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "gzip.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp857.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "patcomp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pydebug.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__phello__.foo.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "image.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "fileutils.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_bootlocale.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp775.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "functools.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1257.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "io.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "browser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "types.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "format.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "asyncore.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1254.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "code.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_osx_support.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1125.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "johab.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "calltip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "opcode.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "graminit.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "funcobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "rlcompleter.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tasks.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "typing.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pdb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "extend.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pkgutil.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp866.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pytime.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "classobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pickle.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "selfcheck",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "abstract.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "fork_wait.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dumb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "listobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chunk.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "complexobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "code.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "base64mime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ann_module6.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "longobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "utf_7.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sre_parse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "badkey.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pty.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "help.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "textview.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "stringprep.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tabnanny.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "typeslots.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "py_curses.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pythread.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "textview.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pymath.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp852.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "stringprep.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_weakrefset.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "os.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "marshal.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cookies.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "re.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "frameobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ieee754.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Grammar.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "debugobj.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "statistics.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "gnu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dist.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "re.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "schema.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1258.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "patchlevel.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "enumobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pystrcmp.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "rpc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dataclasses.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pickletools.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp857.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyfpe.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1006.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "HISTORY.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "final_a.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sre_constants.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "errcode.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pycapsule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "opcode.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "configparser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\NuGet",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fractions.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__future__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pdb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cookies.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "code.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "selectors.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1252.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pycapsule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "decimal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "boolobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ann_module.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "quopri.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "webbrowser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sidebar.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "warnings.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "mainmenu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "intrcheck.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "traceback.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tupleobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ftplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "antigravity.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pdb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "keyword.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "grammar.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "traceback.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "odictobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "euc_kr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tokenize.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1250.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "iomenu.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "boolobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bisect_cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gnu.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "log.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "badkey.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp869.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "utf_32.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1258.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "modsupport.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "asyncore.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "node.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "runpy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "config.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "header.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "audiotests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyerrors.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "methodobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "zzdummy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "grammar.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "audit-tests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "debug.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "textpad.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rot_13.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sequence.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "methodobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pydebug.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "trsock.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "methodobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wintypes.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "utf_8.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "imp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shlex.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "CREDITS.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "getopt.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp855.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "contextvars.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pytree.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tool.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1026.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ast.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "shlex.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "eval.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_bootlocale.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "methodobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "shutil.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "linecache.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "socketserver.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "iterators.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "decoder.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "macosx.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "traceback.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "johab.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "keycert3.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bad_getattr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "node.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "site.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "compileall.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1257.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp855.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ann_module3.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "big5.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyport.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "asdl.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyexpat.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pythonrun.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "allsans.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "odictobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp855.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "longobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_strptime.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "text.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ftplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__future__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_threading_local.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "zipimport.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "string.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "longintrepr.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uu.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "timeit.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "textwrap.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "filelist.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "memoryobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tool.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp720.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "secrets.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp775.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "NEWS.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pipes.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "codecs.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "quopri.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "codecs.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "bz2.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_py_abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_pydecimal.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "chunk.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ast.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ann_module3.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "keycert4.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "gnu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "base64.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyshell.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_strptime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ndbm.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ann_module6.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pyerrors.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1251.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fnmatch.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pycapsule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp949.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__main__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "runners.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ceval.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "webbrowser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cgi.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pygram.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "wintypes.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "filecmp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sndhdr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ast.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "NEWS.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "token.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "marshal.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pycapsule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "random.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "audiotests.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "rangeobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "lzma.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_strptime.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp875.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "argparse.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cgi.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "xdrlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "utf_7.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "glob.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "token.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pyhash.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "allsans.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "colorsys.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "outwin.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dd_SetupUtility.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "binhex.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_collections_abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dump.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "README.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyshell.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyshell.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_compression.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tree.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyhash.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp857.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hashlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ffdh3072.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "errcode.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "site.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "profile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ntpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "zipapp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "header.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyfpe.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pymacro.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "zipfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dis.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp860.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "text.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_compression.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "unicodeobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "keycert3.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "inspect.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "memoryobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tty.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "euc_jp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "charset.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tarfile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "refactor.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "py_compile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "structseq.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "imaplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "graminit.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "base.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "secrets.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dataclasses.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp869.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "LICENSE.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "config.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp874.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "mailcap.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "grep.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "weakrefobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__main__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp950.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pymem.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "encoders.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pydtrace.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "osdefs.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "log.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1140.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zipimport.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "typing.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "autotest.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dictobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "hz.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "csv.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "aifc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1250.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "runners.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "opcode.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "keycert3.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "datetime.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "audit-tests.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyparse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "rangeobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "contextvars.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "panel.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "autotest.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sndhdr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_threading_local.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "textpad.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "keyword.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "editor.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "asyncore.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_pydecimal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "idnsans.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "mbcs.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp273.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "typeslots.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "setobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fileutils.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ast.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyerrors.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "socket.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "spawn.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "window.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tty.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "difflib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "exports.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "csv.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dis.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "numbers.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "spawn.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "dictobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tasks.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "generator.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Python.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp932.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "CREDITS.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pydoc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "window.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "header.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "outlook logging",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "idnsans.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyparse.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tooltip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyctype.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "handlers.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_osx_support.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "plistlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "grep.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "token.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "funcobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "utf_32.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "descrobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tabnanny.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp500.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "gettext.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "uuid.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_threading_local.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "statistics.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Python.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "string.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "structmember.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "keycert.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "log.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "funcobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "floatobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "decoder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "signal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "keycert4.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyctype.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sched.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "moduleobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "textpad.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "doctest.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "final_a.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "floatobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pylifecycle.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "formatter.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "turtle.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ann_module.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "object.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyconfig.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp273.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tabnanny.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pprint.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "hashlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "koi8_r.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ucnhash.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "marshal.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp932.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "py_compile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "refactor.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mbcs.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "abstract.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "grep.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "keyword.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "complexobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sre_constants.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "handlers.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_pyio.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pystrtod.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "search.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "squeezer.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1251.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "profile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sched.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "difflib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bytesobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pydoc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bad_coding.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Python-ast.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ucnhash.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "window.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp950.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "graphlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "codecs.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp861.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "threading.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "colorsys.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "complexobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "intrcheck.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyexpat.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pty.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "util.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "types.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dumb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "datetime.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyarena.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bdb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1252.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "1",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache\\http\\a",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "symtable.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bltinmodule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "queues.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "events.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp775.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "patchlevel.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_osx_support.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "main.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp866.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyframe.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Outlook",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "imp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "README.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_bootsubprocess.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sliceobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sidebar.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "LICENSE.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "util.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "idle.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "threading.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "filelist.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gettext.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "socketserver.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "calendar.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "token.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "queue.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "errors.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "rlcompleter.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sidebar.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "audit-tests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "parser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ceval.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "search.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp720.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "posixpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "smtplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bisect_cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "types.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tokenize.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1140.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "parser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "telnetlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tempfile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "asynchat.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "charset.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "dumb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "copyreg.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ieee754.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "locale.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hmac.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "unicodeobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pymem.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_aix_support.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "utils.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "imp_dummy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "intrcheck.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "util.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "functools.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "random.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "feedparser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "typeslots.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "structseq.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SafetyTips",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__future__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1256.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "classobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "turtle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sysmodule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp852.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp949.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pycapsule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ann_module.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "signal.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "koi8_r.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "string.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp869.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tasks.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pythread.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "gbk.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pyclbr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pytime.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp1026.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sysmodule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "opcode.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "outwin.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "debug.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_pyio.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp861.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "codecs.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_endian.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ucnhash.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "getpass.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "rot_13.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "iterobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "debugger.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "gb2312.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tokenize.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tmpjnl2abyncacert.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_aix_support.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bz2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "has_key.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "euc_jp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Outlook.pst.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "getpass.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyparse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_compat_pickle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "coding20731.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "object.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__main__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "nturl2path.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "struct.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "utf_16.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "oem.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "iterobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "editor.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "runners.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "intrcheck.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "server.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp437.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_collections_abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cgi.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "warnings.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "operator.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp865.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp874.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "colorsys.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "chunk.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "zzdummy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AutofillStates",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ast.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "keycert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fractions.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "context.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "nntplib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp852.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dumb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "glob.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pygram.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "run.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pydtrace.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Outlook.pst.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Outlook",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "netrc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "refactor.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyctype.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "symtable.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "mailbox.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bytesobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "binhex.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "asynchat.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dbapi2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "structmember.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "base64mime.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cookies.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "squeezer.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pytime.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "config.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "fileutils.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "keycert3.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "fileobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "rangeobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fileutils.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "tmpjnl2abyncacert.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "funcobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp850.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "argparse.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "sysmodule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "genobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp500.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp437.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "LICENSE.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1125.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "stat.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "turtle.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pymacro.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "memoryobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "memoryobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "NEWS.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "platform.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "configparser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "threading.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "import.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tracemalloc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sequence.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyshell.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "errcode.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "TODO.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "iterobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp037.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TODO.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "difflib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_markupbase.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "this.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "config.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp720.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "token.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp855.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "audiotests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "keycertecc.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyconfig.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "macosx.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "editor.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "warnings.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "descrobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "wintypes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "os.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sslproto.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "node.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "modsupport.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "doctest.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ndbm.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "quopri.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dd_SetupUtility.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "contextlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "imghdr.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "node.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "py_curses.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_weakrefset.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sre_compile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "unicodeobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_aix_support.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sndhdr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pystrtod.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PKIMetadata",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sysmodule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "lzma.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pystrhex.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "replace.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1256.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "hmac.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "utf_8.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "copyreg.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp860.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "mainmenu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cProfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cProfile.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sslproto.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "palmos.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ascii.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "compileall.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ascii.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp949.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp720.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "smtpd.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "setobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "code.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pyctype.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "zipimport.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "setobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "copy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "optparse.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ntpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "objimpl.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pickle.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyerrors.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pylifecycle.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "modulefinder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp858.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "argparse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_compression.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "macosx.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "util.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "opcode.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "symtable.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "idle.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_pyio.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "getopt.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp737.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "genericpath.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "help.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "big5.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pydtrace.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "code.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ascii.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "smtpd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hashlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "debug.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_endian.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "csv.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bltinmodule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pystrcmp.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "main.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "scanner.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "scanner.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cookies.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "fileutils.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "gettext.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "Outlook.pst",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "parser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyframe.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "hmac.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tasks.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sysmodule.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "extend.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tooltip.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "structseq.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "os.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "py_curses.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pytree.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "gettext.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pystrtod.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "feedparser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pythread.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "_bootsubprocess.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "decoder.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "nntplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pty.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tracemalloc.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "outwin.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "subprocess.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "parser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "scanner.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_aix.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp437.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shutil.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "getopt.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "longintrepr.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1026.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "imp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "handlers.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "inspect.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "futures.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ucnhash.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "asynchat.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp862.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "quoprimime.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "weakref.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "badcert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "webbrowser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mailcap.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "tracemalloc.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ann_module7.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "funcobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tree.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "browser.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "linecache.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "autotest.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "iterobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chocolatey",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "history.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "main.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "gb2312.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fileobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "reprlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pymem.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "stringprep.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Python.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp737.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "sre_constants.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "stat.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "plistlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "utils.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tree.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bad_coding.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp1253.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SOPHIA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp869.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sliceobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "poplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "debugobj.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "final_b.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "HISTORY.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp850.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "hashlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "panel.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fileobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "platform.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "koi8_t.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp861.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "trace.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "search.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ceval.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "boolobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "node.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NEWS.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_markupbase.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "colorsys.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "__phello__.foo.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "graphlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "dis_module.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "osdefs.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "weakrefobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bdb.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "textwrap.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "futures.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tty.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pip",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "antigravity.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "code.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "ceval.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pyfpe.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "grammar.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pyarena.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Python-ast.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_parseaddr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "functools.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp1254.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "site.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "browser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp861.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "code.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "configparser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp863.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "shlex.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "audit-tests.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "client.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "asynchat.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "HISTORY.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "iterators.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp856.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "FORMS",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "contextlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pkgutil.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "streams.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_strptime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pstats.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "npm-cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "this.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cp862.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "inspect.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "TODO.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp1254.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ssl.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "weakrefobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dis.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tarfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cp862.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "datetime.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "formatter.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "structmember.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "codecs.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ann_module5.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "compile.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__future__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "koi8_u.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "exports.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "header.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp862.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "formatter.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp860.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "calendar.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "import.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pystrhex.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "tempfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "tracemalloc.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "statistics.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "telnetlib.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "errors.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tracemalloc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "posixpath.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "trace.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "utf_8.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "83d4f33bfdf82e45",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "socketserver.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ascii.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "debugobj.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "koi8_t.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "iterobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "warnings.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "codecs.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "pathlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Files",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tool.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "utf_16.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pytree.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "__init__.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "filecmp.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cmd.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cp437.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_pydecimal.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "_aix_support.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "fork_wait.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "context.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "symtable.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "base64.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "cp850.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "crypt.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "datetime.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "mbcs.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "enumobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pyport.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pymath.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "locale.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "core.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "handlers.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "keycert2.pem",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "list_tests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "Python-ast.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "glob.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "mimetypes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "threads.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "bisect.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "object.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Programs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "locks.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cellobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "_bootsubprocess.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fileinput.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\collections",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pyport.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "pystate.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "badkey.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hz.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ssl.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "NEWS.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "keycert2.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Crowd Deny",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "calendar.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "message.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "sequence.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "contextvars.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ipaddress.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "bitset.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "util.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntpath.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sysconfig.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "pystrhex.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ffdh3072.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "locks.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "runpy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "odictobject.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "ndbm.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "cgitb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hmac.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "token.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "typeslots.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "signal.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sre_parse.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "compileall.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "antigravity.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "uu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "server.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "a",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache\\http",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "abc.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\collections",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "trace.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "modsupport.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Reader",

"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC\\SOPHIA",

"status": "success or wait"

},

{

"action_type": "file_read",

"file_name": "pythonrun.h",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "copy.py",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "ceval.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "C:\\Windows\\SysWOW64\\oleaut32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\msvcp_win.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\SspiCli.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\RPCRT4.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\WS2_32.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\USER32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\combase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\win32u.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\windows.storage.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\propsys.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\OLEAUT32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\PROPSYS.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\iertutil.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\rsaenh.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\KERNELBASE.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\FLTLIB.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\Windows.StateRepositoryPS.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\apphelp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\IMM32.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\CRYPTSP.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\imm32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\kernel32.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\kernel.appcore.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\bcryptPrimitives.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\powrprof.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\bcrypt.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\msvcrt.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\CLDAPI.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\rsaenh.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wow64.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\bcrypt.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\iertutil.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\sechost.dll",

"module_tag": ""

},

{

"module_name": "unknown",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wow64log.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\apphelp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wow64cpu.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\edputil.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wow64win.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\clbcatq.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\UrlZonesSM_user",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\shlwapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\ucrtbase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\profapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\KERNEL32.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\cldapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\GDI32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\cryptsp.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\WININET.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\wininet.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\WinTypes.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\urlmon.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\en-US\\propsys.dll.mui",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\cfgmgr32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\edputil.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\uxtheme.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\shcore.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\SHELL32.DLL",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\SysWOW64\\urlmon.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\apppatch\\sysmain.sdb",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Registration\\R000000000013.clb",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\CRYPTBASE.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\gdi32full.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\ADVAPI32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls32\\ole32.dll",

"module_tag": ""

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",

"status": "object name exists"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex",

"status": "object name exists"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5252:64:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5252:168:WilStaging_02",

"status": "success or wait"

}

],

"process": {

"name": "rl_file.exe",

"parameters": "C:\\Users\\user\\Desktop\\rl_file.exe"

},

"process_actions": [

{

"action_type": "process_created",

"path": "C:\\Users\\user\\Desktop\\rl_file.exe",

"status": "success or wait"

},

{

"action_type": "process_queried",

"path": "C:\\Users\\user\\Desktop\\rl_file.exe",

"status": "success or wait"

}

],

"registry_actions": [

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000323-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0000032A-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\rl_file.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AllFilesystemObjects",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{75847177-f077-4171-bd2c-a6bb2164fbd0}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE\\Diagnosis",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{1649D1CF-DEAF-4A68-ABE8-5C9F68572FD1}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\AppCompat",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1649d1cf-deaf-4a68-abe8-5c9f68572fd1}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InProcServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Folder",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\feature_localmachine_lockdown",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InProcServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\internet explorer\\main",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\shell\\open",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\DebugInformation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000323-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Application",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000339-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{75847177-F077-4171-BD2C-A6BB2164FBD0}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\TreatAs",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler32",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\internet explorer\\main",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\rl_file.exe",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0000032A-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}\\",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000339-0000-0000-C000-000000000046}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc\\Extensions",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\InProcServer32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\CurVer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\Elevation",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}",

"status": "buffer overflow",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\NULL",

"status": "success or wait",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\BrowseInPlace",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_value_queried",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER_Classes\\exefile",

"status": "object name not found",

"value": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",

"status": "object name not found",

"value": ""

}

]

}

],

"classification": "MALICIOUS",

"configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11",

"dropped_files": [

{

"classification": "MALICIOUS",

"file_name": "Tox.exe",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",

"md5": "3133c2231fcee5d6b0b4c988a5201da1",

"sample_size": 636416,

"sample_type": "PE/Exe",

"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "odictobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "3412092fc220a39ec4b4c1d533ae2c84",

"sample_size": 1384,

"sample_type": "Binary/None",

"sha1": "eb16fa73d98ecc868c92231fa192bb54c45e5ee2",

"sha256": "ae029452ce82c44e53360cfcc89ca05ae52217d189b10d9c748cc3606e7872ea"

},

{

"classification": "MALICIOUS",

"file_name": "test_hmac.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "f261a5bd0bd375bee4b0062fe63815b6",

"sample_size": 26216,

"sample_type": "Binary/None",

"sha1": "08ba0b7446110fc8ef5a31feb831c8008dc65b5b",

"sha256": "759074fe4748e7f3499358cfb71d188841d1f9ae9cd960f353cec5b586e2da3a"

},

{

"classification": "MALICIOUS",

"file_name": "optparse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "3a53e441fa28fd3963e999722188b68a",

"sample_size": 62088,

"sample_type": "Binary/None",

"sha1": "c6b56469c904ed9471d612ac73f0189f01b6823a",

"sha256": "71d217728583495d032a5a92313960b0a8157e7c00e4eeec60cdbaed15fa77b1"

},

{

"classification": "MALICIOUS",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",

"md5": "17f96f772a1f0252d1926217c6e75238",

"sample_size": 174248,

"sample_type": "Binary/None",

"sha1": "ad15da194887ee846a37ce01c4afbe45c68b7d06",

"sha256": "12c7ced0659d6464ff1b8a418f0901208a0f1da4f8254476a8f6a331ad523d51"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ann_module7.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "1e8a3761bbd1df7937b782c41b95e113",

"sample_size": 344,

"sample_type": "Binary/None",

"sha1": "a450497ee7e6043d02e87c0800ff4c6c3065a154",

"sha256": "c6e4bf45ed7fdc512a052949440764d1a66a7b9bbb0a3635e509ad79118f099c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "config.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"md5": "6e8b8eb2cb962b299f40d5c2666b0223",

"sample_size": 5000,

"sample_type": "Binary/None",

"sha1": "bd9fb2a9afabbb0ed316bced48b862246350f436",

"sha256": "837b10f1a929cb9a0f4910b745e0a2221dbdd57906667673b6a5987c735d1487"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "sysmodule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "c57c905d2db879b64ae473a1a6606c02",

"sample_size": 1320,

"sample_type": "Binary/None",

"sha1": "61863d1a1b2f83064067187f7723195e8a17e3f1",

"sha256": "c52889dfb203d4f5f591bc81132826a84ca3550df101f31d9b4ef2e8264ad371"

},

{

"classification": "MALICIOUS",

"file_name": "Python-ast.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "9566a0f08c40e26128d70aefd0c3b171",

"sample_size": 26928,

"sample_type": "Binary/None",

"sha1": "f836741c794920552e44496143c1f626207417ec",

"sha256": "239979e48c0ea4c1853ebaef305cacd2b9340ef2e0d44d00b40a41e43cd36ecf"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "crypt.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "a9f1f6a649680786f943e038aebad4a7",

"sample_size": 3976,

"sample_type": "Binary/None",

"sha1": "fc989126594345c61e902683488e6523ebb1548b",

"sha256": "4d3fd020771b0cbee15d7a6510b1dfb6271f293301a8bd185a591217670a3cdc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "grep.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "f1a02c2294063ff194372ec4df161616",

"sample_size": 7744,

"sample_type": "Binary/None",

"sha1": "5f5c290c91df881436bf9f0e0026a191af9e88ec",

"sha256": "504228636a38b270a970707fa773f83f9617c01e5cf372ad835fa6663f717778"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "life.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "e55b94bbdd553ee65f17c31bf99bec08",

"sample_size": 9288,

"sample_type": "Binary/None",

"sha1": "e5f54fe7cae5e07b2c490a9a93489dffaa47d646",

"sha256": "81eeade43b61db361790edda80095fabc31980ceedca2da4ebecee3c5ffe335e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_index.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "69caf5b809edfdd8121e26eebfaa0a61",

"sample_size": 8888,

"sample_type": "Binary/None",

"sha1": "542ca492e3d12cce69af522bebc3891b448ae15a",

"sha256": "60e8ad9d7ea6945fc26fc43ddfe8626d3e96f7f16eb8ea3c9c778f5216e998cf"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "types.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "aa91f21061e904d0ac11bdf5e80c89a7",

"sample_size": 10128,

"sample_type": "Binary/None",

"sha1": "ddf45d460dfda0121f8b820bb5f4a0bbdafc8ad9",

"sha256": "6a84fd532c6e54b8368741c4be54540327035a151a9bfa485e34c3cc6ff0d33e"

},

{

"classification": "MALICIOUS",

"file_name": "compileall.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "7aed7bc548c2b6ccb5e862d4866872cd",

"sample_size": 20608,

"sample_type": "Binary/None",

"sha1": "2132f0781cfb765e9e7624b2073dbf578ceb8bf8",

"sha256": "08021d994fc6a753995efd1c348d53248681e5cdf02a9aaa85b978445cd98668"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "rlcompleter.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "1fd9bd53e1d19f5985b609936b6f4d28",

"sample_size": 7904,

"sample_type": "Binary/None",

"sha1": "88a086e6620940d8fee36b903b433485a86f17ef",

"sha256": "76e891a19766c9558064f541bbbc214d3c964c53afb42117176bd831c1003300"

},

{

"classification": "MALICIOUS",

"file_name": "mailbox.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "a2a83788d1ecb65fd54d9a38cda077bb",

"sample_size": 80984,

"sample_type": "Binary/None",

"sha1": "ea91f4ceab77d85799ee28628d3c7076997e744f",

"sha256": "fcb3eb3123f6c699d63d471002beaa94b196840caa5195e9adca4f6d7634cba5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_glob.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c6aaad71ef48383cac045fb5e6b42da8",

"sample_size": 13720,

"sample_type": "Binary/None",

"sha1": "f1956ff72c3ab9a31a1d2da012677d5010e64b4c",

"sha256": "3e2eabced61e713d8281dd0332f352176e7f5dc40536f8f646cd23e69a486c98"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1254.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "e4786b5ab8611aec26acd351ffffe8a5",

"sample_size": 13848,

"sample_type": "Binary/None",

"sha1": "e2f79998765a905f39f1cb827f2f90814908d2ac",

"sha256": "eae5a3400e292091b55edb96cda546618c9ff45c67cae8baaddde8696383e737"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_flufl.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "715ecdd8edc7896fc93bb5a946153b48",

"sample_size": 1744,

"sample_type": "Binary/None",

"sha1": "6aaefdb390edc578db6b6ef4d3537f6f5a184f96",

"sha256": "9df31be7853e0b954e07ae9e553b891dff55bfb03f1459d5d0a6ba5df8cf9df5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_cgitb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "fa95501b68ced5d56bfad4fd1e79df40",

"sample_size": 2704,

"sample_type": "Binary/None",

"sha1": "23c8ce7d1062d43e727047bdb91f9205b93eeecd",

"sha256": "0057f6013d9f20a1bda0a1552343199a1a2c094d750a425dc70d1d382b3cc0e2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "keyword.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "58f23a24a99ad5ed49b87ef6cc4e72e5",

"sample_size": 1152,

"sample_type": "Binary/None",

"sha1": "d07ae2e8c068ffdb771534142c41393b09c282a0",

"sha256": "e476107c39da3ade0bb7b5596b1334a61a10ac498090d1d7650d3ee6812a8dbb"

},

{

"classification": "MALICIOUS",

"file_name": "message.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "a1822585de59421400a506ff4a0f77f4",

"sample_size": 48272,

"sample_type": "Binary/None",

"sha1": "55adb9a724e49a3220a17a17198083b5d6e2b382",

"sha256": "61b18872a724e1edc38272ff3a6c024eeab0e51a9ae20fb76f8495fbfe811e4a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp949.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "1953005bfe38b2e9b5cb427a25ff0926",

"sample_size": 1104,

"sample_type": "Binary/None",

"sha1": "28ab4156acd49b1ee49e74dad4b57c6526321705",

"sha256": "44cbb980acad98a4bc2759f37e95bec531230f66ef9a994012a3f281a1023a72"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_ctypes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "91c292b226eb7f28bcda6028d23da313",

"sample_size": 232,

"sample_type": "Binary/None",

"sha1": "90fcb690c4a857f8cda5e64e4dfe6bb224165ef8",

"sha256": "326b422636f59d3f96d41bf2aa6023b0955e404603f0b42135ae3b7fd8a3b6bc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "list_tests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "48122189b6162945482583ef27470217",

"sample_size": 18080,

"sample_type": "Binary/None",

"sha1": "5635d117c3455d2a19b5cdea060b06a55260f111",

"sha256": "dbd58c2b359b04591729b191d17244e06647fa3b5bb834e0e6b8e0558f9c9bce"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "osmodule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "2515d8a5958b1f7428379a10f1f53c38",

"sample_size": 352,

"sample_type": "Binary/None",

"sha1": "0a8103966dcd8116e1790c9397804959ebea48d5",

"sha256": "a387446860c0f75598035d9306876e19ca4440d0d22e02c1096710441e331971"

},

{

"classification": "MALICIOUS",

"file_name": "refactor.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"md5": "fadf8adb3de58f5a7a9875680375a063",

"sample_size": 28280,

"sample_type": "Binary/None",

"sha1": "46d3d649350d05400dd74cd54cfc9933792fa90c",

"sha256": "ac94a83d76a14388d36847da30a07536424672cc4b5ec2c130a9e74d6089a202"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ieee754.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "faa1501bdc9f63dd7e1ee95e0c192dee",

"sample_size": 3512,

"sample_type": "Binary/None",

"sha1": "0fa9cbf5ebaca670ebdeba4315189de2d56cadf3",

"sha256": "58c49ba733b7122ac44e83f5cbfe7bf9392a9e1e27bfc078f6d64dd172cac3b1"

},

{

"classification": "MALICIOUS",

"file_name": "traceback.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "01d894e8ac8afa8b8df5345a113cd602",

"sample_size": 25344,

"sample_type": "Binary/None",

"sha1": "fd24dc7aceaabe8c5002e9d59b96c983af554cc1",

"sha256": "dcd71c15a5f646fc0c84231cffccd45242377fc4e765955fc28b839ef8c80217"

},

{

"classification": "MALICIOUS",

"file_name": "test_time.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "d3a396057220daec13948937fdd02c1d",

"sample_size": 41960,

"sample_type": "Binary/None",

"sha1": "bdb547e8d9045d17600135e5b868270d0fc96af4",

"sha256": "29a6d0f410380f2139eeac85fec07319c1ac7182188598eded298930c01512fc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "0b66c78eb0779c515dadb7c71e129f19",

"sample_size": 80,

"sample_type": "Binary/None",

"sha1": "3ea61edbc512e7f45f05f6f2c1d2b432eb97baaa",

"sha256": "a6fb14d10ae7acd0ea355bc6554227e2d2b8a9ddf702cf6fa723c3e9072cefdb"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "versionlist.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",

"md5": "d2c7d6d0a6d9f702f6e3936589a41ee1",

"sample_size": 15888,

"sample_type": "Binary/None",

"sha1": "6df1d1a5b93e6de37723c77db4e99ce5634f168e",

"sha256": "0b0946af895639845c342b648b93c9ea664011b3b6378385b2c47f1979e79312"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "palmos.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "1c9b481d20baa29974e3ad97abee89bb",

"sample_size": 13864,

"sample_type": "Binary/None",

"sha1": "608314aa13fce5eebbdcb46ad81544474002fad2",

"sha256": "755a43d498461631fdf69c9802b3e66583c6dfc94f44be4ea72035748d535e0e"

},

{

"classification": "MALICIOUS",

"file_name": "gettext.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "f5824e7e554cb6d16fe72bb86ba69439",

"sample_size": 28096,

"sample_type": "Binary/None",

"sha1": "060187044018f9faeb9e982c3a28699c9fd47325",

"sha256": "f38122d0bf630cb6c5560167fe77901a44bd43b390f1cf822d24cb463921597c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp875.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "ae3340651634aa04bbcfc192adbc88d9",

"sample_size": 13200,

"sample_type": "Binary/None",

"sha1": "648f59444af950a7b302d7c32a2e4b4f1ce6b4fc",

"sha256": "0b99c9133a0a5ecc073ab9fc1121139e098aa2d8f8d1dc878c3ca4a50f876c4f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "imp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "88049f4c626c035185813d76427e8f36",

"sample_size": 10920,

"sample_type": "Binary/None",

"sha1": "edcbc7fd9b171a16674f09906134ccf9b1853c4c",

"sha256": "68eb0cf4faaac6d68ce831fc813e882a52e7b307c83ae21d2f5e6c835f8522fa"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "utf_8.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "22eddf8ea527b7c3fa04526ff5293468",

"sample_size": 1088,

"sample_type": "Binary/None",

"sha1": "733b3ba484e28dd859eeb55e272360a683db228d",

"sha256": "bb40a355f6471f3379534dc7ee7f10aa25ef9d608dc2bc602ab0fa336a8f6066"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ssl_cert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "f21346295be38ca5fe8aaf947be6655b",

"sample_size": 1640,

"sample_type": "Binary/None",

"sha1": "33e928929d24251295d47c4fb165a1aefe05f309",

"sha256": "44cb7bc967a1aa78b1b4cf19424acb91067316dc16c16ca1dcb267d53db3dc7e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp424.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "cf1b79349fe8adb644c130e4fa19facc",

"sample_size": 12400,

"sample_type": "Binary/None",

"sha1": "3fb8aae4df0c693a93561a5b7c0727e2dfb9ccd9",

"sha256": "9223e3aa5afc5105aba5935c36a35bb986b4f7f189aab69e979c37fa7c838755"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "search.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "bda64b0ab9a528aa95ab68b1c24bd38b",

"sample_size": 5768,

"sample_type": "Binary/None",

"sha1": "8658e11ae9875b73bb13740a0452c11d4bc7cbe9",

"sha256": "f0dd599d0d9310e0a28a0c355601668c1e7c816ced8f903338cccaf64067c392"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "node.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "02b1f0f7f0f3b09abfa43ca7fadbe350",

"sample_size": 1368,

"sample_type": "Binary/None",

"sha1": "ea25305df71d306e3c8ccf03b48bff9949ab71b4",

"sha256": "f93fd8511aa7e43b1237b320b585bfdb5c7ffd342f650e052b02947b5f5174e0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",

"md5": "0426a70e5c32a1c7f2c92a30b525acaf",

"sample_size": 648,

"sample_type": "Binary/None",

"sha1": "50d1cba79a9db6a3f1e7e85e9240f758409ab718",

"sha256": "f5bd8778e4a570b9d51cbad09758fcd34178a2c450c45faccbac0876870877a2"

},

{

"classification": "MALICIOUS",

"file_name": "test_pydoc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "0436c847cb40a7ae6bfab114dac9d3e7",

"sample_size": 63048,

"sample_type": "Binary/None",

"sha1": "5f827356a1a6d55c61133a85f83c3f2a8c755ab5",

"sha256": "a3b08652a6d1337dcccdd164efc3643be419fdb44980123c38ab96f79ff954a2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "has_key.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"md5": "2739b58d7dbdd42032eb2e43846c89af",

"sample_size": 5864,

"sample_type": "Binary/None",

"sha1": "db3820d780edac3eab83f616d87e67c1d5db392c",

"sha256": "afa15efe6dcf18f7c8c16460bd89d09d6567c1486c38548062b3307d2291e2ff"

},

{

"classification": "MALICIOUS",

"file_name": "test_bigmem.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "6ac9ae12395538d9aef260c68d920053",

"sample_size": 47152,

"sample_type": "Binary/None",

"sha1": "d8eb27b21e3b2e8adc5526d93be3addaed20796c",

"sha256": "b25a6dd0a1e3ca5db6fded68a917c016955714067269b3ef0d6fa90fcb916d26"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_compression.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "09c2a84ba47f6ad89de4b83a54b0e4c1",

"sample_size": 5536,

"sample_type": "Binary/None",

"sha1": "e487bb5affae4cb8a856aea5f6ba8612540a1580",

"sha256": "6b6597c03313ee132ca3a84cd16052d42a8cfc5d54db197d173f69f243941529"

},

{

"classification": "MALICIOUS",

"file_name": "test_pdb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "874847379a64bf64b850eacab378866e",

"sample_size": 63696,

"sample_type": "Binary/None",

"sha1": "a0f0e5b6463b8502e44e2a1efe7f02bbc3908555",

"sha256": "4a9ae47bd21f0afdba3260f4d9c941654e090fa4d56c040f5e8ec33ba52e48ee"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "textwrap.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "3c0a914769c28bb0ad5d8282b396f2d7",

"sample_size": 19936,

"sample_type": "Binary/None",

"sha1": "7675235e4935ce77a0355c9c1c725a9306b70ef3",

"sha256": "4e4fb8b39e63cc3bc9f50166ad4769f591fdf9fb19328638d5613b0dc5ea2031"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ann_module2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "806eae64922b1b49eefbb32728bde83e",

"sample_size": 592,

"sample_type": "Binary/None",

"sha1": "d9785dff76a3bc509d0953afc2a82f6ffe386b29",

"sha256": "3677ee2e05f68da8bbc0738689b942b6983dd48144ccb48bc222e168497c6a1b"

},

{

"classification": "MALICIOUS",

"file_name": "test_gdb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3f5a8acd3a41219ae7ed3bc8349b9e91",

"sample_size": 44648,

"sample_type": "Binary/None",

"sha1": "9a873a174c475ad3984b682a7971f45142ddbc97",

"sha256": "04b40b6854508fec5300cd3ff245e2719d165ea0376adc3c3d619b2d238ffe03"

},

{

"classification": "MALICIOUS",

"file_name": "site.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "468dbab4ac2a0db0636b84a491757583",

"sample_size": 22248,

"sample_type": "Binary/None",

"sha1": "392bfbd8acc016263338a6865fb5217d2de40841",

"sha256": "47eb6c5e39791fc5e70cc54d81c90c24453ced167641a485398940238af3d1b3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "help.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "1b38301097b7a00bc2e1f33e727daa22",

"sample_size": 12184,

"sample_type": "Binary/None",

"sha1": "57d37a1f3b674eb2dec5ea70ed80cbfb67910d13",

"sha256": "aeb1bee0d15646a143c07e570581aabf332dde7021e9abd1374c31b522b3c79e"

},

{

"classification": "MALICIOUS",

"file_name": "rgb.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\pynche\\X",

"md5": "d3e9abfcd7c5ccc5ea1fea1c758674af",

"sample_size": 18168,

"sample_type": "Binary/None",

"sha1": "5f79be09b41bfb9aec5478d55581255df87f2346",

"sha256": "bcb2b7fd69e25a2e7bc23ab087f6e474ef1ac6f252212f913b449fbd4411be72"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "21d4feba3519c30e149fdf62432f198a.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig",

"md5": "2d146083c1a3c4013d5d446a4f10d7f5",

"sample_size": 2168,

"sample_type": "Binary/None",

"sha1": "f29c4b146fc6889be9670c2d2e951c9472902224",

"sha256": "b6e8969b95ac44915fa0eb479fdda926b1bd727f87872e08d7f876ba0024126e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "asdl.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "e1d9a79c12632dbf3411a83cdc528a68",

"sample_size": 1312,

"sample_type": "Binary/None",

"sha1": "5509a15d8d40512e524fb9dedca8488c080d0fac",

"sha256": "63586c2bdba98757348dc61f656becc2c75ba1f6d39281a043610d0631358ced"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "bad_coding.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "a2237c8c140eef72b383d307f63c4867",

"sample_size": 64,

"sample_type": "Binary/None",

"sha1": "6d73ea51c2e8b3a6fe5d0514404316929ee760c9",

"sha256": "bd6dc63d6492772a01583bdf35e714d73952598366b5144a2ff6971e4d455967"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_tzpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\zoneinfo",

"md5": "511be2dcd551a40451264a5ff628ef92",

"sample_size": 5296,

"sample_type": "Binary/None",

"sha1": "43990a2a99d73aabc6ac9090b53a05bd74c843fc",

"sha256": "f154af54bae028885aaff76f70b26fa79f17fd635b9f06c78b87e24b2afa6885"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "funcobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "29ca31d1eba36a5ed07cd7ef8e1e9b72",

"sample_size": 4192,

"sample_type": "Binary/None",

"sha1": "1a34081326ccbdcab83ab5b73e12df4c421332a9",

"sha256": "7441173ec24f5cce065992be43358b11aa18f114131616a90ce0f0ca6578e5f3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pycakey.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "45528037bec338cc533d2b4491d3f880",

"sample_size": 2568,

"sample_type": "Binary/None",

"sha1": "69c76af80ca1c262f84dbac20eb4566fbfd69e51",

"sha256": "d41b52332dab3e55eb96948ee888a4a49cf03306886e2d62c4a46ea01917ed26"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "oem.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "23bf9890d96475f939864b760b229b82",

"sample_size": 1104,

"sample_type": "Binary/None",

"sha1": "1dc2f93e767e5f21922781e00821c7af61e9b06f",

"sha256": "892cb42dd291316b38f46ac25be60c294d540f3153f6b796ef7d56ddd449f3e1"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_hash.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "5fae8ea103b79ab9e3fcabc5f4e99ebb",

"sample_size": 12112,

"sample_type": "Binary/None",

"sha1": "d60cc7ad5023661c5cdfc8d50099a2e89464d758",

"sha256": "d9417a4f45475818a83633037390e6c8bed0ec69082d71da6e49c05767b45f2b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "nosan.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "f9d9c7aba20ef821c8f21e4c40b71a30",

"sample_size": 7888,

"sample_type": "Binary/None",

"sha1": "ac6dcc9b5fe28d3cdbb069db07f790e909abab66",

"sha256": "24db772e81b7496c2590aef4882cc84e4e20a52ce463199846e9d5401bca151e"

},

{

"classification": "MALICIOUS",

"file_name": "test_range.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "a06fc0291809bcac2aaec3946c849f8f",

"sample_size": 25656,

"sample_type": "Binary/None",

"sha1": "7e8be70aedd12c785213bc1c832a781206103749",

"sha256": "3907f55da5e48fd85210f0e739b9eb4675976c717aa1025b2db7cab4a0aefcd0"

},

{

"classification": "MALICIOUS",

"file_name": "mimetypes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "d970139acb7fabdc24657adaa08e9dd5",

"sample_size": 22216,

"sample_type": "Binary/None",

"sha1": "0a6a563abe9efbc1150548872ae5e68c0fb68708",

"sha256": "e6914937ecd57492121b9cdce72d92506719ad2b432941790651ea9d5ece7243"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "iterobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "d0b1451eb82831ff63a604c115f65f8b",

"sample_size": 584,

"sample_type": "Binary/None",

"sha1": "cfacf2f0852ebae3e37d09699ca79537d8a0ab14",

"sha256": "8e741c7670df9caf24158730dbc2e440d4de5f18547cd3939699a442b1dbf2c2"

},

{

"classification": "MALICIOUS",

"file_name": "asyncore.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "a1e389796688969c4153ef385ecb6d99",

"sample_size": 20784,

"sample_type": "MZ/DOS",

"sha1": "3b42b184df1d638e48eb8a814fa7509d8dda7fc1",

"sha256": "5b43d6305571996b3b6756b3309b79c98c27e5627f6cf28b91345087713ca133"

},

{

"classification": "MALICIOUS",

"file_name": "inspect.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "ab42fc8057d97aeb626f6e0a0252d06a",

"sample_size": 121448,

"sample_type": "Binary/None",

"sha1": "41ec7190d2a3e156e934aba192f532e2abbce555",

"sha256": "e623ec3a9fa5fd0aaf7cb13ce3ea96fca35c158d777693b85085b950b7e6e7b5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "intrcheck.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "6be212cc6a022c3491e894ca94bd462e",

"sample_size": 936,

"sample_type": "Binary/None",

"sha1": "13dd4cd171827fe5c991952428b685f1d36fc01f",

"sha256": "0356847870bd90e0dc8ee47e9b59cca8acae9532f74ee314d3b44548c7a30018"

},

{

"classification": "MALICIOUS",

"file_name": "test_deque.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b1c33bdb9ffe813ddb34f922c3885583",

"sample_size": 36480,

"sample_type": "Binary/None",

"sha1": "9766e2fcf6f0bf5056b12d8030d1d0307279c189",

"sha256": "978faccb7752a8ff21b5a2c5481d8be309585a325ed82e4d9924a9ebe215b721"

},

{

"classification": "MALICIOUS",

"file_name": "test_sys.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "5926a6ea2ab1e33430c6b2eb5616f08f",

"sample_size": 57632,

"sample_type": "Binary/None",

"sha1": "9de125893099a684154125148bf4a199d4a3b7a1",

"sha256": "5ee19e3d218c847f94d1b3d6f3acd473a7c5516d099a882dddc3247a9bd8e6d6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "lll.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "ad7fc598c9b28c282bf4331620f2e0c1",

"sample_size": 816,

"sample_type": "Binary/None",

"sha1": "abc187688d88596322d48738070511604f0cea03",

"sha256": "fdd42e2a29115427e48387c4f2a96e617eb13ed10639958581845573701b4383"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "colorsys.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "96b862c2ee48e4fadc8eabe8f5ae7d77",

"sample_size": 4272,

"sample_type": "Binary/None",

"sha1": "99bb3573ff1e909905cdc78885b30fd6dc25fb76",

"sha256": "f201e68ac10ea4b17f2e87ae1f3d01dd7f5b597ff0fcec24242156067000b8f8"

},

{

"classification": "MALICIOUS",

"file_name": "unicodeobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "db3c9ea5c9262124df1b1861e1b706b4",

"sample_size": 36496,

"sample_type": "Binary/None",

"sha1": "7330876ed97a00d8c307aa27f1e480293f34a3de",

"sha256": "6e017e5108dec71db4a30e68c49ba71a5a3525d99621c84b94da6e27cd22bf60"

},

{

"classification": "MALICIOUS",

"file_name": "heapq.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "c6d6fdd7138baafe32f23dd2b5d610cd",

"sample_size": 23520,

"sample_type": "MZ/DOS",

"sha1": "21c1cc43af3c74a62c5023ae9c85902b710fd6ad",

"sha256": "21a4433eb21789bc6b83d78531b9d1d50ceed26ee3632d20528d38743db7a5dd"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "OneDriveMedTile.scale-100.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "f4aeb984224e155ff2044c28a147d9c1",

"sample_size": 696,

"sample_type": "Binary/None",

"sha1": "0d10103661ec7bbdec56180c562a3f9f6b44b30a",

"sha256": "e642022a7548826a8935b5dfb70262b09d3c3792bae20d4653c73ad1b2e511c4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "dutree.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "15304a28cf88654d79b708abdf304bb6",

"sample_size": 1736,

"sample_type": "Binary/None",

"sha1": "c111b8136783d8eb396ee945ea7125bbc7c3b7e3",

"sha256": "cc995dc2f0cd643262257fcd978880d75805906d4bb8f658f84e18748b42944b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "methodobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "2dfbe1573e891b5b767aa3c026f9f1b9",

"sample_size": 3928,

"sample_type": "Binary/None",

"sha1": "337095093a283029cbda6eb48bfc805d424ceaec",

"sha256": "3b3ac3a391386984960f94fb31ca27ff002eecfdcc61359f831163f697cd14bf"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "graphlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "87063bc782da3f736632536d6799bf2e",

"sample_size": 9856,

"sample_type": "Binary/None",

"sha1": "0d1870d8d6a5e5516bc113e32629080db760b982",

"sha256": "e37cd60947f953757701b1cd13466bff483318bb090715e70ffb8de9d64219ce"

},

{

"classification": "MALICIOUS",

"file_name": "request.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",

"md5": "a52631c7a7504d1caef54eca4d656f12",

"sample_size": 104480,

"sample_type": "Binary/None",

"sha1": "80dad4d4990dea35860737c974cec5e6abf18d03",

"sha256": "64de40be74c13b1c974592ded4dfe6e04d61e244f2c58996b67c857d2c71f752"

},

{

"classification": "MALICIOUS",

"file_name": "cp858.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "a30b8cef211c8952723edf51575e8951",

"sample_size": 34752,

"sample_type": "Binary/None",

"sha1": "67ff2ce62f94b4b3642e67700a8d47852744db5e",

"sha256": "74e0bf72830fa11ea4ad7590fd0e4643944d6f097645a7f170e210c31a0325da"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "utf_16.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "b378315d8db81822878301a176b65d34",

"sample_size": 5432,

"sample_type": "Binary/None",

"sha1": "27d18e3e36fda87245e8ee0d80d23cbb4ddd7543",

"sha256": "f955a1fab1fb74d582a1f5959935ae14e2f7e9c575348827295e224716607ec4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "mp_preload.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "127ac14ca6b3c47b732edf3cc06d2393",

"sample_size": 408,

"sample_type": "Binary/None",

"sha1": "cb361c8e03ea62f84d743b69b32664ec7a96ac4b",

"sha256": "827ef63ccc432d45ecc30d9dd8bf5fc8ed671f7c99b88371c807c8b9c5add008"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "stat.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "beb6824fd597c5213f0f11c89f02b5cb",

"sample_size": 5720,

"sample_type": "Binary/None",

"sha1": "d8ba469844b27f90f0b0b10c72cb23d6e4534338",

"sha256": "f4caf2fd411df4325887299810a54be22120665d2099840f717c8e321c92cc6f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pyctype.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "2beba29918db50da15ab0af409d9325b",

"sample_size": 1464,

"sample_type": "Binary/None",

"sha1": "59381523b01ea259cb914817882b8b1e67d61d53",

"sha256": "39fc6724c1a37fb1070f4cc7dff75e84d554bc074a594264d3d8b13d90f8d97a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "image.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"md5": "ceac0890352945d3a21c155be4e2d208",

"sample_size": 1920,

"sample_type": "Binary/None",

"sha1": "7357a896eee2312c5542e8b0c2b210de61fd351f",

"sha256": "f1caa48d364c7a9729269ac3ee972e0eb3e823c4e05989f4c935782afcc8dac2"

},

{

"classification": "MALICIOUS",

"file_name": "_pyio.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "c44009246b73337baecd41c47ca9b754",

"sample_size": 96048,

"sample_type": "Binary/None",

"sha1": "fd96f894775976271ba86018ce478190a5d44091",

"sha256": "c13ca72ec976993feebeb27dd249e8b42112253b0b1b307d1fdf393b07137e1f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "testcodec.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "a40a66f1c69fbb05b67cd370dbb58f27",

"sample_size": 1136,

"sample_type": "Binary/None",

"sha1": "d4f3098a7892b3edaef0926e3f3be29340fdc781",

"sha256": "2ceeee7bf456b693a2c58a9335e2f12c1c31611c58c19a43ec4c3396b5b56196"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "py_curses.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "432c00b59bfde7ffbeeaff6bf990d110",

"sample_size": 2616,

"sample_type": "Binary/None",

"sha1": "74d7a861759ed252c814c650fe365b0b96dfedf0",

"sha256": "a5515e6f6f1db2af7a4bc493410b5d016dca772b2d7b836cf27a7d34b94006bb"

},

{

"classification": "MALICIOUS",

"file_name": "pathlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "9e7c8d7316fa9863e9315212467eb265",

"sample_size": 55704,

"sample_type": "Binary/None",

"sha1": "751de1b67f271c659fcae9597bf5a5c6132c1766",

"sha256": "32f8016123fd0c3e4fe3fc603cd806a5f081fde78106e3be8ef6e9246d1f97e5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ucnhash.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "b811a759052825666b897c889bb7fd55",

"sample_size": 1136,

"sample_type": "Binary/None",

"sha1": "c9a76bef9558f88b4850781f264e599a538c3fbb",

"sha256": "daf458f9c07c3136505944b03c72ec657b41afda9611459527073910a1aa82b9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pulldom.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom",

"md5": "e37c70554fdff5536e793abc05cccb1e",

"sample_size": 12384,

"sample_type": "Binary/None",

"sha1": "3ab2dfb45db543e041758f61480c42edb6a7bb10",

"sha256": "f5f3416f309700d33c762444846cdd9ab4c690c6c4af6aefba3252a358413598"

},

{

"classification": "MALICIOUS",

"file_name": "test_descr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "90e03709541bed9c6e7f05e132af58b7",

"sample_size": 201632,

"sample_type": "Binary/None",

"sha1": "2c0a237d11dbad9c9b415ed18ce6f31c128b1985",

"sha256": "f16b15e7d92f508808214fddd2e93aa75389449ddd0585c4393f5c4a72c98e16"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "descrobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "639bca8fc1b2c459a7ce79a5bc6994ca",

"sample_size": 3168,

"sample_type": "Binary/None",

"sha1": "e9ed1b10380aa8f9430b712c78f0721ec3f90701",

"sha256": "3cf3a37d2a7087a5cb17b82f0ed39b6cabddb7916d3081e2ad3caf671011f612"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "fileutils.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "ef812e94517e26060c88f5c8fd5f21ad",

"sample_size": 664,

"sample_type": "Binary/None",

"sha1": "58bd06e7b0ccf6ddbd2b846b51ca2d671968cfe8",

"sha256": "e97152ce1a3beec6728dfd9bd84394ef2d1b7a4bd208971ce4273d43ab80fff2"

},

{

"classification": "MALICIOUS",

"file_name": "test_trace.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "9c37968c5bfa1ee0f82966d1865c3663",

"sample_size": 21048,

"sample_type": "Binary/None",

"sha1": "72eb8234f8436e68e0d0591389ac1f13437a90b6",

"sha256": "0ad0526c5af092a2c6367cd848b6b112f438b790cd5c6f684eb22fac8c07e26d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "ba33b01bf7a4a17949cc920e72645f40",

"sample_size": 208,

"sample_type": "Binary/None",

"sha1": "b83092a41d84552d408acedce04ed0b6f4f2c4e7",

"sha256": "67d3c69bdf6ec625ee91d2d6465f2770e86ecbe6e4c50385a746e82f385af141"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp874.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "60ef65f4d0d13494b42ad353c649c6c1",

"sample_size": 12944,

"sample_type": "Binary/None",

"sha1": "e1b83259cd4576b4680f412a6bd142a4e3af0aca",

"sha256": "3bd037554825f8874c62b07f68b270d2ab1001b853ed2db2469cf768feb546d0"

},

{

"classification": "MALICIOUS",

"file_name": "cookies.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"md5": "e376884a0a6851741389d1c2a09a3d8d",

"sample_size": 21136,

"sample_type": "Binary/None",

"sha1": "6396fa4474c43dd1b60648fcc5094fae4a5097bc",

"sha256": "7a36118441d557615a2ed6c25fa223318cfba5bb3c9003d52e8b0a76db036fa9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "b4f36fb1ddce9cff6010ccd834d799cb",

"sample_size": 1368,

"sample_type": "Binary/None",

"sha1": "59dc845d2a06e5aac9e4e72ea6d13c6321c69656",

"sha256": "9ecf59246ff5de4aac92c53e26d3aa4e1cac391a6b2aae420d7e3f16b47aa67b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "queues.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "9413468505d48d099f7738bc50eb80fd",

"sample_size": 8600,

"sample_type": "Binary/None",

"sha1": "b0554b92476dcbc87e4b0f3dd27bb930eff7415d",

"sha256": "90b0bf10693d027502c3366e65dadcf469aec1f516ebbf45aa37c25e33b79454"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pydoc3.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "2289fccdd130388114df7b3b274f0ca9",

"sample_size": 128,

"sample_type": "Binary/None",

"sha1": "0242ea6afcf0de19a736594883533ba3aa48bd77",

"sha256": "e60a6137e3a54c0b1acc11c281c4609efffdcb7f273b59d3d4fc0bdd321ee0f3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "log.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"md5": "e2e497ae520f0929870b11db3456bfbe",

"sample_size": 2088,

"sample_type": "Binary/None",

"sha1": "0058fc93ae183ad8ded96ff22f49890136a09224",

"sha256": "fa8d800eded09207f085bee25a7c08ad232313c96e69fb4d8fac5b93d398d386"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pycapsule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "5147a1fe2cda56a3eaca3244882ad583",

"sample_size": 1824,

"sample_type": "Binary/None",

"sha1": "f68c1597b2a127d2303c00f8c00d07d419235bbd",

"sha256": "aa3616afb06c0842ab85a82eab070dc9868fbb41d818bbca2ad61a8198f00d08"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "datetime.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "463943789335006c73a385e1958cab76",

"sample_size": 9552,

"sample_type": "Binary/None",

"sha1": "8b99aaa6ea169a6bfbcc06c1ed39cbb57370a0b7",

"sha256": "0b47e0d40424dc12f49818a57eb47ce4f199bcf91ab451d8d354f4253a12c9ab"

},

{

"classification": "MALICIOUS",

"file_name": "test_types.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "4de91b9d3a0e35297635278579870162",

"sample_size": 63040,

"sample_type": "Binary/None",

"sha1": "34d2364f4f4141746151b4014c6b860d026173c4",

"sha256": "3d4af3e66f5a83f870b6c68ab653fe46165d1788b77dab24a6d04e79423ef609"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "msgfmt.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\i18n",

"md5": "ec31205c053d9e6de5fae9682393a3c9",

"sample_size": 7880,

"sample_type": "Binary/None",

"sha1": "1cf2a8251de1aa15d994d5a64b9d98699b235649",

"sha256": "2c969afb2effb746737cd8c445cce399aaafda3d6eecc0a7c44b42608e88fc57"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "token.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "4049558267aa4a9db7fb26372958358b",

"sample_size": 2776,

"sample_type": "Binary/None",

"sha1": "a0827ed264a89663b9ee706ba93eeeb45f42fe70",

"sha256": "bb3c4552a09a6069c1125dfdc1e93cf28d4424911777bc9792cc5553040a5f85"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "fixdiv.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "0377a9fffa490df7b11443cb5bf50280",

"sample_size": 14656,

"sample_type": "Binary/None",

"sha1": "c6377cfd705485be28e531f16077e828a349e797",

"sha256": "146062f156161938024016cb342c4f138096b9c53fbfe0396b5ddcb83e625025"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",

"md5": "6fa33e658cff1f14b4cf336ef318ab83",

"sample_size": 6064,

"sample_type": "Binary/None",

"sha1": "972dbd8f1aa89ca577516ddbaf36625bf66e36ff",

"sha256": "cb7d538a6517390e819edd4e4b5d3afebb28a40d039c2ea79267143b0cdc0171"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "validate.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",

"md5": "e0fb79d45012836ef4f566e214ddbdba",

"sample_size": 15584,

"sample_type": "Binary/None",

"sha1": "08fb66e158ec27b9c0804d88ff8a0419234d7e80",

"sha256": "b1eeb5d4ef8c8abbf49f51c2fb9c9b99581416e22c614ecbbd2839f47b30c758"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pdeps.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "3bee533adc2c7d58fd36b8ddc3048da0",

"sample_size": 4192,

"sample_type": "Binary/None",

"sha1": "b8d1e1606071b1eab5db118adb12962110e9b580",

"sha256": "eb00ee1ec3f0b56a8504325478a8e2f9a23e6fecec00e657d7d8bb6de2fcff09"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp500.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "3e9379761095aad118d631e477fa2d32",

"sample_size": 13472,

"sample_type": "Binary/None",

"sha1": "c13c62b1f84cfb9638e913f83f2ad02eaedcd33f",

"sha256": "a95698398ba57a9718b9ca17eb1f1d022f647511049ce0fb2f7233c1132cf39a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "tree.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",

"md5": "8b47e68baa273e23c4e528bd21c0fc56",

"sample_size": 1504,

"sample_type": "Binary/None",

"sha1": "180aa1ad20c9a66bf6e1247be38859c5ab7c2a17",

"sha256": "cc829c500a9be961bb5598c35633819a51dfa2dc13569849ac0a3934e0da7461"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "bad_coding2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c822e40270e9e8232b8f1cfb8e310082",

"sample_size": 72,

"sample_type": "Binary/None",

"sha1": "6063669a2f2d79b9eb7f145efbe3d7c53fd0478c",

"sha256": "e93125785a7547d863a0bd1886f042b4fd55ab87afc74b12b2341d8a6a455de9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",

"md5": "fcb45868f52229c37da01195ff8b9e78",

"sample_size": 192,

"sample_type": "Binary/None",

"sha1": "19af777d30aa6833b85c27ee5dd6e80bc33af4e5",

"sha256": "09af3d44939ff50de752bb4ad36d2f6af546aa07cb704361325c73ebebbc5c61"

},

{

"classification": "MALICIOUS",

"file_name": "platform.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "2443d653bf5f09b67a65ef60c2cf4e1f",

"sample_size": 41912,

"sample_type": "Binary/None",

"sha1": "94e75f806ba4f098631393b09abd618097a9302f",

"sha256": "aaee38dfee7737b9fd28b74d013773cc066ef9a14b8eb727041a1106fd0c326f"

},

{

"classification": "MALICIOUS",

"file_name": "os.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "dfece8b09e598b6c0a096d087e2c848f",

"sample_size": 40224,

"sample_type": "Binary/None",

"sha1": "7f042f159284150d3159167796b0e2429e2f11c5",

"sha256": "7c4c604a1b84fa876e9d6deef70223b9c5ad541a7e59864ba61acae973e94b71"

},

{

"classification": "MALICIOUS",

"file_name": "test_socket.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "e7b9d4b2001fe721da77fe07fbc1eca2",

"sample_size": 256856,

"sample_type": "Binary/None",

"sha1": "a1d323e5a1480d11ef2708c44b221a5380065216",

"sha256": "1a4e931e958a0a16774072e4511eb831c8b30cd14235b4b7283ec87dae000075"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1026.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "2fe5c7d813be03f4b50b8d44187575c4",

"sample_size": 13464,

"sample_type": "Binary/None",

"sha1": "f532dd3e44b2af0a2b1994885d8f97bffbc17862",

"sha256": "81b9fc314b5d1026ec098c9d1e5e5c94c3cbfabccbf2ffbc932fbed55a582fa0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1252.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "ad71af69b7e5a19e4feb4927223ba59b",

"sample_size": 13856,

"sample_type": "Binary/None",

"sha1": "ed2b7eb1bb4b53b5720a0fbc653b8eabb0ea8d80",

"sha256": "5d00afcb13e5ae2e5bc72d87b62863e8c4bf8dfd7e8bc25bde9ecfccf470e082"

},

{

"classification": "MALICIOUS",

"file_name": "test_embed.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b94ad25eaf057fcf681c5ef1e58e76c6",

"sample_size": 54160,

"sample_type": "Binary/None",

"sha1": "1176d7a8b6a5f6835d0d7f038744a5f479db7ff8",

"sha256": "ae294427988143e56a439bff8ffc8a8a19de1ef6dd06de796c27d6d534057740"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "weakrefobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "b45f0f2e139ffb91b5cf7c4749e90d5e",

"sample_size": 2992,

"sample_type": "Binary/None",

"sha1": "427b9ef8436420628f67130e63a8e206687f433c",

"sha256": "c43152c6d16c7b2e9691089325662e495c650034b6758419a6cb3be0e6b821b2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "py_compile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "4c2c7f22c09ff58db5613a8f86e8649d",

"sample_size": 8400,

"sample_type": "Binary/None",

"sha1": "a3d44fd4ae89e06757b796a736dc5260e0073f8d",

"sha256": "cdd3c0b42a1efe504d872f01d868c778ccdd4a9ba28b12b1ac002ea5a511800e"

},

{

"classification": "MALICIOUS",

"file_name": "test_ast.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ac7168741a56d7c65e23825e795756fb",

"sample_size": 103024,

"sample_type": "Binary/None",

"sha1": "d3e98d5e07ab3f830e048c56d37dd10ab0815586",

"sha256": "88aa5184b917cf9df79d4eb28ae00645e5271f6aa0b93475248dff773b5314d4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "which.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "0d4bcd15242583cf1f6133a16d6c97dd",

"sample_size": 1784,

"sample_type": "Binary/None",

"sha1": "188678eaf72668c0cc4ca8be849b026ebaab3563",

"sha256": "d6e0c3791becfef6a02281f1553ff6cfb4213002fa89606fe03ed0f58d277f6b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "iecompatdata.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",

"md5": "e9b79bfd19b685919696608d332437bd",

"sample_size": 3088,

"sample_type": "Binary/None",

"sha1": "6884c56614f1605f4942e81ecc9a37d49fc8acc9",

"sha256": "adc8b88eedd11bcfd1804d20e695d700f2622fe45be60326bee4bae30556159f"

},

{

"classification": "MALICIOUS",

"file_name": "functools.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "1e612b0f8a4173385fa0d0d480ddfd77",

"sample_size": 39928,

"sample_type": "Binary/None",

"sha1": "fc6b143f9f6bf0bf4f0afff5f0e9f15958f2cebc",

"sha256": "ddf63bd7f8a1c939e66f0e12975ff2fb6eaa59b7c607f0cc31e846520333c75c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_select.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ae039e0d7af9e9b42888a7dbb305e524",

"sample_size": 2880,

"sample_type": "Binary/None",

"sha1": "112c4ee127085278972c8947e3f7a873c6af1107",

"sha256": "1794e14e30eb9901ee34ff6ad394cafbb8fad6b7ca14502a554efa466c0d7a81"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ColorDB.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\pynche",

"md5": "d4f9ff96b939e5e16cc42b8a229c89bc",

"sample_size": 9112,

"sample_type": "Binary/None",

"sha1": "d07147c9eaad5f8f186ef2d832ad1e7fee169c37",

"sha256": "4b46b6ca550ddaa8267026e29aa1431ee5c66204f13bb57f516ee215a7578da5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "textview.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "6a5171b56cf56906d9c98b048cd2d035",

"sample_size": 7048,

"sample_type": "Binary/None",

"sha1": "55667872317142871db80a70354d2f041a64cc95",

"sha256": "94f068ed4ef68c25be38a3c50581e0a9a859ee93cb84dc6e3b492352bdd01de3"

},

{

"classification": "MALICIOUS",

"file_name": "test_scope.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ce979f84d8bc3f80f47e9a6c37d23ec2",

"sample_size": 21112,

"sample_type": "Binary/None",

"sha1": "3073e32590c2a5cc8bebd90f44e914038e965c03",

"sha256": "525c2eda03cf23e07e251c672fd1f5c2b87735e94ce08fc25c1524ea5464210b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cProfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "fc8c685fcefe4ca51a1bfa889e2c6c5e",

"sample_size": 6568,

"sample_type": "Binary/None",

"sha1": "b62c05b1ac08cb129523f86a5a56c1b68072e3cd",

"sha256": "bcc3f948f0bfb7d48c2f84758562f06e17d3142474e39b73ddaf524cd8688230"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_heapq.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "38d777df2a99a8603c6e32bcffa2a53e",

"sample_size": 17304,

"sample_type": "Binary/None",

"sha1": "0f67761080f5cf0fbd3bddd05201680728156c97",

"sha256": "8768ca8681d0b3b541c1b395bb076f5173e141dec6e816b24e997d5e652af0b4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "signals.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "597a680d24773a70a6488ba4b110909a",

"sample_size": 2512,

"sample_type": "Binary/None",

"sha1": "0eebed14396ed3ed4d0532b476b5b84984fb2b5d",

"sha256": "75e3747762ce81dc3e634fcd6a9f1c6e68478d7dedae0e279232ca4b455bf2d3"

},

{

"classification": "MALICIOUS",

"file_name": "threading.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "1533d5098af337d82a94bca1ccc8f918",

"sample_size": 55768,

"sample_type": "Binary/None",

"sha1": "ea32209e43277db2868cc1f09d8cc410d9959cd8",

"sha256": "04bbe7752f6447dda1e4dc24dc714a3324205453fb48b39cde2b8c90eeb7af38"

},

{

"classification": "MALICIOUS",

"file_name": "test_zlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "30c7c104c7bd9578a7cadbbc6a008cd0",

"sample_size": 35736,

"sample_type": "Binary/None",

"sha1": "53ffa623977e6b139cfe3ea3be74ee18d9a995c3",

"sha256": "21ff64a5db6dcbe5e29d41ec6821be3f074694028fb7f8973fd666aa5f8449dc"

},

{

"classification": "MALICIOUS",

"file_name": "test_fileio.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "bdf91f1d7b5c14ff8af75df0584b65e2",

"sample_size": 21016,

"sample_type": "Binary/None",

"sha1": "9cdaf9d46391e0ea806c69bf04ac404900f96f38",

"sha256": "5c318a51c280a38d5bcb2e669d6d485a28905f32ef98540d3b34c59633723a76"

},

{

"classification": "MALICIOUS",

"file_name": "test_cgi.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "2e91740be7969e1841f52210e46ef122",

"sample_size": 23352,

"sample_type": "Binary/None",

"sha1": "864f765aefca591d2503348a5a6d5f030b07f5f7",

"sha256": "260cf6ce3e72697562313a669ccae7f57a5c7a82873c5b5f313e6c6d82b85076"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_pow.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "673d05d7ced7ba9070fa748121f92f3d",

"sample_size": 5760,

"sample_type": "Binary/None",

"sha1": "b51c642f8780258c25fdeb314a247e9e9136d1dc",

"sha256": "3fb7a7e09fcd9821222c99cfa221fc771927f6d12bbea1d13f5a5af3a1105df2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_wait3.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "67b36b3d4130549cee4fc8db5883a812",

"sample_size": 1944,

"sample_type": "Binary/None",

"sha1": "f2cdcd6caf9f89b0b3ae4a7e5856f3d05b25cddc",

"sha256": "f6980b470c72dd361fe27ef1423597b60fb2707727dd85e205e07322a729828f"

},

{

"classification": "MALICIOUS",

"file_name": "telnetlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "58fd2fe47fce1c540a275c60b436be9d",

"sample_size": 23968,

"sample_type": "Binary/None",

"sha1": "8011754504d58c074fd02187d9ff7cb2ccb32399",

"sha256": "07ac88b7ac6f66e01c153aac872ed8d6b40162549f4c8a38800ec89cd3ecccdc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "autotest.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "09584e97f56a86b0841afe364f83e1e7",

"sample_size": 256,

"sample_type": "Binary/None",

"sha1": "9035f31cb0c1af464b19f2de556f832c9eca3eb1",

"sha256": "397dee4708b913d97b4a93d5975d750fec0fc2164b55e34aaecfe670372ec42a"

},

{

"classification": "MALICIOUS",

"file_name": "test_ftplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b5c7a4150ed564d8e006f6aab57787e4",

"sample_size": 43944,

"sample_type": "Binary/None",

"sha1": "1237afe8d1d22c22d9d11751edbec94c50430c51",

"sha256": "90f15e1ba80ee6907227b1f0f903b822772b1fd30aa555585eef7b6dc86fd0c9"

},

{

"classification": "MALICIOUS",

"file_name": "abstract.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "9f661204496e0fc274bf1d3ad0869fb4",

"sample_size": 31368,

"sample_type": "Binary/None",

"sha1": "3069444588553408183f62de6b6eaff921853612",

"sha256": "4c0cbb6df347fc57ffc2e5557b991982a5c2f287f3bc64f89d88d923a7f83bee"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "chaos.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",

"md5": "f7ae526ede12db546e9a9c066de31ae2",

"sample_size": 1048,

"sample_type": "Binary/None",

"sha1": "8c026d94efd29b4e51a3e9ade7bd3a6903da22a5",

"sha256": "ecb836c39463a7f44e1e7ccc54905993698e27649be4df274eb2ae25f649d76c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_aix.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"md5": "9088407c4128dd3722aa5240f82a5ba6",

"sample_size": 12944,

"sample_type": "Binary/None",

"sha1": "fd6899a95e9dbec59500078da4be4a2f9e52cd48",

"sha256": "e266da49ef7afd42bbfed57b1020a6866ce26411b6d44a2a3e8a1fff0583d3a4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "tree.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "a351d0999391cbbbe69fd4697df9a705",

"sample_size": 16912,

"sample_type": "Binary/None",

"sha1": "8996d05ab569c55fbac0ffff065f9c02f97f460c",

"sha256": "5f5711ac692894860fcf51a5a29c6e5809fa84a0ed3a80a597dc0258ad639b06"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pipes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "7f0530f2c1755279c93ab56ca03337d1",

"sample_size": 9200,

"sample_type": "Binary/None",

"sha1": "2233db5c43b073c1775814572a7668b12442c4fa",

"sha256": "1f6c2b5db58efeeffb47e2fb41f1964f5ded4b24120f8b4454c00904f27c228f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "3d5fb36411e5d879713a90559b09f580",

"sample_size": 784,

"sample_type": "Binary/None",

"sha1": "8ee30e546c97105b0852a811ca30d4b2974ef759",

"sha256": "f9b48594756c462db49ec588ea6634291f6a2d56a6bae9fe6790c538367148db"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "chunk.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "fcc443c51d2cdc408bcfa6a5203fa6ac",

"sample_size": 5648,

"sample_type": "Binary/None",

"sha1": "730582f8a1cea2ec13d4a2881eea67a6f47e512a",

"sha256": "2d9496a023fa823f227b1d00c82ccdcaf428e413eaaca1358b833cdad51127be"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pyarena.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "fcc0757a40f603ace9542e51a4ff395d",

"sample_size": 2848,

"sample_type": "Binary/None",

"sha1": "a12163e30bbe5695daeba26b9ed776c921ea8bf3",

"sha256": "3eb5970ff284265fcd0ee37dd15c6bba40b518f95852f7a6315cde65ab3b4c50"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "domreg.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom",

"md5": "dc62da81ce1beed1d4fcea7ac667e6d9",

"sample_size": 3592,

"sample_type": "Binary/None",

"sha1": "466d6f7a9e209d2e9a341cbccf991f771730bcbf",

"sha256": "fba7dfd284f1a66abd141f1df95fd7164b8f513d756cb8f231ec0b7cb8512dab"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "mcast.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "5450ce5ba5abfc6290fbcf7fa781ae1c",

"sample_size": 2344,

"sample_type": "Binary/None",

"sha1": "243628c423ddf92def75e7f50080e834f39f6163",

"sha256": "3736e6ed2bc2eaf8ec91629a2ea8b6038427a6d7793571350bf58b15d437c334"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "exports.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "33ce00e3af1e792a38615bf5255c8d05",

"sample_size": 1168,

"sample_type": "Binary/None",

"sha1": "e5a300cebe4a50c26a22a34b65f457a7d24ce6ef",

"sha256": "806e5c4d22bf096a84a465b6a40d80fe4f9d956032d0829eaa664018ba7527d7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "sortperf.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "6bb0d99963a60fb18e3f69a19dafb845",

"sample_size": 5016,

"sample_type": "Binary/None",

"sha1": "76d208d9a15b88de36aa245cad9c6be55d3d8317",

"sha256": "e92d08f8a06f599cf287428728f5ffb05c1c2ad2b820b243e17b4bf8ae94df25"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "gb2312.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "37d3e883f282af9e0e55b07d4485bf2b",

"sample_size": 1104,

"sample_type": "Binary/None",

"sha1": "3fa3d6a33c8d71b3d71761f73abb7883bd212d7e",

"sha256": "093b2740074accfeeb67d997882c137ab89ad52abed59c8de859def9853ddb4a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_grp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ec9eda32da881c2f1ceabd7f9284e33c",

"sample_size": 3776,

"sample_type": "Binary/None",

"sha1": "1d512ccb33c4f6512fd91248dfd3ab09c71cf278",

"sha256": "3f342ef9691707f9e8cd3a9eeb3fbee7f6294e7c96591457c10071f6b03e4799"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "memoryobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "5b534f65f5eb7dc9531df77fc7e0a311",

"sample_size": 2880,

"sample_type": "Binary/None",

"sha1": "e68d1c7dd169a171cab4c0a823a0af077364c13c",

"sha256": "ac6d0a4ace356981c6c710811e3a9c0c1de2aa1903faa2f5b0fc9590eb7bc8e0"

},

{

"classification": "MALICIOUS",

"file_name": "test_venv.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c56ae86292becdbf89f0f65af5c46a60",

"sample_size": 23136,

"sample_type": "Binary/None",

"sha1": "a0ed49f93f7808ae83c51cfa58551d50e2a5edb5",

"sha256": "b43222b100f7a13f5331de9707a56adc694d87d99182c74a3dc929bd20e01cf1"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "handler.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\sax",

"md5": "2859e962c5f50aadd8c5ada726d404c4",

"sample_size": 14304,

"sample_type": "Binary/None",

"sha1": "c6fe2596d89c7f545e62fddc04e7a535c597fa7f",

"sha256": "dd3df584a8d038605ca48cacffc2c88f7a38c6a40ca061791105d1144e83adc4"

},

{

"classification": "MALICIOUS",

"file_name": "sre_parse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "c3b490ee3098d6e6562749deb1635c1a",

"sample_size": 41896,

"sample_type": "Binary/None",

"sha1": "80386f9a638fc5eda7987bafc919f1aac6589a7f",

"sha256": "d0adc47c334942f661a86ed6175ad5f593a7eeee9a8b74e84f4c7bbf2f4e1c9a"

},

{

"classification": "MALICIOUS",

"file_name": "test_parser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ea9d710a1a9e88860f885681cd56b4e4",

"sample_size": 39800,

"sample_type": "Binary/None",

"sha1": "226b084c17373ffa7038ef6eec932dcb6c5588ed",

"sha256": "9e52c5c65cf4b12cc18f8f5a939c9ba58eae6fa45cd508f4ac3327a679351c7c"

},

{

"classification": "MALICIOUS",

"file_name": "test_sax.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "409b3aebee89245fe10743668a07edc8",

"sample_size": 49080,

"sample_type": "Binary/None",

"sha1": "fd77219067f5a6ec0ce2c9ebd3c235eee0fbbb91",

"sha256": "8055ce99f4e6fc34712d9d8e6cfe715383e253f58e4f9f10c107c994c4be79a3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "debug.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"md5": "c2ef13c7f1827dc0ece9543141006d7a",

"sample_size": 184,

"sample_type": "Binary/None",

"sha1": "01dfeb4725154def9acaf9c32e80aaa12e5a97c9",

"sha256": "d1f37b4ce125953a06e3058c814cdc27aba9211d25d6a71e12d02eef9f62c904"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "johab.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "e41dd224e89d72bce3b3d3a318aa828c",

"sample_size": 1104,

"sample_type": "Binary/None",

"sha1": "fcc0db20bf4c409db9772a100ddd0f3d14f8e2eb",

"sha256": "3db078ff2db3c9a01210fc661da3ae243716e0c0d0552155d58e65fcbf006229"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "byext.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "54d7a66d9188a7bfdf9e62c606157718",

"sample_size": 4080,

"sample_type": "Binary/None",

"sha1": "aba8de50d4f12b2bddea40100a1026e6bb0b8d9a",

"sha256": "eea1183a9e4aa8b778bcbb5f75b8c37cf135521bce0f9b33d322d9450f14fcb0"

},

{

"classification": "MALICIOUS",

"file_name": "LICENSE.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",

"md5": "d8cb21b989dcaec04d482206fa9fb421",

"sample_size": 32800,

"sample_type": "Binary/None",

"sha1": "8266fee0b58b113a8dac6b46455a56e2ae404595",

"sha256": "e7e4e65d7f2f19384587fb24a4c10159dce6fe1c9ec59849d1f3afa409488c55"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "binhex.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "ca4b3844535760a27da100aede9a0e58",

"sample_size": 15328,

"sample_type": "Binary/None",

"sha1": "9c87a2e994bb0650fdc367f08746dd812931445e",

"sha256": "28d3f039dcf2a39ee98318c25d60e03edcfd36958dea6d0959e55f4a7c86a1a4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "genericpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "9f472529d22005ce558619ef63e38ab8",

"sample_size": 5168,

"sample_type": "Binary/None",

"sha1": "cb1cb11f0218d7de0d11e6f90861f135ce8b2819",

"sha256": "897461d5740a62b5e7ca4ade205bc1d6a8381eca40bfae6f83d372b7f8ba1aee"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_threading_local.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "41640218095ca6a752bbd794c9cbe349",

"sample_size": 7504,

"sample_type": "Binary/None",

"sha1": "446aeb5562a1e1352c9e18ddab65f6858e5eaa44",

"sha256": "c7dc45bc8ecba584dc30496fbfeee7aeada0a4bb3f3caadcd558dbc22a500694"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "[Content_Types].xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp\\chocolatey\\chocoInstall",

"md5": "d9acc1eeb7e15c55607146459201ab97",

"sample_size": 976,

"sample_type": "Binary/None",

"sha1": "75cb2b18e787b105ac0041b8894b8e6e99859f43",

"sha256": "532a142e3d9307e3688e5652118cd8814a0f6facaed670847f3689eb412cdc10"

},

{

"classification": "MALICIOUS",

"file_name": "zipfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "2b29a8a1f34b339e6fcb553ad8191a9e",

"sample_size": 89968,

"sample_type": "Binary/None",

"sha1": "8bb635a6ca3492d490c8d86fd6a86de2af5f5926",

"sha256": "76b4e9f1e2a73fa512e35250ba1c3c63a35eef9a1094fb8156fcfc0a9153da1e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_weakrefset.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "4b742c0bfb6edf3e59c6ea38597953eb",

"sample_size": 6168,

"sample_type": "Binary/None",

"sha1": "3f57fd5a28d784e748106e495394becdf3545f51",

"sha256": "c4bdc0470c91a2dbbb0770e5379e150f10746eea8fc1cd1c415abc790d5d8f17"

},

{

"classification": "MALICIOUS",

"file_name": "config.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",

"md5": "6fe82253146058894de540a25888b94a",

"sample_size": 37368,

"sample_type": "Binary/None",

"sha1": "c654b8f56b0e368f37becba1be75ebcba26e8fad",

"sha256": "46ea30ed105a4dc71c6c27ee0c25053e85e4e8e71d473b60d40dd4b53406b6ab"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "codecs.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "5fb243f0c42b05f81bbde3a55252aab3",

"sample_size": 7072,

"sample_type": "Binary/None",

"sha1": "2c980d63a71ae937b5a357b0a7572bf784a7022d",

"sha256": "1c7320d69b1afc80299b4183136c5e17c895aa7215c50b9265a943dab644aab6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "contextvars.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "934851ebc01913a9a58825a1dbce3453",

"sample_size": 176,

"sample_type": "Binary/None",

"sha1": "bd0df87d8e15cd064a0d80440b2d9751c045f11f",

"sha256": "c2fe745455588b7e3ea8808f04c283dd1b85117518a17fa2b1b26873f5cc281a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp273.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "24a26996b1a680000ab163706c6da0df",

"sample_size": 14480,

"sample_type": "Binary/None",

"sha1": "2268d341ae93059238d139a55de23d15fadafc88",

"sha256": "7c39179ea290be8fc1f66ca017f310f589548db26459414be59f81cfbc538b40"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "code.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "1aaab50e4d41ff3ab12c7d9510281146",

"sample_size": 10976,

"sample_type": "Binary/None",

"sha1": "6e5674cd15494869945ee84756d4ed80da241310",

"sha256": "2a2e5b80d6ee44895473c2953916a6a23321c0f41994661030b2ff456bbb64b8"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "struct.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "190daeff86c2d5e9ac06f8f3904ead16",

"sample_size": 312,

"sample_type": "Binary/None",

"sha1": "000ec72c4a391923a783f17e032f37d4c31855c9",

"sha256": "0f1689036cf469de43ca9ae9795e9c586fd1caeb9c4e2c31ade1743aaf7ba458"

},

{

"classification": "MALICIOUS",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",

"md5": "1ddd6ecb9b38601388da1e6e4135483d",

"sample_size": 80864,

"sample_type": "Binary/None",

"sha1": "50a97eaf86bfc130f05e16ca5a31ed1676b846b2",

"sha256": "7bd8d6d7b9f28c7bbe84ba28d2b0cfb66c7b825949cfcaddff4d5d2dcf33b27d"

},

{

"classification": "MALICIOUS",

"file_name": "events.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "59463001814d83b298045c5ee3bf3d69",

"sample_size": 27288,

"sample_type": "Binary/None",

"sha1": "774820047565046fe863b411033b99a44bb88e6d",

"sha256": "bd9823b9ba4e78c3ad0989fb159ed705cf89b63f59465a71a93a385b671bb464"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp856.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "0ac1a66b464217f967e8bd3d9921fbb6",

"sample_size": 12768,

"sample_type": "Binary/None",

"sha1": "1f9b84c6cdcce5bc1e71666a68304033b572e0fa",

"sha256": "495520b3f68ca5dde3f7baea56696390b3e51c2b39b3c00ebf414f6be8964da0"

},

{

"classification": "MALICIOUS",

"file_name": "bdb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "a7b43d38668ea30b5edb9b28eaa4f643",

"sample_size": 32296,

"sample_type": "Binary/None",

"sha1": "0e317560bbbc511a96d7ddeb02027f8df67086dc",

"sha256": "5c67e764bee8233ffab5e2f96fb434e4610fbd0fbb9d4366e1a02f560f37fee5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "signal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "a46b567feb508e26cc34a89a0c97d259",

"sample_size": 2568,

"sample_type": "Binary/None",

"sha1": "37d9378cc0fde172945a0be6f08c2641ae63e573",

"sha256": "29fe343ef3fc3d2fbe115371c0110296c63a5cb40d499d3e45165e3d734b3bb2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "bitset.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "b76d21dfebaa559eb2bced70de50981e",

"sample_size": 528,

"sample_type": "Binary/None",

"sha1": "275db74666c8960fc1efd3adbd2bc391533de63a",

"sha256": "e37fb4860f77c12e533feb8fa0740f2a742407903586856442218540562e16b5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "wintypes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"md5": "4c1fb4c78069f7ca75708beba376433b",

"sample_size": 5872,

"sample_type": "Binary/None",

"sha1": "21752240c8ec2c2be789c6a3abeeb88a7bdde4fa",

"sha256": "732ccc4ad60fac08e350960d69ff4fea075f4f0d90675377aceb9b48b1c5621d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_sundry.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ffc3cf965a5edb79e6f5ca4276d515d1",

"sample_size": 2224,

"sample_type": "Binary/None",

"sha1": "b58dec1ebbd22095783363c6597345c559989f7f",

"sha256": "05171557c4ab3b11e1ff3d52d09375869bf56374400ff103bb66b45954088709"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ascii.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"md5": "e909c04768e395db5ae037f825ae01f9",

"sample_size": 2688,

"sample_type": "Binary/None",

"sha1": "57aef8c64cda98662cb69db48f85405c836b5788",

"sha256": "6ae5768a4b9d76fda58959222e364134cfd07a0d686820e0829d6dc5622d2fe7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "futures.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "85d092ab94f19a5a0deaeafb617abc13",

"sample_size": 14504,

"sample_type": "Binary/None",

"sha1": "38f890578c76972df80f653eb92d62f83f5ea5a1",

"sha256": "d71b244aabe2c465790138c9f3d6eb0580501f758d3d848b3495bd1c169f27bf"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_spwd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "dbdf0d00e3bbd597a2f2e241fc24b66b",

"sample_size": 2888,

"sample_type": "Binary/None",

"sha1": "d56d43f625d72d12a9eccb5b4c9b94aa67541774",

"sha256": "c54de1f777b81d6bd90290d52b809c24973f73897526125a5dbee7fc9a995281"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"md5": "b016764f240d4dbbefd915e4482234a5",

"sample_size": 6920,

"sample_type": "Binary/None",

"sha1": "7e7ed3aff20570ce660babd67d617e32370a2f4d",

"sha256": "de34fd6a203ca9b97a82ca775ca290ef2c4a5dd0078979917954caf02ff13144"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ann_module6.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "f00b13a488f40087518472725bf9c81e",

"sample_size": 184,

"sample_type": "Binary/None",

"sha1": "cd56f2a1aae4de7534de6cdedbbcde69d2a2c925",

"sha256": "33d3244a39ece9210297c735f2413433f4a42d281a94b6b232be519fe92ebd8e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "dumb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"md5": "f269c5230683af15be562a7e7db43fd5",

"sample_size": 11896,

"sample_type": "Binary/None",

"sha1": "a23d351117c3cab7f636d88e7516c55ddadd826d",

"sha256": "ff38adcec95b89fc8d93e25fa16b7c6349deadecedfbe234fdffd618630d98a6"

},

{

"classification": "MALICIOUS",

"file_name": "cp861.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "f6093bcfd3b416cf8c419eb35ee14bf3",

"sample_size": 35368,

"sample_type": "Binary/None",

"sha1": "35b6cb8cd27a0097de1b4fe67fbf9bfbea3b6c02",

"sha256": "5309df2b47d16cdcc14e596d5ac96592ae15ae4c14e866e9d7ecb2dfc04a0efe"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pystrtod.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "bbf098a0e33cc94149273822fb7de061",

"sample_size": 1568,

"sample_type": "Binary/None",

"sha1": "8dcaf4772b692e246cfce7836c0c71d25aef1c51",

"sha256": "8392fc0ad9bdc99c128d96d63bac403b236af3371b4c9877b4bff9accd41a95a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_repl.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "dc31304b545ad20afdc3af46179c3aa6",

"sample_size": 4200,

"sample_type": "Binary/None",

"sha1": "157c758977c97a43b4348f317d9666b06b287948",

"sha256": "6caa14c10d4fb843f28ba94928dca36282c67c3937691bbf769a9fc7b3244878"

},

{

"classification": "MALICIOUS",

"file_name": "test_posix.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "1bdbc5c481209ae486a60ce2f8012d8f",

"sample_size": 89424,

"sample_type": "Binary/None",

"sha1": "c4b31b62121c4f4e4dae5dce96fecae76c85bc5b",

"sha256": "54ae76243c0f7431d453ca5d18b122dfd73b8e49bafb0131bdf49b6ffe18cd52"

},

{

"classification": "MALICIOUS",

"file_name": "tix.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",

"md5": "feddf2c4c15e4c09e3117dc9dd201c09",

"sample_size": 78824,

"sample_type": "Binary/None",

"sha1": "04bb32400fe2369589c6e3e033063afba428c780",

"sha256": "6d196f5b8d9ef4e9a09eafe860cb38965e105c4eeb77568614306ed5d3244068"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "337840b970c29645487a73f670020887",

"sample_size": 15304,

"sample_type": "Binary/None",

"sha1": "26022da188bb90c1924d1fdcf1c5a70fad2f8ef0",

"sha256": "22a054679ab697b0b5e8b9c79c7594c6c779165074dfefc3e0f6c90ec6f23092"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "tool.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"md5": "5ad09c48dc1db0a8c1a90da83454d888",

"sample_size": 3464,

"sample_type": "Binary/None",

"sha1": "9ae54581b7244a689bb6229014b16c9bdce6df16",

"sha256": "78ab6b59dd530605aa9ba16fd769ca644fdd059eabf3f19cd53968925f0b8c91"

},

{

"classification": "MALICIOUS",

"file_name": "enum.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "b1383138ac56ba612596e5df33c68a86",

"sample_size": 40528,

"sample_type": "Binary/None",

"sha1": "45fb8c381618ceebb9129ac5e462439558370f16",

"sha256": "5a5c9f0514363a94f3d8f20af59706708078a6293889c058a77bf3ee5f44618b"

},

{

"classification": "MALICIOUS",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"md5": "64b9f4fb28d839568a4fd72d71ddd794",

"sample_size": 18112,

"sample_type": "Binary/None",

"sha1": "c1e77bec85d534f59b001d81506c5bc4dc6281a4",

"sha256": "f6f463a153617d469aee14dc14b11e312f6d3b357777923ad90f250be7c3adf9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "CREDITS.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "8c917479ea47c1991167cacefde059a0",

"sample_size": 1944,

"sample_type": "Binary/None",

"sha1": "be8235b3dd79ccee15318624d2c07fd80c10f2d4",

"sha256": "159b5de20fb0f254ed9f92774c8a44fae4889feaa2e51999e13f25c42d1b5c96"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "keycert3.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ffe774a123fd79ec08922f062ca587d6",

"sample_size": 9656,

"sample_type": "Binary/None",

"sha1": "cc317770f58bdf370b8697d076556a38aa40e0ff",

"sha256": "d38888c71c7942a9a160e5fe6b02c693fb07d2b3ffcf069be0b219890e958a22"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pymacconfig.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "e2bd7d1477449a1bb55fe3dc0b1b5560",

"sample_size": 3128,

"sample_type": "Binary/None",

"sha1": "a35c6c625d62491f57ee7fa8ee9c207abd1946a2",

"sha256": "d3e590beece30b98e342f1d5b0406a130c589ed0637a352ad05229a4306f4f60"

},

{

"classification": "MALICIOUS",

"file_name": "test_queue.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "927a18db1c158d22b73563688806ea40",

"sample_size": 21592,

"sample_type": "Binary/None",

"sha1": "1a774cae748d48038ed205dd899112775afb6713",

"sha256": "15d998a273f4a16a5b8245204080b080056627e4bb95805a9db3690950b556dc"

},

{

"classification": "MALICIOUS",

"file_name": "_pydecimal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "930d15c6adbf23ac6cfee4c932c50eec",

"sample_size": 235120,

"sample_type": "Binary/None",

"sha1": "58e09924e6a25ed7a2e1da5f9fcabd9e1fad016c",

"sha256": "376119b6517ad0e306e81ebcb84a77082be17b1679706e335abb8321e01d6649"

},

{

"classification": "MALICIOUS",

"file_name": "pickletools.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "bd03dffb3b03644d76b3c518893acd60",

"sample_size": 96416,

"sample_type": "Binary/None",

"sha1": "2c5372c89bfda5fda3f46a94e3d4e38c57c162f3",

"sha256": "1cb0e57c82cb6215a4a23ac7063fca5ce7d79465003d82f8c2f9e037a3ea26f7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "error.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",

"md5": "03ce90cbb6abb07359ca68e09f170797",

"sample_size": 2752,

"sample_type": "Binary/None",

"sha1": "6e5b80fde7a2c1ba20201e9f454519c8ed13779c",

"sha256": "237afe68b02727991c0e45553aaa737404db2bfdbfd64ccdc83097ecd253eac8"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_quopri.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3bc4af4b0409c56bd25a68b2078aaaa2",

"sample_size": 8216,

"sample_type": "Binary/None",

"sha1": "19f77efb1930425363d1dddfd00ebe7ec357d9ef",

"sha256": "6ed7135699d36893f5be2f9e8bbd4dd1aa202782314c6fa202ab4b1c65fe8386"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "decimal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "dd01e7dc9cddbacefc3a292b1b843b22",

"sample_size": 368,

"sample_type": "Binary/None",

"sha1": "5b5d5d486169b4144c14ab0222ced4bd6951dd96",

"sha256": "470072198b11bdd708364ac0598b1dc5bd3844adcaafad731ed5e4c654fb9f5f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "chrome_shutdown_ms.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"md5": "ba895b335096ce366200354a1a81c8d1",

"sample_size": 48,

"sample_type": "Binary/None",

"sha1": "76685e4e5e99df3286102e7fa655ec7bad99a60e",

"sha256": "587576197204b771134784a0892404392e6c60831349984f49baee171062ff56"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "smelly.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "c2b9a9d6e69c086736269a9948fe1691",

"sample_size": 2352,

"sample_type": "Binary/None",

"sha1": "7c2deb8c68b25bec01965f4876422c9a9ec6d306",

"sha256": "7eb6ff7d417c9c943bde38678fea129962107329f8d1c3da16cfed55fd1fb548"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "suite.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "4947bc91e903ecfd922120ea98b0bbc8",

"sample_size": 13928,

"sample_type": "Binary/None",

"sha1": "9e6096d47c6e047e9197e61aa8da6b1078dd8f11",

"sha256": "f033a73835d523ad7cbe3c6fa5eda7cd174e3d9892dbd7f945c8c22a7e7f18fc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "regrtest.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c2345212f4465742100e3177e03da30a",

"sample_size": 1384,

"sample_type": "Binary/None",

"sha1": "4edaae39ddd15351ca401e2d311340f2e931abb3",

"sha256": "62948c55718ef8038ff4ac4f3b9127c3fb2613552d2744ddeda0cdf2def43754"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "this.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "042ace1bbf7c313a60c7f9114fe02441",

"sample_size": 1072,

"sample_type": "Binary/None",

"sha1": "55e67420344d2034e986c3d89025722f5830309e",

"sha256": "84f2abdb9c477031791998b343ff4e545c2fce63b35737c1a0f99f0d15bb77e5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "text.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"md5": "e77a92895fab71d5aa844da820a941bb",

"sample_size": 9184,

"sample_type": "Binary/None",

"sha1": "328d7b4aad7c8800a6e1909f83ef8b58050aa9d0",

"sha256": "b4ba31c1730f7273deacbb2afce7753eff2bf420b455bcbdf21fb8048e4fdeb3"

},

{

"classification": "MALICIOUS",

"file_name": "test_string.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "85f131d9350a9fb3a585daf6979b89eb",

"sample_size": 20792,

"sample_type": "Binary/None",

"sha1": "39291c5865a8752863bb50975dd17545a349672a",

"sha256": "98a89581cbe3748680c819714f5884d7b2976840a2ee769c455df68a78b1a586"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1253.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "ea3c190a27fb5cdf5fc4f94822ef6d4d",

"sample_size": 13440,

"sample_type": "Binary/None",

"sha1": "f813f41277a5c02c9a0fa03a453299a5fbee1dcf",

"sha256": "dd457cb3606dffa13aac5a123e23e93dace1231ec683220480b7dde4db63e2af"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "opcode.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "f638cc0ece4b3fbeb03c732e1d3eabf9",

"sample_size": 5920,

"sample_type": "Binary/None",

"sha1": "6a5007059f0b502ca458b0a7ebbfb29132c608ec",

"sha256": "5bbcb2646ec9fcdb4891be9c425e68d2d8a7ebded357dedf0af129bd93673a03"

},

{

"classification": "MALICIOUS",

"file_name": "pydoc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "2d777d7544fcc4758c0160400cba9a6e",

"sample_size": 112480,

"sample_type": "Binary/None",

"sha1": "b8d9c8d4e48d8a83593d7166a969aea098e08758",

"sha256": "244b34c6e85060245e970e540b55927563e9158ab17eac629ac8fe0b7d1f2232"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\venv",

"md5": "d5eca958afcd6eb523c943367557bd1c",

"sample_size": 192,

"sample_type": "Binary/None",

"sha1": "5f8fdf4ad2d624fd53306bd321496578d9089c33",

"sha256": "fca300fa39032028342d7e8610e27d77595fc0542506a8b3baaac4b3f8796c24"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "spawn.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"md5": "8147403e9147e57c4972ccbd0d7c3b74",

"sample_size": 4832,

"sample_type": "Binary/None",

"sha1": "5b108c51ffbde4acf63cb113167ae29ea9e78e4e",

"sha256": "f3fd06bb77707bd47d48073388f8fd8fc7a8be9c0274304e796d6fc8c7c9e055"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "a85276be7c5fdd33ca1fcfb2610355cc.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig",

"md5": "c3efef4c1f9d9f8511fda0f5b593ce83",

"sample_size": 2168,

"sample_type": "Binary/None",

"sha1": "401b373a4896aa3746d00f38cdfd8d4637e0144a",

"sha256": "2885502415cc30c28d97063740aa3d5920c3c2af8a11f8cfb877c444e5711176"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "mainmenu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "9d82d8a91bd61202cdf1b786fb0479f3",

"sample_size": 4096,

"sample_type": "Binary/None",

"sha1": "bafe6e5e67b39071f5cf62932f88ce635f7759e8",

"sha256": "64b5a9659b383a31369472170faf4818849a73b1f13c622bf8faceeb913d1981"

},

{

"classification": "MALICIOUS",

"file_name": "pyconfig.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "33a8fdec3a1a66ae95b973efa8d9d63b",

"sample_size": 21008,

"sample_type": "Binary/None",

"sha1": "ef86f9810b0918869d49b279645f55b11574f76f",

"sha256": "a48fed147b7fee6d8d70aed9397558dcd8407ad1654a3f060a400c8fc4e6e100"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_fcntl.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "550cbd6e02d4065a0472ad34218aec86",

"sample_size": 6880,

"sample_type": "Binary/None",

"sha1": "940bfcacc097edea1e988b4f47b4c2c1233539d4",

"sha256": "f808fdd26d671b9505102dd391339ed960b3b6b22ef4a84dc230a4925547d2bb"

},

{

"classification": "MALICIOUS",

"file_name": "test_pprint.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "771ce1ebbb3291563d545f9f3effc56a",

"sample_size": 47552,

"sample_type": "Binary/None",

"sha1": "25920eec6acb3f183a45248797263216032e44d0",

"sha256": "5f651c91746ae05c49cd3c4dabc98104fd62cafe6dc45d64358c09af323ceaf9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_bootlocale.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "8ae49f651d1317e43c213589da3ea64c",

"sample_size": 1888,

"sample_type": "Binary/None",

"sha1": "30b9c9d45918f5ca4174b0159142e03d891da4a2",

"sha256": "6ea0db068df4788a7c1110db4181d324ea39aecd70a0b1a645ce4076a6430a71"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pymem.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"md5": "20bec4519cf7a6e98829d42113c53dd0",

"sample_size": 3656,

"sample_type": "Binary/None",

"sha1": "36134d8a1bb9b8d132654ff18fd1f8790f40b70c",

"sha256": "29707826d9ee7e74aa2143a2bed537854e4ed22c8e7ac922e40d138d7beb0580"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1250.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "0b82e8e23793591da8a8299800d98f28",

"sample_size": 14032,

"sample_type": "Binary/None",

"sha1": "94ded9449ed184f4f8a3f96b7777d073a9e085c6",

"sha256": "c70dc57f57fd1963eba95a3f28573bb6a537144568e9feef8a270244e4accf52"

},

{

"classification": "MALICIOUS",

"file_name": "test_locale.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "8ae1592ed2d18ce5ef59b402977c9a9b",

"sample_size": 25072,

"sample_type": "Binary/None",

"sha1": "db650e3470c1f81d6536394b5bae5b2e6b9846a3",

"sha256": "475437ae07b4e7a045d0a8c7dc9faefa0bb6c38002ed02d893c113f4bc01c4e5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "response.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",

"md5": "2d93aaa1a2636338d8c3210f8082fcf0",

"sample_size": 2488,

"sample_type": "Binary/None",

"sha1": "5cc3a6e08be16fa2f7496736c90771675f1c9245",

"sha256": "5b171dc41062c48e6c11b9282a94f5734e4ba5c574ce98e4cab62709c37cfef0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "OneDriveMedTile.scale-200.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "42f8edca65111b7bf42a7c0418f1960f",

"sample_size": 1432,

"sample_type": "Binary/None",

"sha1": "9e25c9b504e5abe9bc53003ce9972468d69afb6a",

"sha256": "4d0968d18e2b10db136b8688f00321f5fdcda43089da8dab267d133a8e652f60"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_syslog.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "060e249be28cc6752f72e0ce91809448",

"sample_size": 1256,

"sample_type": "Binary/None",

"sha1": "cbbb695706ab16df21fc3b394c4d33e5bab76a48",

"sha256": "f86c3d7c527b8938fb19bd9d5e0925a9ec343cb280575d166d90b15cc2a891d2"

},

{

"classification": "MALICIOUS",

"file_name": "test_urllib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "65a851d4260f24398066e994924a9b2a",

"sample_size": 73336,

"sample_type": "Binary/None",

"sha1": "81c564fa8765066b1c47ee450e463034663954cb",

"sha256": "ec8dd435affa35c572a49e99290476a7e56f0815a15f3f0b8338b77e63b1adaa"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "runners.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "ac13ee2570c6013ceccdda9abc2b88b5",

"sample_size": 2240,

"sample_type": "Binary/None",

"sha1": "083cc9893f6aa11b0856a17d8a00c4fcbde76caa",

"sha256": "cc2570f523ac6fd49b6998ba20cd1887b2b84721adc07410c3cfeb58652845b3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pygram.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"md5": "77b36060181e133f44696ca7645ffe23",

"sample_size": 1392,

"sample_type": "Binary/None",

"sha1": "f3994b1b8f40039090b4f2af8122dace0c772e61",

"sha256": "a1ff8806f4b7f216df9386c36e02a865f92a8bd9c474993a2752b4336964594c"

},

{

"classification": "MALICIOUS",

"file_name": "test_set.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "efb681b55c3675e6c463b2f0c028aa98",

"sample_size": 73976,

"sample_type": "Binary/None",

"sha1": "36fcb2aa1201e4e99287778508a1d7ca4b01c447",

"sha256": "d27f621aec2c85bd9fb307ba6617163da091086411cbff1fc0d4aae9cd1aaaf8"

},

{

"classification": "MALICIOUS",

"file_name": "DefaultLayouts.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",

"md5": "1b788da41d97ffd566055e304bc3971d",

"sample_size": 117984,

"sample_type": "Binary/None",

"sha1": "8438e0b406eb98b131e0d361415f5f5b98eb0e73",

"sha256": "8526fdd76e1dd266b18234e3ce0c586454999a276950495b06f4d4d25fce5ee5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_kqueue.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3a0d6a1aac28067fba90ade5e2a5b68e",

"sample_size": 9264,

"sample_type": "Binary/None",

"sha1": "52deae9ed7a0a989719c83cf176615fcd35d20e9",

"sha256": "c96e107ab74b65bac24510a8d11547a3e23e06ccbda1d34ba74489c486623cf1"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_sndhdr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "7bf24847fbf6186b5a98d8dddc3daad2",

"sample_size": 1536,

"sample_type": "Binary/None",

"sha1": "515b8be6afc598e5567926fc1907826acbfdf3d5",

"sha256": "0b285d6ad485feccb9157243743d9ba98c64857d14d614a764905ee321bc9d2e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "hmac.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "3673598e614bb6ac5dd3931ae954b02a",

"sample_size": 7248,

"sample_type": "Binary/None",

"sha1": "1e9f0e80884f28baa7904ec3802d77bef62aa489",

"sha256": "14f25585d5050d9b8e307144746ae4cc7f958bf4e41fdecdb6dd8822fa55efcd"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom",

"md5": "de647e7d039280e5a684db0206334dbf",

"sample_size": 4200,

"sample_type": "Binary/None",

"sha1": "b184b4a792c2e08bdb742b24b924036bea1813f7",

"sha256": "a8c5f4e1c3cb194565d3f0028e7d4c11a814c58f19cb42b42cccfac002c96600"

},

{

"classification": "MALICIOUS",

"file_name": "cp855.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "22619b7935e66eddeb15ff57c7be3d63",

"sample_size": 34592,

"sample_type": "Binary/None",

"sha1": "26026537a6d2227d774de7566bd94880ffb8ae32",

"sha256": "c0c9242d54b5baa1a5dee32d97c0686e439564ad82622ed367aaee55ebb1d9a5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "symtable.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "8542a1beabcca630524b175ba38264b1",

"sample_size": 8200,

"sample_type": "Binary/None",

"sha1": "87b25dc170137b6f517f1f2018441bb768a26d99",

"sha256": "c133200e4f37d54bfd6a51552646682d3a7871aa8954fce3c99212b0b5f952ef"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "nokia.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b8b9a116a89a043ce5b68215255d5453",

"sample_size": 1992,

"sample_type": "Binary/None",

"sha1": "6f0cdf96642bf3c814ce0fd801e62d0fc7f451c5",

"sha256": "46821058954c52dff709fc5bb6217ada5ea4da2baa7e4e4c38e86328f04d6706"

},

{

"classification": "MALICIOUS",

"file_name": "subprocess.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "905e745c43cbaa066658899ef520679f",

"sample_size": 84768,

"sample_type": "Binary/None",

"sha1": "705323ffb97cc3a2061cb538193dca3f81d290b5",

"sha256": "c5575e1f4715a3c5fddbe74dd41b8e1461ef2f38f6874fa9a7aedbfa3f967bb5"

},

{

"classification": "MALICIOUS",

"file_name": "test_winreg.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "4b276055548553d4a32662713ad5acf2",

"sample_size": 22312,

"sample_type": "Binary/None",

"sha1": "74ea531e2981a19d73ffd69b25752dcbe74f02f5",

"sha256": "07c64ea9a006f38621acba80691e43e2541d601c143051a47c386a2bd52b99d0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "nim.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",

"md5": "6c13fda54c749a3c47b0dc224c15a82c",

"sample_size": 6776,

"sample_type": "Binary/None",

"sha1": "3d32988f254872b26b3c8edeaca7a761e57f9011",

"sha256": "f3f239e493b0b6f14b138a8318fc1c3bf37f9c533e2c027f58eb749d56b4200d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "crlf.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "9247b53422c28a808f2cba8b86378512",

"sample_size": 696,

"sample_type": "Binary/None",

"sha1": "0c2cb3c53a822b3a8289a3b92c37a025ee02030c",

"sha256": "2659b04dab901f9ec04b6d699e99a7c178a21cace2771a804d689db287d31b32"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "rpython.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "eb67d6c60d4e6dcd4136b2470fe1ce81",

"sample_size": 888,

"sample_type": "Binary/None",

"sha1": "ab8009952a67a55f3847d87d7dcfa5e6dc9c0a73",

"sha256": "f6fbf846e11b8dd431339648bcc9786eefe52094b6c27beeac82fd8b2ed19ddc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "encoder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"md5": "46286a6a6bfa0f07fdc426d2e494e465",

"sample_size": 16552,

"sample_type": "Binary/None",

"sha1": "b0cab5d7fa833d0fa8162bfb8f8ad4e90c6ced05",

"sha256": "e5da3ca80d0c5909b37531343b9500b582e1691b83ff1ac9783aea08b54d1097"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_sqlite.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "78dfdccf37ed1daeee18c259d636dfb6",

"sample_size": 1016,

"sample_type": "Binary/None",

"sha1": "992760e459d8c2f8cc5e9112fdb45a1ca969ea09",

"sha256": "d0e15eda514a3a5dbf2c0b16f22d0a542727877b5743f5e328ccea63dcb3508d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"md5": "6c1113ffd746261104eba4c76d46e903",

"sample_size": 18520,

"sample_type": "Binary/None",

"sha1": "1840494051a10b49b93da1cd081081ae5ef0c20a",

"sha256": "084077af713192f39d93357e1fda3c12ecfdf945b9cb97ad47c10862d4648667"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "coding20731.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "14a59ba98833a9250888a0c4263f447a",

"sample_size": 64,

"sample_type": "Binary/None",

"sha1": "da43cc9e8bf359504110032946c23f934d6c4503",

"sha256": "dc8dafc47b64f62ebe0f8a51a66e768b2a5b2223c200aa2b1378568d44e11747"

},

{

"classification": "MALICIOUS",

"file_name": "typing.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "955c72d24463a2f53e126fb9aa61a901",

"sample_size": 79344,

"sample_type": "Binary/None",

"sha1": "c54201d52c68480f7358a5c660db217e9f0e9ee4",

"sha256": "c560a2552f59f7a0d82ea4fc270258d276a4f64e3186dd51c0ed2563a723230a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "history.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "7286c5497e47bc484aff4818bf5ded77",

"sample_size": 4192,

"sample_type": "Binary/None",

"sha1": "d238cc9e5489e8886b8213392aca270573a85d21",

"sha256": "79534496e5d85b1f3f162889900d2a54719f0527f4493c87462471add16b185d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp720.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "6dd12ba7b4f67450099b1e8edd7577c3",

"sample_size": 14032,

"sample_type": "Binary/None",

"sha1": "eea745ee93eaf20ced689b250fc86437cdcf6b0c",

"sha256": "2f91028c5cf7cb96e16bc75a33214a686b84074254ce8500d90fd3f3f9ed1183"

},

{

"classification": "MALICIOUS",

"file_name": "tempfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "036d2399f06258baa1ce8b2671005acf",

"sample_size": 28552,

"sample_type": "Binary/None",

"sha1": "ee89dee5fccfcdbc647b5b535ef9c68130a041d6",

"sha256": "f68583e4da88322ba94e420474c42cf1191dc239b7028603566d4e53ac074458"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "relimport.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "007c21713f69ddb783d658201eefaabc",

"sample_size": 72,

"sample_type": "Binary/None",

"sha1": "b99e800ea448ecd10775ae66a34ca09580501b8a",

"sha256": "7932a7c3e0e65440dd417d274aff997e45e705b5935026417b6cccb586508493"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ptags.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "98b325981eb867fc2f64d6e74f5a244c",

"sample_size": 1408,

"sample_type": "Binary/None",

"sha1": "bbcb205b49347a62e93abf078586901ff83c9c05",

"sha256": "9c0d455c98a979431abd956fc6247f56400e1b0dc613e15f555fc207bd569a79"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_unpack.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "6b061fc62bc15d5d2f55fc7e9fdf93e8",

"sample_size": 3280,

"sample_type": "Binary/None",

"sha1": "01908b88800cfbec6a2b28481eca324adda197a5",

"sha256": "d01a41ec6a8acb7bded8a710afb56deeb415276fb5d693920d6ded22ffc5be75"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "secp384r1.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "70122c74599fb634efef7ae84aaef6ae",

"sample_size": 304,

"sample_type": "Binary/None",

"sha1": "10782fd734b3497878ca40d208762465fa459e99",

"sha256": "eed31ce91e2bcbbc26f190ef81f0693c41e0edfeea23ab25c223abe39bd2216b"

},

{

"classification": "MALICIOUS",

"file_name": "pkgutil.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "6f03dff662d3b9a530e7af42e8eb5466",

"sample_size": 25024,

"sample_type": "Binary/None",

"sha1": "1878a91ce469207044ffa963fd8b6bffa77e8233",

"sha256": "29ee1b14f3fae319826709f96c2854ddf71138fc3692b5eec88b04b8318dcad2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "main.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"md5": "e2dfc5db2eaf9fc87d343bfd47bf0800",

"sample_size": 12168,

"sample_type": "Binary/None",

"sha1": "c69e7b1d6132e7c3231dd4f9c081f2cbcb5daa90",

"sha256": "53d032b8a4907b8e95cd0030b7c591ba21aa5575132702129f472d740227ccfe"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "errors.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "5b9d9ada59d2b7729bfcdecdef9f9881",

"sample_size": 3800,

"sample_type": "Binary/None",

"sha1": "02f57b868f83782275c5cbc3599d93d689e8267a",

"sha256": "6525423da1edf825c94d14034d1c071d410c46b192209bd7fcef302f9585bd14"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "6526086852568a34bb5fc3d8ebe13b1d",

"sample_size": 3512,

"sample_type": "Binary/None",

"sha1": "3a369ac1c78bd08eb48daee7d0539eebed3a1b78",

"sha256": "3016fa4544ed5d5f87a331e0e4f00ef4461a4575d42b0168ff6610fdc88176b0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_code.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3aca1ca4f16065ec950092503b09de81",

"sample_size": 13256,

"sample_type": "Binary/None",

"sha1": "23d6c6a504aaf72ff430b7744ead5ce856d96fe1",

"sha256": "a64228798e7755e65b65da5f7b9c661d85e964288f619b4314a66a2d48b5a8ef"

},

{

"classification": "MALICIOUS",

"file_name": "dist.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"md5": "6c50004cb74f64ba2acd7684fdf2a5ec",

"sample_size": 51680,

"sample_type": "Binary/None",

"sha1": "c85655e16e98ea642bee486fb7ddbbd6da07da4c",

"sha256": "059a46200565b849c4cd778860a52349709ee52687be78ca78732f8137fb83b3"

},

{

"classification": "MALICIOUS",

"file_name": "smtplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "3c54a04ad405c4d352649d40096ebb1e",

"sample_size": 46584,

"sample_type": "Binary/None",

"sha1": "66e8ad136b191c571708c512140368f0e0f12192",

"sha256": "bb50d47777609ddf4c60fd376448f4ae59cb7f1f511d37ecc0a9648bbd3cea86"

},

{

"classification": "MALICIOUS",

"file_name": "cookiejar.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"md5": "be7e8f5e5b9270049f8c5cc2b685de5e",

"sample_size": 78992,

"sample_type": "Binary/None",

"sha1": "c4dc537dee3c90b766fc79f1deab044b55f49f4d",

"sha256": "ba177f6abf32316d1ab683a21ad437107eff6946a057be369dace69c6e84e917"

},

{

"classification": "MALICIOUS",

"file_name": "test_capi.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "8f614c250d7f2ed27f78a7b549af0ebf",

"sample_size": 38776,

"sample_type": "Binary/None",

"sha1": "1fe13d4d2370da15f79d963c060a38fb1a5645d1",

"sha256": "1d17b6fbdd29fbb88245b3938cbddc9b45cb96f6b03897dad2c52c1ab974c0ce"

},

{

"classification": "MALICIOUS",

"file_name": "test_with.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "faca21e67fb51fb35774b99dcf65175b",

"sample_size": 27408,

"sample_type": "Binary/None",

"sha1": "c1349f2eb8fa0743eadab0da81d4374e9d517102",

"sha256": "9fd0764e4619d282dc1e99049042ec89975b23ae0c4dee981c51dea147694a3a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "eptags.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "f8de45c97a5591dc9bd1b8d408047da1",

"sample_size": 1680,

"sample_type": "Binary/None",

"sha1": "41143218f16d6284ca4d7b8d7a21ed5fff9cf949",

"sha256": "212190de75af852266135aac6c4f91ac53e90930a71fa3afaec798d4dceb0587"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "rpythond.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "536013a65b9700c0d743bbdb302d00cc",

"sample_size": 1424,

"sample_type": "Binary/None",

"sha1": "15add61c73284c86e68eeb5115129b862797e3ee",

"sha256": "68a6de19444e81c045a8111383c46ea9827fb72f4959c5e95f57f4b17cb5c553"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "saxutils.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\sax",

"md5": "9377de7b99379e9c17edd9daaa1fa502",

"sample_size": 12664,

"sample_type": "Binary/None",

"sha1": "2b55c5802ac869c1c01207b8d53a8f907036f563",

"sha256": "594f4b9586989973c35b6b8090f75a54df112d5263fac0faba7e09055a912dfb"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "enumobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "e58dd9b41592ed3b9901223f6e326a6a",

"sample_size": 312,

"sample_type": "Binary/None",

"sha1": "6a126f0e6f472eb527da53cd57911c0780a42a76",

"sha256": "b548967e73244f954608d3cad184f2c726b463db12c111a7de88f3eb875abcef"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "typeslots.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "0204f21f79dafe1b925a5d0d9cab03ed",

"sample_size": 2480,

"sample_type": "Binary/None",

"sha1": "2bf262413368a312fcaac3f493b683558230d15e",

"sha256": "23436f8a2251431b0a1e97bd5c309d8f622b2495114d202b92c1361b218084f2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "dictobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "88a4bc235c0800f0fd24c12c28c57e83",

"sample_size": 3848,

"sample_type": "Binary/None",

"sha1": "2ed0fc3c3a874a59032685ca0aaea1693c902555",

"sha256": "0598f61729af1bab474c11c259c63abdbbc20bd176a085ed8eb7f396302a0e56"

},

{

"classification": "MALICIOUS",

"file_name": "test_long.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "2a6fda1296f2515355a4cbb607866270",

"sample_size": 56104,

"sample_type": "Binary/None",

"sha1": "50bd867fb2798e7719ba58f68a9433821cd0fdf7",

"sha256": "d81405635b2eaba0e22b13752f732309de1f7b84a3b2ded92622177cef5d003e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "rangeobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "6c5522995d346928e1d88ecc23e7d3ae",

"sample_size": 696,

"sample_type": "Binary/None",

"sha1": "7b167683321dc530749d4c3939a005a80a99a931",

"sha256": "2afbfdaccdeefd988e0e1e0fa5ee5a76f1f62eece18441b51272cb605796e7ce"

},

{

"classification": "MALICIOUS",

"file_name": "test_random.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "4ac6a48b6ad3620e34457f6bb91ab682",

"sample_size": 54104,

"sample_type": "Binary/None",

"sha1": "d14731b3fe53a215b35576aca68dc3692b3b072c",

"sha256": "05656449601c282c77c8a0de0d0a546605541c95164da113b00ba499f233f5f6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "antigravity.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "0ae28f49543a65694bef01b74840a8b7",

"sample_size": 560,

"sample_type": "Binary/None",

"sha1": "143b9441b2449039612b4b19206a7064571d3a02",

"sha256": "817a14e28aff90509809f93d6b71e836a21b216653fbfbc3591e2720446c6954"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "threads.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "50d1e85d713ce25be803217e233405cd",

"sample_size": 856,

"sample_type": "Binary/None",

"sha1": "0695e083e266a43d5fdf0e024d94b120e6cc7f0f",

"sha256": "70748378b2ccf3184e2f8578f75bf344b05ad0fd9552a43eee93134256ef80c1"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ann_module3.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "8c6cc0bb9cd23bd8ffce7bae8b3e25ed",

"sample_size": 504,

"sample_type": "Binary/None",

"sha1": "3a43d397d420f7924e3148709e9e48a53be96321",

"sha256": "dd7f4e047e05b9b6c799338d2b19d2fb14e53433ae79d4f7f46fb50dacb4c9b4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "tupleobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "69f13ec570dc450c70cf24ce0ebabd36",

"sample_size": 1704,

"sample_type": "Binary/None",

"sha1": "0086bb4864e36ba8dbae02b0846ed53a0408dce9",

"sha256": "5792f42ff251b16e2aaac505342e4e917029ed45294366d9c9359b282c7e0e04"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "nm2def.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "f6d6500f17a03523c3dda3cbb93a9d20",

"sample_size": 2624,

"sample_type": "Binary/None",

"sha1": "b43dc17f5df62cdc359578dd75db97f1de7e2286",

"sha256": "cfa8e3f004d369d85714b10e71ebb1e544c1619e6d84c9988afadcdbb91ef243"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp037.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "1d2fe9de34a75e22c14ef5746fc5b3a5",

"sample_size": 13472,

"sample_type": "Binary/None",

"sha1": "00d68dea9d9268a1e0121febaec3bd5168b80ebb",

"sha256": "6fcc7e00e6f54bce95f5792645cd8f3e366c172f0e29b30549f9d82bd060a29f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "tracemalloc.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "f6335423e19ea8df5c7df508a7192777",

"sample_size": 1192,

"sample_type": "Binary/None",

"sha1": "7eb2ad31240062a1e7141b18e3ff865323be6f07",

"sha256": "5d97c24c51abb680f8f98e76e37ec72fb3999880e550aa6fd3e00fc5fc161ebb"

},

{

"classification": "MALICIOUS",

"file_name": "nntplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "3ddf886a18b21718ce22541a9cf04e58",

"sample_size": 42152,

"sample_type": "Binary/None",

"sha1": "cddab471ad8f8f9445bf8c8fc3702a3ac4718583",

"sha256": "8540990a6425acbb4d885c5fda29e5c7c2beec2fcbfa53ef409e6157946a3306"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "warnings.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "37c48c7801e514bc93bdebf2235c8b00",

"sample_size": 1880,

"sample_type": "Binary/None",

"sha1": "a9b0ee5ec55f7509a7891a2e99fa06770958f1d9",

"sha256": "4696e14b3e9c080c9e2332e71fab0fab3bf062a8968965d89442f953d99aa360"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "locks.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "637c0a34583332073b92b58627869001",

"sample_size": 15672,

"sample_type": "Binary/None",

"sha1": "26deaae3962bba97d7da53759ea80a5c39286bbd",

"sha256": "7142b22335ffa6036d9b3a84e0916ca4795f6f30bfb2fbea3450b70d15e3709e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "setobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "97d69e652ab7b18ea6f8c5169b4f46fe",

"sample_size": 3472,

"sample_type": "Binary/None",

"sha1": "aa57a444cf1ee7b325c095337fb5a1320a94d468",

"sha256": "3b1ff61737b2c7db49d0fc8c334b5ba8bf5390a0efedb5b71b4fa06e1fc7f459"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_pty.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "447c4fff57213ccaedba535f70fbf977",

"sample_size": 12648,

"sample_type": "Binary/None",

"sha1": "a77b57e1f459f1539730ebad204276672341efd3",

"sha256": "210bdf0d533237aa2e73cdbbfd3c2d5fd01cad4c482005ffd2b81a91a6563e14"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "euc_jp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "3865dafad7247438c6852b0a470fc532",

"sample_size": 1104,

"sample_type": "Binary/None",

"sha1": "ddd0a12c8b8fdd76bfafff53c4939e3fb28cdc3e",

"sha256": "0c1710612066c8bc6f3b3b68aa9125cd9138ea2bd37cdb009f28ed587005f811"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "euc_kr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "406c6eca2597b6ec541c8274d2f9d53e",

"sample_size": 1104,

"sample_type": "Binary/None",

"sha1": "8990a7ac6c2c1af0d98253716e39050e6d095cf0",

"sha256": "425bb126fc158030d86066422ec32c4e85b8df0f68537ed4303c44ffa2cc801d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "base.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"md5": "d17ba44bbe6e6361c18bfd9c2687ba7d",

"sample_size": 984,

"sample_type": "Binary/None",

"sha1": "c7032418e3a8c4b160789705d60c182c2c98b621",

"sha256": "8a68f359a398aba84f6bd92053e41f8e5effdabc71b1455c5c3faf1ff783a8c1"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ifdef.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "e8a0f91fc696a86c2d828183eed28a9c",

"sample_size": 3856,

"sample_type": "Binary/None",

"sha1": "f18bccc4c8c2971a7c31b639c247ee4f992ed8a8",

"sha256": "e0af55f553f6e46cae7ee78511bd15bf2065cca21f4870db9ba6ccd41c21d156"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "modsupport.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "d2dca7f063e8fcd6b2ea35859c78f025",

"sample_size": 10256,

"sample_type": "Binary/None",

"sha1": "409621a82c6ad2130cca24d02502a8620c5335b3",

"sha256": "d1fe6d0cdafd20b20bfc62e452a1e4f43a869490d360748f500a82d53d4bf260"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pystrhex.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "e1bb1756859262c5d969fc31c59ca90b",

"sample_size": 912,

"sample_type": "Binary/None",

"sha1": "ee9c9e460fbda8cddbf1ca742587239c864d7a11",

"sha256": "ca800d249b217b29c54141bcf8767b08c5d866320971bfd6d46b42767b86bb76"

},

{

"classification": "MALICIOUS",

"file_name": "test_re.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "32156293eaf124448d487e607d891016",

"sample_size": 116920,

"sample_type": "Binary/None",

"sha1": "87015ed8dc378ccfe654199681d9a1703271fe4d",

"sha256": "c404052b700c9d35ed1c32474bd1967da039f54a1edcc126ba47e5641bf3080f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "rgrep.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "967e655f7a08826f9c4a2714d43c4fec",

"sample_size": 1688,

"sample_type": "Binary/None",

"sha1": "6bfbbf413ec05544c64ee95ee4d004047fc31a1b",

"sha256": "d61589dc52817bc7824cc62e57509608b7d48000967e4ffaf98249b78a4d563c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_frozen.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "e126104ffcb71fdb9b4aa460c37902f2",

"sample_size": 1016,

"sample_type": "Binary/None",

"sha1": "a34d8851ffe974a7868124c10dab8f0175b4635e",

"sha256": "033ff3bce254dd6f28cf9b85e36cbe0af1af3805651e5f1946762595c9bff1df"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_aix_support.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "763076198a33247f3792b2d9f55de0ba",

"sample_size": 3520,

"sample_type": "Binary/None",

"sha1": "526392a6e1e30fd311be31214069b03adfeb2c17",

"sha256": "fee4243538392a7271f4eec4f7b7702635fa7ff55b38db2913e0595e627f6b9d"

},

{

"classification": "MALICIOUS",

"file_name": "socket.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "89a1818bc2a9fb306a439f69f3e46995",

"sample_size": 37696,

"sample_type": "Binary/None",

"sha1": "f3a9eeae23c047641abdfbaef37e8017345155f6",

"sha256": "b529761360b6311474817c4cbf05654c04ed32507c8baf9085eaea39a72e983b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "floatobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "442f0c0feafce2b2d74c958791461d29",

"sample_size": 4520,

"sample_type": "Binary/None",

"sha1": "7cfd93bdfdb91685f3a95a376f8b4024acc67860",

"sha256": "73cf646da17fbad60020ba678d2da8d4093462d7fd74aa13a05db80f842b161c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_symbol.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "6d0d7bf1f13dd43c89426e4bf246fffb",

"sample_size": 2208,

"sample_type": "Binary/None",

"sha1": "db8a9cb3b1ae4a2ef07ac46a629d9ad75a7720ed",

"sha256": "def642fc7c9976296b0c205333d7b7b35dab3b5c57e2fb52a3efa5b3c092f07f"

},

{

"classification": "MALICIOUS",

"file_name": "pdb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "32538c439a2ea428ff970426359380c5",

"sample_size": 65032,

"sample_type": "Binary/None",

"sha1": "4ca4bb1548e37c153b86bc0ab102d499fb416eae",

"sha256": "8289c1c275b227d3f2be64389830290d68beaf0d2aa216759e707bd056b3e8dd"

},

{

"classification": "MALICIOUS",

"file_name": "test_base64.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "79b6d49d59fb57051bb1a068a4fed68f",

"sample_size": 31328,

"sample_type": "Binary/None",

"sha1": "c99a596abcb2347b52e343972976f4627cbc5640",

"sha256": "700a8c041ce10d0125cac4d2d246702339d227ccd02f348836d72e02fcade0e2"

},

{

"classification": "MALICIOUS",

"file_name": "cp775.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "4fca96573bc8701cf8eceb7423763d55",

"sample_size": 35216,

"sample_type": "Binary/None",

"sha1": "7a9bc72f3a8ab6ecda07d9e1c6a8e6cfdcbccc45",

"sha256": "8d511df04d2e0f48e3649d9ac5cca2b53f5eea09da002b998057498c25247c26"

},

{

"classification": "MALICIOUS",

"file_name": "test_bytes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "131cf6df12fd50ffe7088b3aaa9e5338",

"sample_size": 78472,

"sample_type": "Binary/None",

"sha1": "2e4f27c773c221efbbe6023089d4fa036547a146",

"sha256": "0c52ff650db1aba90bb14930c560eb7a852fca26019780086ddd0dcb08b3ef06"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "getopt.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "6dda199570dee28d0106efdadb8e5882",

"sample_size": 7744,

"sample_type": "Binary/None",

"sha1": "c67ee23b868f05c2dcf315be6b7c1098b0a13bc7",

"sha256": "a8f3b77227a40d2fe41e5c3d69dd48a5d19396eed6134ef0e74b138cec48bb98"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "marshal.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "bb56c65866797432ec1efe797334475d",

"sample_size": 872,

"sample_type": "Binary/None",

"sha1": "8656b6632955a92cd63d2da0acd59d1ecb5248f9",

"sha256": "df347fb65861e138e675171c42d8dd9169de637a445517df1e810814098ad84d"

},

{

"classification": "MALICIOUS",

"file_name": "object.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "053224b3a05ce2664232806b2588fdfe",

"sample_size": 25320,

"sample_type": "Binary/None",

"sha1": "ba07ad752aedd3b24c62e29a751191c45b207946",

"sha256": "fee9fd4e51707ff48003c2f51aac158896f027f9b7c14c74709ec595b92e0bd2"

},

{

"classification": "MALICIOUS",

"file_name": "NEWS.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "b7720f1efe6a1ac096034ee9ac817806",

"sample_size": 53256,

"sample_type": "Binary/None",

"sha1": "db7d2a354a78c4a13027377b80223f16c3dcd373",

"sha256": "81466e226b4ada88449a4caec832d7fd601dbae744f1672b3599d14ed82ad4b0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_binhex.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b866f7455c0ead4c33c62cd97c43efc9",

"sample_size": 2120,

"sample_type": "Binary/None",

"sha1": "6698532d394ca1200a207c640848985c7bf7de1f",

"sha256": "30c5fc728078ce3afbebaf00e9142274fa959b3bbcdfea2ed859241b8d219db7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1251.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "cedb685f92aff3580a0090883b7dc69f",

"sample_size": 13712,

"sample_type": "Binary/None",

"sha1": "a9d8af6ba51aff0bbf3e5041250b8431af6bdb56",

"sha256": "deda35c9a4fb31e3a9974f1776653a7e8b7a750ba6212401a68919a38ac5a130"

},

{

"classification": "MALICIOUS",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\venv",

"md5": "af93ff17a6600aa6eade509a3dfc3c52",

"sample_size": 23760,

"sample_type": "Binary/None",

"sha1": "b55b8fb553b1d685d95490944871421c3f037b8c",

"sha256": "99b41c0a6ae29c22a64d7c09e4d767d702adda589754295a1c80fec3a2988ac9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "sndhdr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "f95f5b05f62497eb1f1a1a8794d3514d",

"sample_size": 7400,

"sample_type": "Binary/None",

"sha1": "4a3c530a1c7098933383441c7b5a0b11efda708e",

"sha256": "46eb904c39c5dbd510426aa6580ce121da2c7cf817b673481fb17c94019fad01"

},

{

"classification": "MALICIOUS",

"file_name": "test_iter.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "30df9a468832d9d661fbd4cbc241dc21",

"sample_size": 34312,

"sample_type": "Binary/None",

"sha1": "ec973643ea0f2a604dbdd87ba315c5187dde936d",

"sha256": "a66c976d4fb7cfd4d7a165d7c086e5c66cc0ca65aa8d31cd1e7221490842c62f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_sunau.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "89978a6c4c38fa02cb6f2795e64071be",

"sample_size": 6320,

"sample_type": "Binary/None",

"sha1": "ec09eb7c4965806418aa2203384de5118c041091",

"sha256": "281b2b54be5732faf5a1db1744dfff4e154f8535d731059149f8ed2f6f7efe10"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "keycertecc.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "d97d08c82d38eef40ab285b780b36e44",

"sample_size": 5784,

"sample_type": "Binary/None",

"sha1": "8308f0138643050a0fe532a3e0d5507a66283ded",

"sha256": "13e3646ed13b6385df51577362f1e70cb86129d2cbacff266ef5fd34208ef283"

},

{

"classification": "MALICIOUS",

"file_name": "lock_tests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "34ae104c49960742fd54c2e32034b36d",

"sample_size": 31848,

"sample_type": "Binary/None",

"sha1": "726cc27f11440b382717549773aca87d5e681cc7",

"sha256": "97b765cad8173018d16182dd6826a402d3c298c26d30ae6ce10f38891c00b314"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_audit.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "5eac77aeaca363a71e4e3810fe4515d3",

"sample_size": 4432,

"sample_type": "Binary/None",

"sha1": "f7e2c5796a0ca133ff70759df2629623e66cc9dd",

"sha256": "ee776f6c2b6c1e6b9505968f2defccc13c0e2940081e18f9d4bfc3561294a415"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ffdh3072.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "f297f1d20bf7e20863c4927b335e2b75",

"sample_size": 2296,

"sample_type": "Binary/None",

"sha1": "77cb24426a5ecf77d9ff76275f4d3efe7a96f7f6",

"sha256": "d754b1d2363e4e51751ec2179b01d87a2c322d929302d9ea5d9f1948cd9ec19f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "grammar.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "637cb26cffb3a35bb1cb54888ed9ce36",

"sample_size": 1936,

"sample_type": "Binary/None",

"sha1": "bf49664f8c110b5e5ae1e455d48a061a6f89dd37",

"sha256": "2c57a622e7567b025c2b691a23d1490a9113fd68f0c736fed48f83163060163a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "opcode.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "af2ebe539760c6c4147a6892f7dbba73",

"sample_size": 5080,

"sample_type": "Binary/None",

"sha1": "fe3fae83451fd7fe2cc027baffde414946d35f8c",

"sha256": "535ea74715f94f34d3ba44608036da6f06c7122b5fb23dce03f59d28becaba21"

},

{

"classification": "MALICIOUS",

"file_name": "test_bz2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ae787ff9a14ac980e900b84b2429679c",

"sample_size": 38888,

"sample_type": "Binary/None",

"sha1": "573e552f2860f32ce18e7e56210171282b3a8f48",

"sha256": "b0765f4e6afdd1b39cf0f70e4db05016282c1f1c1fa36e2b3edcae8ef42b86b7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_raise.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c70212afdcbc0a66d108275ff49eefed",

"sample_size": 14312,

"sample_type": "Binary/None",

"sha1": "3b26b185a2022a91327b7ac7a2a2916efa36f827",

"sha256": "7002fca5ce377239a47dfffaa87e2574865b0edf547b845387c9df165f23462d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp932.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "2ec75a1bb2f3f60b44ea85310ca3326c",

"sample_size": 1104,

"sample_type": "Binary/None",

"sha1": "531f3e8da6d916d867ffe0429020f0713c168bcf",

"sha256": "252ec1085d49a2d123f5aa83c74186856404a20a73593d0b40bc817e6af773dc"

},

{

"classification": "MALICIOUS",

"file_name": "dataclasses.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "b035a655316c7f0b78d69d741535ddce",

"sample_size": 50912,

"sample_type": "Binary/None",

"sha1": "ee7fd09dc897cb9e39f743fd043ad9b319e36624",

"sha256": "086dfc2d55f85b531cf0dc5bb835569ccd305b689d1e094b9561b3d768bbce0a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ascii.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "1b8c3adc428f944b08fd5b9246230033",

"sample_size": 1336,

"sample_type": "Binary/None",

"sha1": "fe917315a408bd8d21acd891e29dba9b5e59a76e",

"sha256": "4dd9362749281c341272f6eed789373937683b707936ec0da5484e7f3f13b33b"

},

{

"classification": "MALICIOUS",

"file_name": "cp865.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "3bef7798050af77fd9bbd59c181b9f6b",

"sample_size": 35360,

"sample_type": "Binary/None",

"sha1": "44cf774723126449aabdc352343f6df2368ba5ed",

"sha256": "34f1e349317d35f55b19920a9c50f4758e719ae420ae1aefb242f96fb9fe08f1"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "fork_wait.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3e9a7ff9b0eb1837fb5178b8f6523c1d",

"sample_size": 2352,

"sample_type": "Binary/None",

"sha1": "d6b07bf01f37612c7145d7585a03e3b987918283",

"sha256": "34d6a93c8dc6b8c99ff0f5a26fe6e7c9229e1b306186a5788c355306c14da615"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_markupbase.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "e287befe23244f719f9aad6f58ef92de",

"sample_size": 15056,

"sample_type": "Binary/None",

"sha1": "3153f5862d63c29af2ad857f412de2b7d3c377f9",

"sha256": "b6aba95fe6f844f434a70563bcdea56fec1af9e22dc79b5fb7d45b2115954ac5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "dialog.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",

"md5": "c77716cb4ddb35f10e2db9eea637b033",

"sample_size": 1632,

"sample_type": "Binary/None",

"sha1": "a251d442fe1799d144024d841c7a58f78f2baa71",

"sha256": "85ea01c90c0114139776463be60eaff03d6355c65c18b98a105ab130d9c3e27e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "charset.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "f976732b40bd90bd60ba5c03a3e8f604",

"sample_size": 17576,

"sample_type": "Binary/None",

"sha1": "2c2c70517bfdf2bc2267d511c43df1381692bccb",

"sha256": "72a838834b36a76c63769b1fd9704d1fa3b945de995a3802201b54d2c6d59d90"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1258.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "80fb8470ef2a0d1f8563b658d875ac05",

"sample_size": 13712,

"sample_type": "Binary/None",

"sha1": "045040eb6e77660961a7e82cfe4cace55e64f542",

"sha256": "4b2e44a15d3b1a9a91f38717f6552ed77c6b3df1050f602b8a1179d75e60eaf1"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xmlrpc",

"md5": "1336fd81c8877b29bce7c64d082ec47b",

"sample_size": 80,

"sample_type": "Binary/None",

"sha1": "929bec86b3220dc08c54d93a2c1d0ea49f2384db",

"sha256": "fccf29dfb18310ad514b3d198ef8d07a6d1e5a5abe893fa4a6bf586508de36e3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "patcomp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"md5": "fcea4c5c64054117a4c9295e4a6196d9",

"sample_size": 7296,

"sample_type": "Binary/None",

"sha1": "5e624655229f671637c02980f3de50bef2a3ec28",

"sha256": "5ab8a6c0656989ddb4cac98715b7054804b25903b48e6cf177c60ff868b8d74a"

},

{

"classification": "MALICIOUS",

"file_name": "cp850.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "6ed3f35ec46914673a5896b12bdd4599",

"sample_size": 34840,

"sample_type": "Binary/None",

"sha1": "13f35c9112add00b5c1aaa2ef79805bb742b0917",

"sha256": "32dc684fe8697160f93dc4c664abd2b622cf3f7f278c4c83e0221d93cd40057b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "imp_dummy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "571910322eb6dda5dee70505523d92a8",

"sample_size": 104,

"sample_type": "Binary/None",

"sha1": "c7811144884a9db38b0c4cc2d34bc1f38321618e",

"sha256": "e10e9a2c87bc8e632eb297984fc209981829c5b885fdeb0c80de645a2447ca1e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "OneDriveMedTile.scale-125.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "389f464e3e60d3b5b80a1b3a655477e2",

"sample_size": 888,

"sample_type": "Binary/None",

"sha1": "dcbda158416d9c9841ad3de5d275059cd12e49cf",

"sha256": "52dda79726567ed2ae2cf3c2ea07089a5ba652eccf86e660df57244c0fcff0f5"

},

{

"classification": "MALICIOUS",

"file_name": "client.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"md5": "71deb93a46c2f97e5ddc1ef5fbe4cbd5",

"sample_size": 58112,

"sample_type": "Binary/None",

"sha1": "76941cc4dbfe293f3db5067122fd4924c518597d",

"sha256": "db53f27c48f1a1668a8c8d9a48f31a83cbb9bf60d2630aed9e5ce4d039f419a0"

},

{

"classification": "MALICIOUS",

"file_name": "NEWS2x.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "9b50e9fb20d6a2cea2d6d0712c1e9ef1",

"sample_size": 27872,

"sample_type": "Binary/None",

"sha1": "4e19d665fbfd3aff7742bfea6be5a71bc938adeb",

"sha256": "7ddbbbbbe0dc19fd0bf4a3f5ab946b233e0ab84ecd8b8ee9cfadf0b5fe2795db"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "extend.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "09104c4c4491c76eba3bef46d58b3cca",

"sample_size": 3752,

"sample_type": "Binary/None",

"sha1": "1cd746eb60fe8ea7c61744420fd4ab40f7494c2a",

"sha256": "10df4f8a39f161bea89285ec0f8f6f5ad35598835c6a39a36b14c0b7c5c36e98"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "2to3.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "08e98543d7808dea5c9efd9875017943",

"sample_size": 144,

"sample_type": "Binary/None",

"sha1": "4a418fc18e04bf6c216fed801a7a4cb6b8b81c3a",

"sha256": "ce997dec1b2ff538fd4375e7c58c358e5b21dab39a063c369779ef26d6d54940"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "lfcr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "146431d711eb49d92a0b9611dd45398a",

"sample_size": 704,

"sample_type": "Binary/None",

"sha1": "e1d0d9bfe337e248836950aa856d01bc57040ead",

"sha256": "f2f2a8b2c6eda56fdc95dea93e9530aefcb14b6a2e25edc425a78ab48888906c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "nullcert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "7df02e12f874adfe53efab4d9402c537",

"sample_size": 40,

"sample_type": "Binary/None",

"sha1": "649791b0eacb774edc70e6be7858f4d937f6a137",

"sha256": "b99f7a569222bd74e17f7b8215ba233150657e434ef38a74a17cc642e77fc8df"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_zipapp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "47f9544d30ad7632f7349490afb1eee7",

"sample_size": 16744,

"sample_type": "Binary/None",

"sha1": "e98afe05789cb9ffa7f0d5020494cf31c82f985c",

"sha256": "c9ad092fdc735691542c895161be7330fa88e7b09789f5a502e7c3767fb4868d"

},

{

"classification": "MALICIOUS",

"file_name": "zipimport.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "e0acf27f463efd9e4beaafaab0df07b3",

"sample_size": 31600,

"sample_type": "Binary/None",

"sha1": "8fb9c31c498f748fc9fa074892f0526d21fe2b1e",

"sha256": "f6d5ae42402c2f1ee927798602cbf965d0404177017a5045753098390642d652"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_sort.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "4cfd89961675f4c9206fbc31b0fc437e",

"sample_size": 14168,

"sample_type": "Binary/None",

"sha1": "7950951826450193932134665cdf45aed67a4a7e",

"sha256": "06626deb8048a31f1cda63ee2075342c8db7ef48376e0e2f58fcf46203f8cc52"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ann_module5.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "20d19215dbc051ca9e36d7db57e8f814",

"sample_size": 256,

"sample_type": "Binary/None",

"sha1": "b9a6755944ae68f177efa99cd1943e8dfb8325df",

"sha256": "f8c5f9918eadbebb4f5e4afce74a3daf49b248c286755991f0852626809cb0ed"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_print.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "adfd7c554214487d407385fb759bc194",

"sample_size": 7808,

"sample_type": "Binary/None",

"sha1": "2dcb869376bd1c3f4f047a818d178905197c38f3",

"sha256": "a1d954156990294c0eb6d136bd3d7f9100c22aa70091ed302458605338079b04"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "quopri.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "e2c64b2dc47ff403bb640d01f7ed08bb",

"sample_size": 7552,

"sample_type": "Binary/None",

"sha1": "205e3bf6162488f046cae720018d900bcd0c75a0",

"sha256": "af96aaa2acf4437451c4f9421e37149c025d7663b54c2d47ceefee5bc27cc14f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "scanner.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"md5": "f74b5a50309bfa097a0b4253636a1250",

"sample_size": 2536,

"sample_type": "Binary/None",

"sha1": "3ee22e8f6ac8bf33359084b9ffca43d2cbb4d3c8",

"sha256": "af6a98c25452e95fa873e0d0a0ff6da5f37e68892760edaad0f1762caf17742f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "moduleobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "b9d6572dfb309139aaef8e77e2a326ee",

"sample_size": 2488,

"sample_type": "Binary/None",

"sha1": "546b370fd927ac5be40f3076051f15cd6c55ce6e",

"sha256": "4930402f15ef3823bfab0e62e8598299b8ef904f34d4aef761ec9b42b8855171"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_eintr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "0572e96b88914ff23bbd3c20205a05ed",

"sample_size": 1432,

"sample_type": "Binary/None",

"sha1": "a8274e3e72620b9b84f8dcc646e334a7933a702b",

"sha256": "aefc3920371bec8e17b8ba611fbda2b952b5b50a452c8ef8093b070bfb04a74c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__future__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "3ad489ccad38b979221b71b405d00c98",

"sample_size": 5336,

"sample_type": "Binary/None",

"sha1": "2d324459f022c6b9ec8a6dbf02381566f7a3d2f9",

"sha256": "acfe7c727b5033e34a702c61a325ae29653773baf1abb50265afb5d58f99146c"

},

{

"classification": "MALICIOUS",

"file_name": "statistics.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "14bb2df9b841f33f0a95de5d0d417e13",

"sample_size": 39224,

"sample_type": "Binary/None",

"sha1": "d75a36ff8f9bd18449927e35b83ba36b3bca9257",

"sha256": "eb05eb01380731752d68e734f5b868556ce737baca03463bfd1e002438c8b785"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "parser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",

"md5": "854e913ae9f655bd5d392e0339d27865",

"sample_size": 17896,

"sample_type": "Binary/None",

"sha1": "f79bc8e11fc3cbff723d484dfd4a88a7cdcb8d4d",

"sha256": "46f7fbfa2ba01f36f19bb030ba2f51e00bd244bae233aa80a6c311148de1cd5a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_super.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c75300d0f62e5a02e888f34ac13f3beb",

"sample_size": 10192,

"sample_type": "Binary/None",

"sha1": "69fee78273f2c1e8c7bf9a2bdb118f7ce567a462",

"sha256": "c379fb3bd6c92c04c306a498f7f3a74fcd90dad4637c06a7061a27d9256e6337"

},

{

"classification": "MALICIOUS",

"file_name": "turtle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "c1fded0b5d2cfc1f832cc78bb39fb9eb",

"sample_size": 147976,

"sample_type": "Binary/None",

"sha1": "3a35bae93a51913ece7858f9f29a3d468f7a2740",

"sha256": "af1aa3fa1492ce0b2c3ba817fcd8977ab1326ef423976000f1e3c0d5a453c649"

},

{

"classification": "MALICIOUS",

"file_name": "weakref.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "0bbcbc567a5c87e9444d21f4fb0c3285",

"sample_size": 22272,

"sample_type": "Binary/None",

"sha1": "2ae7b57bf7d16ae01cecc313e2e6a09006a12d0c",

"sha256": "203fb7a37493935070916f962c58e87c419a7d0c493080dd02436ca1d96ee5a5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "dnd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",

"md5": "ec757599731aef3b8a4e70af4647a098",

"sample_size": 11896,

"sample_type": "Binary/None",

"sha1": "d289e26342c8e81f3e703edb59afeed456e0d1c0",

"sha256": "5b649d63efea556b686146ed3ec6c619a6cd6a63987b3c54270f9324ff30f77a"

},

{

"classification": "MALICIOUS",

"file_name": "test_math.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "f54beb542b56420da6734fe6ad409493",

"sample_size": 91696,

"sample_type": "Binary/None",

"sha1": "acf465745edfbad71162a058cd407230d16936ee",

"sha256": "e525e5ad6937f8aec2d94b13be2d5cf96480376d768175076a9420b6b71d428c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "brndlog.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",

"md5": "1915baa033d1912e81ae60880429093c",

"sample_size": 6616,

"sample_type": "Binary/None",

"sha1": "6fe32dfba4daaa8c3d9f338dd6d4160e44f5c646",

"sha256": "81d796bb00b01238ec1dcef1b73c65bb58c1392cc0129029fa2aca495e8baa98"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "dbapi2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",

"md5": "5e3b75d66dacaf1067fea9c9361ebce4",

"sample_size": 2816,

"sample_type": "Binary/None",

"sha1": "4d47fd3eb1af0b499fded04f145b96ae5823391f",

"sha256": "6a9fc7958b4dd3f96f4b822b91b5618f91838e7ffc04d164d09b75426c70bc73"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "mbcs.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "00c32031127c30c3db11679d02b998be",

"sample_size": 1296,

"sample_type": "Binary/None",

"sha1": "255b47c3915dad244dbc1f4bb2fffa5b93e7664a",

"sha256": "f4b34475792d186316e60a7add8d7cba56386ab564608e02c5b15eb9f22d48d6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "sched.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "84efb2bf35cdcafa8a1b5ef1d173b89b",

"sample_size": 6648,

"sample_type": "Binary/None",

"sha1": "082b95ab73527f078f5d6cac729642459c281954",

"sha256": "c46c23e0349f59a82dc5e15f589add3a83007f74710cf3708b0de2975bbb7fe6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "getpass.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "b2059602ffcccc4ed07d19895d06636d",

"sample_size": 6216,

"sample_type": "Binary/None",

"sha1": "5c327d766ec72d62970fc06437c321e96ba75b0c",

"sha256": "ddec8d1db71f926b212ed3348eb28e1238fbe5fb468052b5a7ad2ef825cff4bc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_turtle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3874eac32d6feb347c3fd644a8bdfeb5",

"sample_size": 13448,

"sample_type": "Binary/None",

"sha1": "4bd0d922b3364d0b892a552a683144092778b493",

"sha256": "6dd4ca15906b093c2ba4c182cf6db1176bf7cb4b82f37cd8e4fdf12860ca8ecd"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml",

"md5": "4a9a9a32fc5fb8d30d3f5606061dce9e",

"sample_size": 616,

"sample_type": "Binary/None",

"sha1": "95c3a5a49c74a0643a7e54a121109335d89a6f12",

"sha256": "c48328f5c14ab84b62d59262e00bbc6302c57bed47607ea17df3ab8892dc8fa7"

},

{

"classification": "MALICIOUS",

"file_name": "minidom.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom",

"md5": "e6a45e247454243d800587c88be7b0cf",

"sample_size": 70120,

"sample_type": "Binary/None",

"sha1": "001c5b3f54cb0681a0c03fbaebc4d406f6ad9679",

"sha256": "82edb906b19b0e26767e169012e0619d40321cb9db07e2ac2404782e33b76240"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "gnu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"md5": "4cc3692e447461dcb4a04a53e894cfc9",

"sample_size": 112,

"sample_type": "Binary/None",

"sha1": "76c38918acf04bb29325b48cb718dbd2faaa0021",

"sha256": "22b7b16b0e0f93c659fd6f596f450518b9b025037ee75e45eaaf03f17c3be5f0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "io.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "16a0eafd3d71f9cab100781d316d08e8",

"sample_size": 3680,

"sample_type": "Binary/None",

"sha1": "a62fda6a3946af46580321a0536a90f7e35e71ac",

"sha256": "77ded55468899ad948c69428995207865bad09d65155a538923dfe4e8063cc6e"

},

{

"classification": "MALICIOUS",

"file_name": "test_int.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "a20ba19663c685388504bd66b0a479d4",

"sample_size": 21912,

"sample_type": "Binary/None",

"sha1": "b67e65f87e839dc48dafa12d996a6d155951978e",

"sha256": "2644355408e48173fb66932239bc5669047971e79a58d55d7278c179402c2d01"

},

{

"classification": "MALICIOUS",

"file_name": "calendar.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "59f68e814bde3287490ec949b85aa5da",

"sample_size": 25640,

"sample_type": "Binary/None",

"sha1": "9a5c326642450f91151fcde77f272bea93e520bf",

"sha256": "6da4eb12f433dd2e0bf1fba598986734671d8e4e5b598a34864d24e939caf97e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "policy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "35549a7f2c952f687ac9d35c3a152de1",

"sample_size": 10648,

"sample_type": "Binary/None",

"sha1": "b2b51c118c10924cc8c4780e2d1f60258e1ea066",

"sha256": "ff3126c2a0d16acf032dae8bd0f65127192a835848ed8e66fa5bcb953009ac6e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "mailcap.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "1406ba76da23c156fd258f4dfb4f6d0c",

"sample_size": 1352,

"sample_type": "Binary/None",

"sha1": "d1666025e37a9853efe8edb53b80385c36ee80cf",

"sha256": "ababa37626163c5cbae15b83ad7721ac774832089a16ac2765bc6fbb373a7528"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_module.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "1a2a557d238f7949b9b28f754e0a66b1",

"sample_size": 10800,

"sample_type": "Binary/None",

"sha1": "a355b51559afe870fb1c4d4d1659d0560d7b310e",

"sha256": "ba9ebe16180fe511523f0938ceb90b41d02f16b895dbeedb413e6332f679e4aa"

},

{

"classification": "MALICIOUS",

"file_name": "_parseaddr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "bdeede01604cefdccd3a234475b5eafa",

"sample_size": 18312,

"sample_type": "Binary/None",

"sha1": "bfe93621dfe525b46663d5af00cd4ab2727cb5fa",

"sha256": "b5458d5071e976c283180fb719ef0c01e93133ac6a6df33762b2e0bb7ae1f52c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "text.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"md5": "ab6485c56bf4086866ba43036131541d",

"sample_size": 1520,

"sample_type": "Binary/None",

"sha1": "7165068d2c869508a9c7363425f47052c796488b",

"sha256": "74f034dda8839203ce86a972fadf9cc9f4f8bcc831112b640731e0f49eb6fae9"

},

{

"classification": "MALICIOUS",

"file_name": "test_xmlrpc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c415058b4d8692d2c05785277a56ecae",

"sample_size": 60104,

"sample_type": "Binary/None",

"sha1": "6a302419b7f29bcfedb3ed492ce8a21d4c7ee376",

"sha256": "c0c7d1e066a477854cced8758f4cdad775859371edb855968862274b0d93ac91"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "graminit.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "772b8eaf52568dc431007584d4593cd7",

"sample_size": 2256,

"sample_type": "Binary/None",

"sha1": "73c86b471954ba1cc9c97e1b43273bfd5e48890a",

"sha256": "7df1b32ba1e9ab5f547d706e94788d700975b0b525701b4f48825d653293f5f4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "dis_module.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "1f1095b26f1fa07a879e09575f963dfd",

"sample_size": 120,

"sample_type": "Binary/None",

"sha1": "ad74d9e3f141fc87586a8e8796b9f8e165680a68",

"sha256": "66a5cd5f8c9d6e396c83762784a50a07fab0134c290103597567c0aefbc8deac"

},

{

"classification": "MALICIOUS",

"file_name": "test_syntax.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "301fd37908d3c2c39d7ec29951510b7f",

"sample_size": 35960,

"sample_type": "Binary/None",

"sha1": "5cdc71559b2aca39517f8199efc1c55c0fd5e9b1",

"sha256": "23ebedb73dabafe93f6522f0e3511d3982e5275cee0d909563cfe82f2528c276"

},

{

"classification": "MALICIOUS",

"file_name": "test_typing.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "59082522b347780aace84cdab59f3747",

"sample_size": 147848,

"sample_type": "Binary/None",

"sha1": "2ee8ba9d5aafe3102865f179d80d54c506499ac6",

"sha256": "c5d7588f82503b61927a7e61913cb6588d6fd7448d8cfa8c5c8dbfbe955cceea"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "fileobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "3024469e935f1d228bb70df7ab679fd9",

"sample_size": 1664,

"sample_type": "Binary/None",

"sha1": "02091011d261b11ce90bf23f53d03a15288979d4",

"sha256": "9d8bbfaf8ba44eeb53069509655cae7b0b4f115ad91e4ca657fedeeb78820eca"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "shlex.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "0b907c92f17acd6f33816b6a31f5c125",

"sample_size": 13888,

"sample_type": "Binary/None",

"sha1": "bebf58fc0e773f3f6228cc001b74b14fcffd4925",

"sha256": "9773003f815f2d28e2fbd1b5b9b210a5301d64aeccef4b33545a07bba57dbc18"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__phello__.foo.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "419a95edb628a40fb8ae9cabe7d70a75",

"sample_size": 104,

"sample_type": "Binary/None",

"sha1": "319ec899e1af20e503277b3b92e399a8bc976ec4",

"sha256": "0e1360dfd82b0045d1d48f5c588e203f4bf21ccfd68cb9b37570a772acc5b193"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",

"md5": "cec9bdb2b04b7844c36d7e81b2cac9ac",

"sample_size": 40,

"sample_type": "Binary/None",

"sha1": "de6abc27998f99f88fa150a86b0d041461ab3344",

"sha256": "a796a48eb3901bd65723a101ed02433af5fe686322541c4c2d8e3beb645276b1"

},

{

"classification": "MALICIOUS",

"file_name": "NEWS.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",

"md5": "603a5fe3fd01c8c3068a1347497e4632",

"sample_size": 1128128,

"sample_type": "Binary/None",

"sha1": "10489d490e9e6da9427043891da39202f0db52b5",

"sha256": "a6627de09cc72ee3bef146faa655000aff0cb8fd6f6404626062cfeafe5f93e2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "copy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "d283bdeca1b74ab081ac7091661859bf",

"sample_size": 8992,

"sample_type": "Binary/None",

"sha1": "02a556fd4f5fce2892e90ecc1e763093d5239f5c",

"sha256": "9bfd80da299dafb79ab4ab932c0c230bc9ef1daa084dbcba4199c10ff8b46f4d"

},

{

"classification": "MALICIOUS",

"file_name": "imaplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "9a64b5a289d1aae27f1efde0ceb01fab",

"sample_size": 56592,

"sample_type": "Binary/None",

"sha1": "b5ab853cf1b629ac789e5f50459cf7b2f1c866a9",

"sha256": "6089e95054f17d3ec207f08ee82a05cd0878af009e5e17603d2b21fc5cef59f3"

},

{

"classification": "MALICIOUS",

"file_name": "test_codecs.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "5d5fca7e95701aea7845e490a2ce1f61",

"sample_size": 138360,

"sample_type": "Binary/None",

"sha1": "4b617a1a92475ab987915945efc0971fd03c82b9",

"sha256": "7576007fdb2bd1e091ab63cab56c310de27ce1ae99faded0c637e1bb0e21e52a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "copyreg.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "803eb04f7b43aaee675593c103be57c4",

"sample_size": 7528,

"sample_type": "Binary/None",

"sha1": "a5dcf94b9c9dcb86333bcd869aa650f98f8d9f6f",

"sha256": "786817dc83366d77c4df8938fadf82a0f29e4e1eecc9f562ef443f5b7da1bcbf"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "objimpl.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "19b78b6d5dd3487f0d39a277d1035931",

"sample_size": 8680,

"sample_type": "Binary/None",

"sha1": "ec729042751a8e179f053908f5366210edacba50",

"sha256": "2f2b15b905fbbedfe4f1a008fd741942e550798b98ae8869a3e3ace305d3edfc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_bool.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "64ecd0d65ac24f9f27ba3076c79ea51d",

"sample_size": 13144,

"sample_type": "Binary/None",

"sha1": "843eb0e2b7fd8ac5065e78737240c39e0a478c99",

"sha256": "63b87d9b93914930fa6efe97dcefa82abce79aa1c7f84daf99cba17578c38910"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "mock_socket.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "351bf7f6463e3776200c5771764cfcc2",

"sample_size": 4000,

"sample_type": "Binary/None",

"sha1": "ab55d87fd164f915087d237c920d92594ed242c5",

"sha256": "42ba26107f3cdb80b45f36a0faf14a0e16fe4f6b4b972a106e130aba371448eb"

},

{

"classification": "MALICIOUS",

"file_name": "config.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "e0176b5c804c63554ee5b763aa9266d4",

"sample_size": 39128,

"sample_type": "Binary/None",

"sha1": "157c073c89f64c61cb153459e124a1da50f286c2",

"sha256": "074bfa7f168a0ed336aa0b95c75bc1ea2c88fd5ed3e9351a6464d923a34bac18"

},

{

"classification": "MALICIOUS",

"file_name": "test_struct.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "1a6d3866f41637109edba58e787a480c",

"sample_size": 36920,

"sample_type": "Binary/None",

"sha1": "31cb71b2a6a981a10cad76c0faf355d34b9dcdfc",

"sha256": "ffd496c63f931a897c19f13c285114386bf1d07ed1b889c0dbb1f5898828a5c3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "trsock.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "69fa60534dc812e7c1db9871d2238b2a",

"sample_size": 6120,

"sample_type": "Binary/None",

"sha1": "657bd68fc30c64520c9211c293216532906b765f",

"sha256": "2079c96fcef6520be733145787d7771f1e418fe84791500f61298b7488210499"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_pyclbr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "a08233d6a5cc0be4e9131e156b7ec188",

"sample_size": 10424,

"sample_type": "Binary/None",

"sha1": "540c6e4afeae627e03e42c1214295c0041343e68",

"sha256": "fcbe107aa4aa769a501a5a2cd58aec0d79595a3237b5054ecb3264a02b849ee6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "result.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "e2f2b5d7ff9b48ef4a1aabe77ce53278",

"sample_size": 8648,

"sample_type": "Binary/None",

"sha1": "b7ee4e70ae85f63e5e62954ecd6ae18dec14695e",

"sha256": "dd9a18f8a3c8e1db5af5d0542d37b41bc2ace3e913be3c3a3de52352c7fdb7b5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"md5": "90c12c6b8d1df189e55a0791af16f88a",

"sample_size": 14416,

"sample_type": "Binary/None",

"sha1": "9dfe2d0ea8af71477865c4340d4a594a9597acee",

"sha256": "21c0bddfbf1bd94076d78c8782d6d9e0a13e59630a38520e42ef18f6f71a2501"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pydoc_mod.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ba561bf0724efc566b8aa1f67ea78b91",

"sample_size": 1024,

"sample_type": "Binary/None",

"sha1": "fe30ba351c198b3d73d846ecad00e6ef81346031",

"sha256": "464936bce9f33b544c226a79febdec8f418f259d8427bc0047c3f8f609a120d7"

},

{

"classification": "MALICIOUS",

"file_name": "test_strtod.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "af6478c51d9773ac90294eaae645e683",

"sample_size": 21008,

"sample_type": "Binary/None",

"sha1": "41c8a51b2d6d82d4d2178f8fc6d068a0b595af2f",

"sha256": "076c35eff357fd4047370ea898e5aad2c701e3d98b7622f986da79b776015e04"

},

{

"classification": "MALICIOUS",

"file_name": "_collections_abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "33446187c1bfebb8a33b40f59cce0ee1",

"sample_size": 30528,

"sample_type": "Binary/None",

"sha1": "d39792fd0eb2cbb244e55c4cffbf3227aebf1575",

"sha256": "2ebe2f6b0bf0d6ace528d6a0c4dd6f76ab0f0bff287ad5dd6d80eac94fd5e83b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\collections",

"md5": "afb04740450b86d9c91c6820c6c4f513",

"sample_size": 160,

"sample_type": "Binary/None",

"sha1": "36b8173c0ba27634299f824a4152ee20ed6a0361",

"sha256": "d4139383335a43b57cd2882ca24e9434088cdfedd8a0edf32533e65867e42f16"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "code.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "7bc4e58ec6effe3b7da5079dc8a57901",

"sample_size": 376,

"sample_type": "Binary/None",

"sha1": "d1768cb56e348ba81cedcfde17d8dd90d5863bb4",

"sha256": "d3323d5e4d76a5512600ccaa90f6824c97636548f16a43bf773d5503f71d0e36"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "hz.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "8bedf55ebe9f66fcb368d25273d42726",

"sample_size": 1088,

"sample_type": "Binary/None",

"sha1": "26ef67678665e87f4cb824666a5a04fcc755928c",

"sha256": "45e02030a3d642e2c222e332a0fd9046961d7b3a0e3d40fbf07c56e4d866838f"

},

{

"classification": "MALICIOUS",

"file_name": "cgi.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "0ae3f1aab5fb99c1714012425750a2b8",

"sample_size": 34976,

"sample_type": "Binary/None",

"sha1": "383f4344c1d90022cef1368a17cc3d98ff596041",

"sha256": "7e0064864a95dfa486eaa44608824cbc3c273e88657a1a84d4e2986d54732b41"

},

{

"classification": "MALICIOUS",

"file_name": "tokenize.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "9f9855f3cefa20102f99cb8a7b2a4b24",

"sample_size": 26608,

"sample_type": "Binary/None",

"sha1": "1455e52a03928ed7a79392b2d58e3b5af583bb98",

"sha256": "4f081061a633ee3d309d4d9726c8a1e41d5ccd54fce56d59959ee13a0b13bf8f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "asynchat.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "c582ddb0f5deff5cae8f1249541899a7",

"sample_size": 11672,

"sample_type": "Binary/None",

"sha1": "7f96fb666518cef966c8602f08e58531ec0f68de",

"sha256": "408a2ad407cf6531910df8784d92fa151721c70a8c10daca1fd3629b3e39fe53"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "2658c1d90c40e9c21488419fd37e8b49",

"sample_size": 5424,

"sample_type": "Binary/None",

"sha1": "6d45c279b1d5c761fbdf600ece8958a785350c59",

"sha256": "ae28f83ac9c8d63e4a85b1758c79bdc125fd6f3aa6e1eca319bfde78b7d30029"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "bisect.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "3b3b3a09ed8c4df48a46e3dc0cceab3e",

"sample_size": 2472,

"sample_type": "Binary/None",

"sha1": "855d6a58fa1b4c3a96a21fa6c838f280340638ba",

"sha256": "4400fdd44ac9e6302c51c9c26c74556c500ecc622ce0eec81d2040fd08956cc7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_pwd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "4c0b1b6896dd42dc7ddd26bb572225c9",

"sample_size": 4424,

"sample_type": "Binary/None",

"sha1": "065efb7634692af8d62c60f9e908c3a89e5a9ac0",

"sha256": "02ad2080a8cd8929a926d773fbd0c1a7cb13615a4c1dcedf2e0847c7f1aea2d3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "netrc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "e12379309fbd495b77dfed3d1624f424",

"sample_size": 5744,

"sample_type": "Binary/None",

"sha1": "f5491a08ccdd8d75bc4b9097a3e46d2dc7c38235",

"sha256": "904a6af2fd76ad9e2a867ae4ba3ceafe426463438cdcd4085c14751c86e014c0"

},

{

"classification": "MALICIOUS",

"file_name": "test_uuid.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c4477e89de3fb84d7ec44985bf1fbeec",

"sample_size": 41840,

"sample_type": "Binary/None",

"sha1": "e67bf563b4b0c63e72f43616ce56e00a51e1f13b",

"sha256": "713f2e52b1a036a95d5304a15c35a8b21ab97893263fe6eaf0d4930bc4be4b5b"

},

{

"classification": "MALICIOUS",

"file_name": "difflib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "ac87c7694a4af8dfb3573b511790b975",

"sample_size": 85400,

"sample_type": "Binary/None",

"sha1": "626bcd00e32315545ac031504483b14715ebf5c4",

"sha256": "1edda22f5f711c48f98606ab259e5ed6c3804e9edfa7b7b3f91288b94a5c4e97"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_ucn.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "82779106573c832f69d6546f59e680b9",

"sample_size": 10008,

"sample_type": "Binary/None",

"sha1": "95a62197f64abb4c9c24237cc1b09cf90418a136",

"sha256": "a00a40b67ef5ea10737d4f49668c2209291c1a65158b8107d69abe9259b0f42d"

},

{

"classification": "MALICIOUS",

"file_name": "_strptime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "51831ace09258f406a8f1994b3ef7e14",

"sample_size": 25896,

"sample_type": "Binary/None",

"sha1": "ed39f797e5a1940992345b4117792d356e0478ed",

"sha256": "d9fcc382755cff81e058bddf09033f1b5d8369b7875e303a1751da8fb766f433"

},

{

"classification": "MALICIOUS",

"file_name": "test_ntpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "985eeaea91050ac80677cdc970b0bc45",

"sample_size": 36752,

"sample_type": "Binary/None",

"sha1": "008c60cfec0c7cb6c73d1114edc7acee5b4d872a",

"sha256": "fd1ed6f8d3cc7297d75d90350c6697432e583043b0df1aacb3fa96aaea4ca4f7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "md5sum.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "fcb51262793214cf78a0bccbe4198aed",

"sample_size": 2648,

"sample_type": "Binary/None",

"sha1": "96a89873d6f31a9d19082ed54d28ddbf619d94c1",

"sha256": "989d1e45d29fb82b161271fad2dfa6ba0e5b44c62e86a373017823458ae4c7ad"

},

{

"classification": "MALICIOUS",

"file_name": "pyport.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "f5b36e69fd60d45f0f07ba9384803a09",

"sample_size": 32192,

"sample_type": "Binary/None",

"sha1": "fb37113e3203090e1f4253b29470eb60a7bc93c3",

"sha256": "21436f22befed7eebe016fdb398aba2f113dcb94526a8e817930abe7493c100f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "runpy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "9b51bad4bb5f07f144a5b6689da69489",

"sample_size": 13448,

"sample_type": "Binary/None",

"sha1": "cbba87749bda3b85156dc3eb757e1d9c7d02f4d8",

"sha256": "de1b808512c20b83166bf7ab193765ad8ba2da300caa079493562aacbde86e65"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_poll.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "27b6e21d3b6dc2ec9345d2cd10b6b7d0",

"sample_size": 7624,

"sample_type": "Binary/None",

"sha1": "36810d287e09ec9054705ee40b5d29685690c927",

"sha256": "6e9c51727515924e56d3e9800a9e3e196dc3b49ffd2d8060ed2d312594d2da49"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_nis.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "cf6e2d92951bfee6602764b29b30da6e",

"sample_size": 1232,

"sample_type": "Binary/None",

"sha1": "606572de67046389d69d2aab3523276fedcacb45",

"sha256": "337aa5edbd2d54ed5bbec3c668cdf1033576f01145dbf631961327211dd1ee30"

},

{

"classification": "MALICIOUS",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"md5": "af238f030b09f47ea71f0047e4ed6663",

"sample_size": 21512,

"sample_type": "Binary/None",

"sha1": "2185bfabac49addd02ca3b10c67c1d1a5dc0c1f9",

"sha256": "1d6f298e7b7e60a8a28899aea3af53b99a2474baa899a2847c471d0f863906b5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "reprlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "13f7331049c6748a92b2514147c0e246",

"sample_size": 5472,

"sample_type": "Binary/None",

"sha1": "0af04dfbdcea61da17b1374a3489c6f01de1e9ec",

"sha256": "dd69b855055aea741acb67dab31dae937cbfddf43413a8df234015808a5c9fba"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "bad_getattr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "aab66c0b2a30d430cfe4d8a4d3b2ae90",

"sample_size": 104,

"sample_type": "Binary/None",

"sha1": "cf92ed8a4489ccfeeb3ae600b2d7c0becd8e0557",

"sha256": "d56291a768f1e340e9bf053f550ab90275376963e79399b002aa30031cfa8984"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "serve.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "c1fb7f6b390dee9b71faacad189d4bfa",

"sample_size": 1304,

"sample_type": "Binary/None",

"sha1": "531901b0dfe99db9673a8ce6086314d34e57722c",

"sha256": "23d5441583a5b560e51ce9b5ee3da7ea945d0de289549bd17a93eaef0920f85d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "peace.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",

"md5": "798b5d0e97480ff2cd565172d8d9f97b",

"sample_size": 1168,

"sample_type": "Binary/None",

"sha1": "4234c25f2bc8bedc20711e9579ae9eec17b23611",

"sha256": "e5b699eb8b4f5c9393ae0e8ed0c1d159fc5f5b5aef3a78396a89058714316afb"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_epoll.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "e6b5a89b91e830ec7f72085cceb14472",

"sample_size": 9656,

"sample_type": "Binary/None",

"sha1": "1a041df4be1f9c1e3de7f84d57817738e3d5c272",

"sha256": "890761fd71b04c0ca9861d4a87fc20081162fb43f8bf3644608ffa3bd9ecbfb0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "Python.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "46f52455174838d02cefc46dd12eb146",

"sample_size": 3728,

"sample_type": "Binary/None",

"sha1": "769b22ae0189506b31611d6f0048e18762aceb6b",

"sha256": "c34db47202cf3d12f0558fe5740622e6ceef1eab48260e2a8590539a19e3189d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "symbol.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "8442ba218685a92985e6569aaa26f942",

"sample_size": 2440,

"sample_type": "Binary/None",

"sha1": "f9cb4f776361fecb26ad065a50b883ab3075c0ab",

"sha256": "6881f6da9d41da5d2b60f649e7f70023688d652038469eae5a850d44c4fb7d23"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_timeit.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "66a4f2418808aa363ecd59afebc2696c",

"sample_size": 15584,

"sample_type": "Binary/None",

"sha1": "840291da49c5b32edbbe774aecedd5d98e5a75ef",

"sha256": "01e64f66c14f9e5a7d661b816663bed52dd1a27d71cd20877e42a58cac8f82b2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_uu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ce0c7e3fbf8455e0a4118a4282aefb79",

"sample_size": 8512,

"sample_type": "Binary/None",

"sha1": "c25d9911970d3151288d7e63700a650f3c7bca0b",

"sha256": "501a9051e42a2362c830e2c3df67b600b74a14e0840ba3e650be605f3bea8b8b"

},

{

"classification": "MALICIOUS",

"file_name": "test_mmap.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "4d3694fb379fdf697cbd8919ff0ae84a",

"sample_size": 32464,

"sample_type": "Binary/None",

"sha1": "6101c6124a772f45001ddf405b433df4d87b9a73",

"sha256": "2fddca12b6d5294bba9fe9a980ed455f78defdab8127ca0f5862233619080797"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_dtrace.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "13ee7158909f86a9115a4c446efadfb7",

"sample_size": 5472,

"sample_type": "Binary/None",

"sha1": "73fb098668378ca9a6512b47d53149a55acad598",

"sha256": "257f1a9986b438da783721da9b9b14cdc6af5f1b732a3d82fa903d01e316fd25"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "keycert4.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3ff51c878947549f996a42a8a68cefee",

"sample_size": 9664,

"sample_type": "Binary/None",

"sha1": "945a1c5b165eac28b2a4ab769bbad1cefd54cc82",

"sha256": "7abf1c6adefbc9d18944f52a66fc1d0ae12985a9e712a74513f1d08ea2473fe6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "numbers.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "2d71b0cc769f50ba633f49d59e5147ca",

"sample_size": 10768,

"sample_type": "Binary/None",

"sha1": "e13bac5e727c6f421fb0ae90f4d7cb05c27867f0",

"sha256": "21d4ed53768924090d3e675409d3b180863162d0fb0d3e44fe4ddd44525fe091"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "allsans.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "7be9b62b4b42b1bdf343d7cffacb0a97",

"sample_size": 10312,

"sample_type": "Binary/None",

"sha1": "f40419374976deef55694b1fe530ba78cfe20ac8",

"sha256": "c18b08c89776ed699b3e756ae26c9010598e81780862ef1dbbd3c5172e2692a2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "formatter.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "761b6e80feca5d78cea6538698a6805a",

"sample_size": 15632,

"sample_type": "Binary/None",

"sha1": "73bb241894fa18288eccfbf599da84a1b520eadf",

"sha256": "4bd4e0204231ffda2421bf5099eda1ede56fba06bf21a3b82bb0f030602d4764"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "TODO.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "911a5d127af31a8089ec19766fe0864b",

"sample_size": 8728,

"sample_type": "Binary/None",

"sha1": "5924193c99876cc360e1a6d9e628a02a393e073a",

"sha256": "2b7b7d73575b69bc079326c383ba48e14a716206d2ea2658393572e340a20643"

},

{

"classification": "MALICIOUS",

"file_name": "test_site.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "caad29ebaa49e0b074c58f9f975dbfff",

"sample_size": 26512,

"sample_type": "Binary/None",

"sha1": "61ac0c09960b72b6528e142c9c81f4a06a350990",

"sha256": "222cfbc6a230e102101fc132d7e624e220bdb3a675e5c43e7d1addaf2c7269e7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "fileinput.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "09ba580bd07b25e7bb058898264bee7d",

"sample_size": 15264,

"sample_type": "Binary/None",

"sha1": "cb1b73504268c288bcc63f4ebe682a70062a3da2",

"sha256": "abb6758aa6920ba1294224cca033e005eba55db6ecd9b645e883bf789790e628"

},

{

"classification": "MALICIOUS",

"file_name": "test_clinic.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "bbc679a6cca808b2e61fe6eba627078f",

"sample_size": 22888,

"sample_type": "Binary/None",

"sha1": "af7f8c29b8b9413ac9042f4eae1ce74d68925246",

"sha256": "e01f668519a4f2acaae62dd4aeeb402b14405a555b67f7b04d28514bb063e0bc"

},

{

"classification": "MALICIOUS",

"file_name": "schema.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"md5": "16889e99e43167cea23217dc74c47d76",

"sample_size": 82624,

"sample_type": "Binary/None",

"sha1": "a1906063991b3dfc0476b3b47890c9b26f141a75",

"sha256": "9057307749f2109386d11d8c13e8ab82b0270cddc409242d0f7c8f041b1cfc4b"

},

{

"classification": "MALICIOUS",

"file_name": "ipaddress.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "fa6e4e69437b1981151022ec34442eb3",

"sample_size": 76936,

"sample_type": "Binary/None",

"sha1": "fc56e2e8d559c7cf1a97955b5ca565d21bc4acd9",

"sha256": "e67b97b4122c5c346e75ae8c261e4e048d7297b1ebaecbdd64862defd09d2d8e"

},

{

"classification": "MALICIOUS",

"file_name": "_osx_support.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "3630c93ecc68fdca0bccfd410fa81dcd",

"sample_size": 22392,

"sample_type": "Binary/None",

"sha1": "2936c31ce52122908e78909d50f6069868aa8edc",

"sha256": "4aab2db84316a0d3eb8f57a3cc74b0c048deea3c582154ebf3a6157f6858e2c5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "dcb493d8cbe8c5adac0fd33527811c8d",

"sample_size": 20416,

"sample_type": "Binary/None",

"sha1": "009e49bacbbd8cc737c9aced1c1d16de181baed2",

"sha256": "03f2c13428d73da63c7c35d6c39ecbc33a8c2d43a90eeea8de0449b381ea504f"

},

{

"classification": "MALICIOUS",

"file_name": "warnings.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "bafbee4d7e8522eca0acf66dcf080ab2",

"sample_size": 20280,

"sample_type": "Binary/None",

"sha1": "ff57a13d6868c43834c3bc8e189defe4a353168a",

"sha256": "50752e70e762aa62639df374df90b70fcd6d85bbaf72af2811ebd8153f7f405a"

},

{

"classification": "MALICIOUS",

"file_name": "test_cmath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "eef3fb2240a3b27e05fb46c10a69f2d9",

"sample_size": 25328,

"sample_type": "Binary/None",

"sha1": "bbc3d018f44c74d693135886feae23b598d258f2",

"sha256": "79643d366051aa27f142d9a43d1fd3e8a518db3bcb59da38ade7a30311eabb35"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "complexobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "5f4752edfb601a17dc88ab53e989da4f",

"sample_size": 1912,

"sample_type": "Binary/None",

"sha1": "a300ae5e72784939b8a151173aae793543d37e56",

"sha256": "35a07e579eeffafc96c4a59ad7e9890f5d79b2089135e44471966d2f3ea40812"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1006.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "fe959ac1cd8bd302b87cacb7a993061a",

"sample_size": 13912,

"sample_type": "Binary/None",

"sha1": "3f8403e7f5a36982084f19aaaaf2fa14fc7647f8",

"sha256": "757c496bce358e2f6afe63f3d0ebbb88803b2fd308dc8a4d184b6d1087505104"

},

{

"classification": "MALICIOUS",

"file_name": "configparser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "4b30dca69595b76e5dd88e0f10a11774",

"sample_size": 55992,

"sample_type": "Binary/None",

"sha1": "7edd70667e09ea5b4bdcac16d6d325c1106639f0",

"sha256": "a2ce23196318e68e4e94771243ee5b7e740faee7c4289fd730fc44904e5e4895"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "msapplication.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",

"md5": "a1948cb7ca07338189b0b41ab9d7e329",

"sample_size": 416,

"sample_type": "Binary/None",

"sha1": "a8c4c10b479e7f43d01d3753bed9e72e7ccb4307",

"sha256": "01c861d441f5140db8594622ff2f1673e6199f5881475870229515655f6a7660"

},

{

"classification": "MALICIOUS",

"file_name": "test_curses.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ae2a3efe91201eb230562acf8f5e5850",

"sample_size": 48736,

"sample_type": "MZ/DOS",

"sha1": "6aace8f340abdb4e2abb8784555207704b5a39d7",

"sha256": "7c8174e994eb813c6c0dec3bdfc008d674bf47bf7e645d766f38cb95492e9b53"

},

{

"classification": "MALICIOUS",

"file_name": "gzip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "613ddeb33487b303fdf99e8532ac08da",

"sample_size": 22424,

"sample_type": "Binary/None",

"sha1": "1b6203ab0e58de99d361977c489be2001216b53e",

"sha256": "a86576e8557be61800794e4662ad69299042501ebe400e8d45f8839b87564f29"

},

{

"classification": "MALICIOUS",

"file_name": "codecs.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "c41b7945e58aa82086ef6abe3baf7e8e",

"sample_size": 37840,

"sample_type": "Binary/None",

"sha1": "72972802b935fd94197a8b631d66f2a046d4c9b2",

"sha256": "1f966a5fa6d713ce395cc31728b03b6a181adef0406544247ecc7209ae1ad1f6"

},

{

"classification": "MALICIOUS",

"file_name": "cp852.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "6cd466799e2d09bb67e52e165ecfc13e",

"sample_size": 35744,

"sample_type": "Binary/None",

"sha1": "2f7060a32baf3276af7f6532e8bb77018b28df3d",

"sha256": "aa295286aaadb11267a22447e7a8dffba7909567c2a4f6d15d3954c47ca2d836"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "secrets.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "67fe873044660b749ecde0ba02326f70",

"sample_size": 2152,

"sample_type": "Binary/None",

"sha1": "c8e0dd8bfdb151212049f4b5cbbc61db61acd2b8",

"sha256": "6da9c41b0be537ffe5da75e94ecbca17cc9e15605e7a59526d5d011a0ec1a79b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "keycert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "08ae4efd79b02593151e0f95bdcf7225",

"sample_size": 4168,

"sample_type": "Binary/None",

"sha1": "548ea5fea0b25fe637e60e42a87df05c61eb06ce",

"sha256": "9f15c9a3c48f9f36f56e0062e2aec1362c3250ff4bc508ca5212d2f532afa77c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "badcert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b59225f9ece54cd3debbe544cea38594",

"sample_size": 2008,

"sample_type": "Binary/None",

"sha1": "eca2a81b919ccae2cdcac97cc442769e108ecedb",

"sha256": "f0a1451910c6f017a5aa88eed219bfda5bb775fe796021de46b573b572d97aef"

},

{

"classification": "MALICIOUS",

"file_name": "feedparser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "7fb7399a4284a8b4b052c2d245ebafea",

"sample_size": 23360,

"sample_type": "Binary/None",

"sha1": "f914b142133e8072232b7004590f5864a4a1d36d",

"sha256": "d615a8ccee220fcd92c24ef6761b1bbf9d0ec0bb8e7e7e4b1cc26b5777a828df"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_xdrlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c24c69c1460cfaedc750612b51887d6e",

"sample_size": 2344,

"sample_type": "Binary/None",

"sha1": "c1a7c7b09f22bbbe3c4fbaf0e7167d6f0d363ec7",

"sha256": "c19489e7862a221bd730c043928d408e6c6d73468eabd4823af6f76840d24b5d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "kz1048.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "7d3a05eb1819a6b8e6681c10930109b9",

"sample_size": 14072,

"sample_type": "Binary/None",

"sha1": "906abe52aed82f0b92a6eb49ac75107ba6a05ebe",

"sha256": "7edb243634918ec16ea63fc6193ef0748490b0fa02b2d75447a0568359518b27"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_idle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "bdf1565e7eb9afd5d1a06687279b49ac",

"sample_size": 1072,

"sample_type": "Binary/None",

"sha1": "4800ae11a3430796ff69db0835afe35708913f41",

"sha256": "c005cb6e258bfbe98e5adf7c8e38fcce9d642833046429da797b5e399f5ac922"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "csv.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "18f507bee42feefb49ad2b9819007a04",

"sample_size": 16632,

"sample_type": "Binary/None",

"sha1": "a94125b1b48f47c96c4759cf44989068c9d74c9b",

"sha256": "e3335eab94b890e83cb7528c17e0477a547d79cc91cfc2909b23090ea9c840d6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "operator.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "456f61450e22f9e06dada81524d4d87a",

"sample_size": 11248,

"sample_type": "Binary/None",

"sha1": "dec421328bb2ea5233a6f8275116aea310aeb02e",

"sha256": "0e1218d801db5840b384d028d1b54b8c3dbcbbd4a3c5bd200f5c0f25580b0147"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_shlex.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3be3375b1aa18e8ab306f82e4ac39310",

"sample_size": 14216,

"sample_type": "Binary/None",

"sha1": "47ed54f0537dcfa92a50380b804d185061ac2215",

"sha256": "10d97cd751634c7ce6c0f64ab8f108a5eccbc10207d696ce718cd16b1d4a58be"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "eiffel.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "428f641ee77363ff4bab3fbd88202908",

"sample_size": 4096,

"sample_type": "Binary/None",

"sha1": "898e4232f06f8b47aef01ff3672a03d10ea87a4b",

"sha256": "af9d9537a2d29494454ee776cee486acb28416c8eeb5b9b91c9f286a822c8dd7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pythonrun.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "232e9419549781cd07da0d9c6ab44ab3",

"sample_size": 7928,

"sample_type": "Binary/None",

"sha1": "4ecea3b7fe916cead3b257eceeef0e22f2bc21db",

"sha256": "5173d5da46f13a5185f98fef65c812d86479fc67f38ff4748b1e16c012b8c11b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"md5": "fbb1af8234ae7d455a41e7d168899a68",

"sample_size": 14296,

"sample_type": "Binary/None",

"sha1": "549d202daba3ef470abd2530f2230276e28144c9",

"sha256": "24cc4d3267e3429281fa0f5195e3d68e3e288eed883ca25b3e956a5b57aa0b3c"

},

{

"classification": "MALICIOUS",

"file_name": "test_pickle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "0ea9581b0d33a015f157c2cba09f8afd",

"sample_size": 19976,

"sample_type": "Binary/None",

"sha1": "76e0f893d8c97420473fa4fd986460d2f0428c65",

"sha256": "fff0ec1d24d18e364a2ad57dd167d901ac9443522f28af0ee8c3996dd16f6f60"

},

{

"classification": "MALICIOUS",

"file_name": "plistlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "35f42906126c7fe8e095a27680c2ff76",

"sample_size": 29192,

"sample_type": "Binary/None",

"sha1": "44adcb0d63d6ee4d131fbf8b53abafde94dc6e29",

"sha256": "39a5a853d1607b80647093db77995014949855a68b4349e05991e8d7fde527cf"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "fixcid.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "784de6f0a7e2e656b0226f2954b73071",

"sample_size": 10520,

"sample_type": "Binary/None",

"sha1": "37af98fbf444711019b4c8dad0d05006bd42b0c0",

"sha256": "3c98dee435faec13def58d8f24f329907672fde6311ff9db166abb0300335f1a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "Grammar.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"md5": "a65a007c963d2c51b4743b6b1a28494d",

"sample_size": 8936,

"sample_type": "Binary/None",

"sha1": "263003accdd46f055306f48c513e513947e6fd18",

"sha256": "cdff580c895d6d810a034f12cc911e79bd3c8b57c04eba6daf1729785cadf61e"

},

{

"classification": "MALICIOUS",

"file_name": "mock.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "9ae2ba358ff3c504d4979f533fad45de",

"sample_size": 102152,

"sample_type": "Binary/None",

"sha1": "873a72f86f6d542ff3e0be0e9ab041658eed5c8f",

"sha256": "fc3ae5358df9e1ed546b161ffb9a9a20096b5ccde92d1255d8b4161e8cee931c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ndbm.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"md5": "eb55b810c9919a8af2b8f7a723020c59",

"sample_size": 112,

"sample_type": "Binary/None",

"sha1": "19edbdab9b21d9a6a3e6549bff29b33e1b9af358",

"sha256": "15a8ef152162f5a836a658a1bd6b8d18748e066dc281b1b8a2ebece544898d29"

},

{

"classification": "MALICIOUS",

"file_name": "handlers.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",

"md5": "b71025ad1d5e8c1b0f52e5147621b30a",

"sample_size": 22280,

"sample_type": "Binary/None",

"sha1": "c9dff191a98c2b4f89c1039b3fff4156d83fed84",

"sha256": "35522a7d1b1a3d175a51bdb78907dc56aa3effae12225cbb3850eb4fe05937c9"

},

{

"classification": "MALICIOUS",

"file_name": "tarfile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "2025c3c3f53d4821feac543eca335f0a",

"sample_size": 97776,

"sample_type": "Binary/None",

"sha1": "adb8c2f11aa09860b0fd298dfeb83e3b690eee8c",

"sha256": "7283cb47bca324cc649ebc236b87aeb01c5f8000d2562ec538597cf089b5e4ab"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "osdefs.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "147bb6d0cb61efb4d8662f3b51eb5080",

"sample_size": 832,

"sample_type": "Binary/None",

"sha1": "89e00fdf8bdde8f81aa59b9846b58b4fdfbc36a3",

"sha256": "2c7196859729fd65a703c224dce2ef069002201e8128347b0a2d52427b28e380"

},

{

"classification": "MALICIOUS",

"file_name": "case.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "fe0c8bc641812106c52a8c717591a71c",

"sample_size": 58640,

"sample_type": "Binary/None",

"sha1": "0f9eb51d45f6be0f0cb6d56dc41384db040f71d2",

"sha256": "ac2c2d3b3de55a112db28242d6264d06f06d206856081d43cd5c71ab9d593185"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cellobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "44d432dcb10813c2c4a2981cf1b1ce78",

"sample_size": 784,

"sample_type": "Binary/None",

"sha1": "a0b388492945a77bb363452942c18343249d3785",

"sha256": "e6fe40ab6ace2063b0fa054f54125a3ce8385c39c547ca3acf9190207faf6ae4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "tracemalloc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "a1e6893c2820f121cf4fe7ca6f0587bb",

"sample_size": 18648,

"sample_type": "Binary/None",

"sha1": "aafd6ac88f5df11bfe3b2f1c40dc2e6bef81ddcc",

"sha256": "c9535daf4b02183b97d6086237c1367088be0adeb83911ffd302d988ba0e531e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "eval.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "98cdf78e94bbea864d2d6e33fcb91450",

"sample_size": 1288,

"sample_type": "Binary/None",

"sha1": "1dbbf331114cb9d0c672646a916c4174ff2f06c5",

"sha256": "b8925a659b92611f15a77cbd3bbc386d6d46ae571325d2818b3f4edca9a2506b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "6108f9e4e4d7aec582ee7a6d338c8794",

"sample_size": 1872,

"sample_type": "Binary/None",

"sha1": "98db0c1c6b2f6d77242c6ae8d8cef13edf7f4adf",

"sha256": "c9f6a8b332b4bd23b1e67502c78dbe7631ac33f7d472b77929dde5aa677d9a2d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1257.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "007ce8c277b7b74830886a1c0f6fb653",

"sample_size": 13720,

"sample_type": "Binary/None",

"sha1": "6a3042a8c0d657d6bf36d2b34a2bbe929ac86199",

"sha256": "08eb8b6f8648d7db1c7032256295ecba9761efea8628bacd65c626139a8ebf14"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "replace.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "8e680f68479554c0834f3a118272d847",

"sample_size": 10144,

"sample_type": "Binary/None",

"sha1": "51231cad7b65fee330e81f1e2a6d2c4616f76457",

"sha256": "66953a4bb442476b68b308231ba7eb6be38ed3b7534a9a0890a4181b736bfb37"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_common.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\zoneinfo",

"md5": "d4494a7c5b6511f43edaca16d44ba133",

"sample_size": 5528,

"sample_type": "Binary/None",

"sha1": "90b5d1a1996ab126cfb4c0c948653fc15e019c64",

"sha256": "66cd9802d30e435b734f444b66655b34052d9ded98d769a8df2fb0b80e68989c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_slice.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "569f76a5c3e709464022d22e272889ee",

"sample_size": 8744,

"sample_type": "Binary/None",

"sha1": "56426d38f3bf485f6414198f91063e92e9e53413",

"sha256": "7d74e39d40e666374cbcf193fa3437ea61e85002bde8ae27c5cb7bda8cf9ac93"

},

{

"classification": "MALICIOUS",

"file_name": "ast.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "21be9ad49cbab31bce530ae611676db8",

"sample_size": 57816,

"sample_type": "Binary/None",

"sha1": "f2c7ebc41bc02a0e64a75e14f6af0dfce535f8a5",

"sha256": "37303936a6ecd34b08c3a85b4ddd330ca5993917f5f74b8448db66cb8ce679e7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_wave.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "62bd3bff519f8350c668e198b952a02c",

"sample_size": 6904,

"sample_type": "Binary/None",

"sha1": "0715e75f8b2a03d077c926c3a14b60482994e813",

"sha256": "71a42747d4341bea19fe1b46c0eaaf2e519642cdf463cca492b71631c838ec6f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "string.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "95721cb5004e7aa8f53edf36ec21ac0f",

"sample_size": 10888,

"sample_type": "Binary/None",

"sha1": "b94d0c84b67ca661c313c498afb072140086fd86",

"sha256": "a1e9dcbea07812aa7de6871301bfa08ad13aeb56be87fef0e01ca07b9630c405"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pystrcmp.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "ae2f6f4333fbca051f2394d7f5f85e02",

"sample_size": 496,

"sample_type": "Binary/None",

"sha1": "7b3adad73f1f758b31369ffa5f3b251c5b3afcc1",

"sha256": "7203884875f33c890f3d17dd20ae2d3566bb020689c9d83429687dfe836123ab"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_endian.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"md5": "45a53aadf7c0c0626082b8dd4bb46e37",

"sample_size": 2104,

"sample_type": "Binary/None",

"sha1": "b5fa6c42bf0109bca6237ecf943e8a46bd6f2e91",

"sha256": "2721d4865ebe0cfb24edc2279b717d0b2ddcd1d5aaf624db492e27e13398e6e7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "queue.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "bcc03246744b38e7a0f73300c1f42870",

"sample_size": 11864,

"sample_type": "Binary/None",

"sha1": "adb2615f7ef1b39f6bfd89397c6ae751167c81a9",

"sha256": "445df1e324dfe5f7c700997d917d6e9557be38152b2e3f5efe2d756dc3445801"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_popen.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "26b6a9e8c77222de31e32551f25cf721",

"sample_size": 2160,

"sample_type": "Binary/None",

"sha1": "729c819b73b73b64de6150e30b42a4cb48e01a91",

"sha256": "21b9c41229eccee417565cce40b8f3341a9fea153ebca77bf7ba5f11227558f0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "listobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "d98e418bff0a138e2ede1d55954f49e2",

"sample_size": 1872,

"sample_type": "Binary/None",

"sha1": "ebd52182215f21aebd3fbe16d9ff741ca0fce936",

"sha256": "5bea23779b2c59220cde0cb273d97b79248b6e7cc4c8ba56c324c9579d93f6cd"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_wait4.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "7d560d245d5104bef367780d4bb70dbc",

"sample_size": 1272,

"sample_type": "Binary/None",

"sha1": "168db583d9380e68d24f28ecbda9e1bc91d6cdc7",

"sha256": "4dafd3c907c25e79098eca1bf92edef0d1d6a97f9f46229759c6eac64aac3260"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "tabnanny.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "347b82b2847137e546b503e01a1ce36e",

"sample_size": 11784,

"sample_type": "Binary/None",

"sha1": "46df1885168b384e4719a4feeb04f2cb800055c3",

"sha256": "7102a59f6c2a240d8fde7a18a8e83e6fe4893a9e9e621be9aa4b31ea710552b5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ceval.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "53cc7b7ebe1b9438c5c076c258d4a91f",

"sample_size": 6160,

"sample_type": "Binary/None",

"sha1": "13466c2a9bfc43ce832c4f227e8e4b9a801dcbe7",

"sha256": "177e80eed57511319fa8b1a7dbf9dccc17991005674ce6311efde21124d9d1cc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "filecmp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "6b296832b511dca2d3872bc3b4a04af8",

"sample_size": 10376,

"sample_type": "Binary/None",

"sha1": "e4ea237e95fd6d50207837aff3608d8e698e9b13",

"sha256": "ada29e694d2da6f848e9ed0b6844d441a1d020076fdc6cbef1411101867d832e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_pipes.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "cfe9b01c2ca47877537907764b3a6cfd",

"sample_size": 6952,

"sample_type": "Binary/None",

"sha1": "27d009ce9863cb81aba14b569b4b97cb16bf296e",

"sha256": "8d1154f7e9f94aca5296e6109e79c41bb589648e9292f12451ad9e1b4d5b70c6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "rot_13.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "84b2595bb47d92bf3aa0502f453d08db",

"sample_size": 2600,

"sample_type": "Binary/None",

"sha1": "b8d1ab8cf5c905dd85e01a3bf655f5006254251d",

"sha256": "fa933dc25a340ff61eae7f48ea6d0d4dc3266f6b7ddd9cae71522fac0e16e260"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",

"md5": "dbaadc0b2a6f529a20ebe1f817bd112b",

"sample_size": 15440,

"sample_type": "Binary/None",

"sha1": "62227329a3fd2bcd6f60ef1f5a1159becdca795a",

"sha256": "c7b8b96d086f8a85cf1aff6006e1c81cdd32f109d3f4016ebb4d2bd85ab724c6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_pstats.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "913857301f85d49a5fa983bbccb48870",

"sample_size": 3784,

"sample_type": "Binary/None",

"sha1": "ea1472efb0e126b72229b3203e919cd6edaad04d",

"sha256": "c7936ce1bc3d8dd6d4403f3502dad12e048cc9b328864d6d994f9ceb8b99db38"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "symtable.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "93b677a3471b1e0556743eb3850bc5c6",

"sample_size": 5472,

"sample_type": "Binary/None",

"sha1": "4f042f89eab4235d886d14a744551818aa062ce5",

"sha256": "c9f628c1a8b089c0edfa49d2fb87ede13d5ed903f3425d15662add850dbf3049"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "decoder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",

"md5": "d9d8ee040854d1541b1902694c78770b",

"sample_size": 12872,

"sample_type": "Binary/None",

"sha1": "77635994701cfcd5ded2736abc41f0fb332a8fbe",

"sha256": "37a3fae51f8c628e28043607c5a55a19651dfcfcbcf05867fc81909d70576f21"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "panel.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"md5": "b407b84fe419a3e623f3c345fc32c7b9",

"sample_size": 136,

"sample_type": "Binary/None",

"sha1": "353c56f782198e0431bf1750fc16e5c6c473fcbd",

"sha256": "2eba029733b728e685915b99bc54c017f70278342f2c85b0174a83fbc1897c89"

},

{

"classification": "MALICIOUS",

"file_name": "debugger.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "801973c054e4684cd39dac1ebeda5093",

"sample_size": 19696,

"sample_type": "Binary/None",

"sha1": "dbf4762979aa891ecbf07b15ac194e948f97ce42",

"sha256": "14a2389af8bbf686ba9e68fbbb64338bb9c7a5150ba8bbdb1195d1b8c793fab0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_thread.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ef25b439c9374b85aa6a31938922a716",

"sample_size": 8936,

"sample_type": "Binary/None",

"sha1": "61b6f2989df64e0061f1c4632517853e539ef8e7",

"sha256": "f35d267ce86ae3c7af2c48c0a2a92ee1baf62bc423e67ca7b257bc0220fb2b45"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pymath.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "3d66b0d6c2412c38c274096f7e6e3580",

"sample_size": 8856,

"sample_type": "Binary/None",

"sha1": "54112bd964ca4b01f30d001ea235d501edadf888",

"sha256": "96d5401e38762acbac297d8ea34ade3a0b9f1b36f887bce65cf54e7a3b562ba4"

},

{

"classification": "MALICIOUS",

"file_name": "header.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "ee29df90f4eb62411922f426058c528f",

"sample_size": 24720,

"sample_type": "Binary/None",

"sha1": "2fd1fcca743851036653307068db66bc042b3393",

"sha256": "179f22c0554c488993758edc819f1098db91909087a6537ca2a2ca14b71f3923"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "base64.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "0631e66a08401f6fd8919e0722a23260",

"sample_size": 20480,

"sample_type": "Binary/None",

"sha1": "4127bf098fe896d591c7d431f9abc5579969d1b8",

"sha256": "c937d294cabda9321bd037fe505d1458a980003d595842d0c010159893543366"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_dbm.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "00b04cb11a54050d0bded60b7fd7d645",

"sample_size": 6456,

"sample_type": "Binary/None",

"sha1": "ca0c405a34f122f6a7f4d7e103597b4a3a139ba8",

"sha256": "a690e5ce7c6a903eaa056ddf3c0631fa45ce43b8f5c0736666cea9e57775aa93"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "766da2c6798b190b7d963cd07894980d",

"sample_size": 448,

"sample_type": "Binary/None",

"sha1": "c258e3482c6d5738bbc25441e9fd2ca8430a05d5",

"sha256": "9eab7412cd335f727689709ec1ada8e9d259194719ae4b80dadaaae2abb740bb"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "koi8_u.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "fbd6073090e688339a45a6a99ea2c26e",

"sample_size": 14112,

"sample_type": "Binary/None",

"sha1": "934303939601a9f26de5ac62ce5d3f3b81fc2731",

"sha256": "079feb31b7e34b1f9677cd84cdae88c044fd53b7d1b3f93ad91c1455cf98b85f"

},

{

"classification": "MALICIOUS",

"file_name": "profile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "e8a1bba7eebf72a968ab8c71e1d056de",

"sample_size": 23520,

"sample_type": "Binary/None",

"sha1": "b8ab5269b04efb0edd6d75aa4929c855ab694a56",

"sha256": "97ed5eb0d33671b7efeefb85d22375aa14893dcae94e04a7f853723c7674ce0e"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "glob.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "cfc2c957dc972f8392853f6113a085dd",

"sample_size": 6040,

"sample_type": "Binary/None",

"sha1": "9f73967fce9dfd1906cbc804a37b72c3c75a1c1f",

"sha256": "83b2ed1e5af2c7d0202b70a676348164661aa34072543a784b49ed51b8c3e084"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "koi8_r.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "c8ab92a8312e64a642620626efb2f4b7",

"sample_size": 14128,

"sample_type": "Binary/None",

"sha1": "893a7c7b59bd00a22f639dc7b17d4759389d1071",

"sha256": "955cfda1b6c1a463561c56ccefadd673cdfcf0b859532d717c0f64b9f6a1417a"

},

{

"classification": "MALICIOUS",

"file_name": "test_tuple.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "57f43d7f96a9ba6ffde4cea81fc6ac16",

"sample_size": 19832,

"sample_type": "Binary/None",

"sha1": "5bb9aeb54eaebb67525a0372244a7bb1d866264b",

"sha256": "20d99f61eb0fe3c28cc375c25cda6a75e5a30e0a10975f58c0209b529768a32b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "structmember.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "17d5f8cc649e2838909c26a435b909f2",

"sample_size": 2144,

"sample_type": "Binary/None",

"sha1": "efd24571f96b7b86c0a9c08872e9009fc54b3c05",

"sha256": "c71f620efcf56e0cafd3a9576fc77f009ea76aba7f0e98da6f70720ed6c1b60a"

},

{

"classification": "MALICIOUS",

"file_name": "cp437.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "c23de8e3508bb0145ced4e409cbb2e00",

"sample_size": 35304,

"sample_type": "Binary/None",

"sha1": "8362d6685b633f5e73e7ca048b074d00df31219e",

"sha256": "77e3338746a7b3b1899797c0bb34b9d5d6ef962c648a2d7eff235b076d45e774"

},

{

"classification": "MALICIOUS",

"file_name": "test_float.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c7dbfb93418f3df543e8359979169ff7",

"sample_size": 68608,

"sample_type": "Binary/None",

"sha1": "1987cb19a8057dfc459d70cac9ea0b7357c0aff0",

"sha256": "ce332a9270fe920175eebd155ad9187f89839548522a83ee83a8b3afebd32bac"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "lzma.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "071995617f04c552dc0aeca952da8517",

"sample_size": 13624,

"sample_type": "Binary/None",

"sha1": "b6a63d0846e187339d1f42294227622f64a9fe0a",

"sha256": "25d9ab8fa8b261e74a890195ef8e7e9480af1f412a23919192ca9556f9c39dc5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_poplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "61c510f0af2d4cae0238de0a987a1109",

"sample_size": 18352,

"sample_type": "Binary/None",

"sha1": "894720bee7de0186445617e662be7fc890893472",

"sha256": "8c4d559f617adb83bcb40d93d841f11b34b619ba721f4ca842f98f6f1bdbd56a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "redemo.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "14bd7d7719b86ff0bb30118ec9c0a67b",

"sample_size": 5960,

"sample_type": "Binary/None",

"sha1": "f45bd83bc0f1e6ae51a377cf2e54de2a3427a963",

"sha256": "ee9ee581f3a1f2a08172a68def910d6a266f6ecd1dd79b07a3878e366aba7298"

},

{

"classification": "MALICIOUS",

"file_name": "test_copy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "620073c56def16c3b96967d221f00b51",

"sample_size": 27552,

"sample_type": "Binary/None",

"sha1": "9f234e5b676896201c686165705a4fd53ed6a757",

"sha256": "bcd329f5932884b51af9bdda9a96584c63ef278a4c4a2d20871510f395ba9229"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "6aef86385eb595f3ec4505e72ecf0360",

"sample_size": 88,

"sample_type": "Binary/None",

"sha1": "592547a9b3e1ec7d4444e54e2a25b20c28b31d56",

"sha256": "0535510eda7b8edd4c128f8c35b5e391b0034538999b8074fb21c7558d6eb680"

},

{

"classification": "MALICIOUS",

"file_name": "posixpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "6558fd4cc6a546eac0108939b1c74a4e",

"sample_size": 16288,

"sample_type": "Binary/None",

"sha1": "9e5160b0616afd097833e1a67470b34b1c932887",

"sha256": "befe7af1c70807efe190f278d561a42162aedd4d5e62d6b417a0c8ab2a84e7a3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "clock.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",

"md5": "72aff96b317a0b85e1e47bf3343489ea",

"sample_size": 3376,

"sample_type": "Binary/None",

"sha1": "0551beebc3d5511dcd6107e2bbc68c58136080fe",

"sha256": "f35f5f00cc0c88dfbc98646b8c23d45be897383a639757090979ad4f3e60d2bd"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ndiff.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "d2d0a62e7821de3ad17f0777d4541f79",

"sample_size": 3992,

"sample_type": "Binary/None",

"sha1": "198d2484fdd46e9724ba0fcc0b83040b9207d991",

"sha256": "bf778aee2f97f0d1102b350f48ad89e5735159efec54049746e3b5cf475a1fe7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "mailcap.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "74624605edb8c62732c3e368a83f3c75",

"sample_size": 8472,

"sample_type": "Binary/None",

"sha1": "521908d933ad77e3888491cf94d49352fd4ee1bf",

"sha256": "94e35986b8623d4c4eca21d13746b0a7c4757b6e80cf64d88e5aff164de520af"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "google.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "cee5028dffa1d03e92e5b2b3946490e5",

"sample_size": 568,

"sample_type": "Binary/None",

"sha1": "6665a43dbeb3acf28726b16c175d811bb6b26dfe",

"sha256": "6c317ceee06a7f11e9121a6681a9c227c1a4b243bbf949748d6ae04d5e68655b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "imghdr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "364830de676b260f64bf37ad4859dee0",

"sample_size": 4016,

"sample_type": "Binary/None",

"sha1": "dd920d8c06a92b7dd07d05d5de3b7d6ea2dd49c6",

"sha256": "8cb30fcfd58a6b7f030fe9b4f0868172bc39058bbd8e0fcde11905c41acf7f22"

},

{

"classification": "MALICIOUS",

"file_name": "ttk.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",

"md5": "8f34267757d882632d6fcb5ba2714ffb",

"sample_size": 58840,

"sample_type": "Binary/None",

"sha1": "32d182adea22b8792221a203515496c09573553d",

"sha256": "92e8c2f1653e6da58851c602511135ee38083bdcc32cce839b26fbbe070c31c7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "gbk.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "7a237c8f8dcf9f613eb1abe11d01a1a9",

"sample_size": 1096,

"sample_type": "Binary/None",

"sha1": "308291588246ccc1a94c5a647486d0e6eda9194b",

"sha256": "fb55c866619ce82abd07dde2b0dde759867eb6e5495066242cd9900008c3d49f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "structseq.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "b434f8c6536a58315a68e41acdf37f53",

"sample_size": 1480,

"sample_type": "Binary/None",

"sha1": "ae1316981b93d18f6b3498d76e66728608a05e40",

"sha256": "c93680ae4d27dc538fd1892fc0bb2fcafda9018d40cad8dbdb7fe466501d78ca"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "audit-tests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "7c9f3e6fb2a6fc4c6efd468c84faf37a",

"sample_size": 10352,

"sample_type": "Binary/None",

"sha1": "c1b71a88b341c38c3b70b178d420145b0bea6c98",

"sha256": "6828086d3228ca2d44d3e8ef9969f590089fccd5abbf0d574854e738f7d9a917"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "fnmatch.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "4d091b8a5e7639e496dfe0f0a59216cd",

"sample_size": 6224,

"sample_type": "Binary/None",

"sha1": "4191d80475a399778771f8612037e2d345fa940a",

"sha256": "f3b6f4f1d555352fb7e4e03d4519f0fe96e77b4ff6233ad52c4c99cd34c6ce10"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "queens.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "6974f8549cee36704585acf09cdba9ba",

"sample_size": 2392,

"sample_type": "Binary/None",

"sha1": "cc79324f56e2a0923d21a3ac192a6c48c6033730",

"sha256": "fcd12d593d051494a559f46bd53e7f72dea5bb834a8697aee400beba6d924a7a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "quoprimime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "fd490a5b38b0a3a0c73ed2d1e8041b4e",

"sample_size": 10200,

"sample_type": "MZ/DOS",

"sha1": "6a099d1b9e8fb88bd4296cc384f3addb8d3d9df8",

"sha256": "a5c6d72f7c69becb278753abb87c06d7a74b56aaa06ae8aa59439a221e6fde4c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_codeop.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "e0bd2f349e09fe50241ca4e57567648b",

"sample_size": 8816,

"sample_type": "Binary/None",

"sha1": "f090549f923ad65f1e3960d8d65f41164aeae669",

"sha256": "03b9540d29240c42b42d24ed99f7c3af6da243fca5cd95fc38f145545afef709"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "patchlevel.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "d1ce3c47010e059d54ac797b058afb2b",

"sample_size": 1376,

"sample_type": "Binary/None",

"sha1": "abe19bb7ca869400031623a72d9f00dd2078c446",

"sha256": "382017c73c824badd623f3b6e63898852cfaafb797ddc490a514ff72485ae1ce"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "codeop.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "1932c60a57decaf1f915a5bce00fa37e",

"sample_size": 6544,

"sample_type": "Binary/None",

"sha1": "55e4f1e5bff75d05db1f37b546ffb4b0eef40c8c",

"sha256": "21e043e74ffe2d69905d36c91e126e82cd461d3bea29cdab046b3e1e62773b67"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_crypt.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "0cfaa91f08222757e5f5dc30da85c266",

"sample_size": 4392,

"sample_type": "Binary/None",

"sha1": "0aab8ce6cc23249875c30fb05c3dcb4dea953122",

"sha256": "5b68eee8549f4ade6783b72512ad0c1e0e824a77b28381df88641ea00efa8dab"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "code.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"md5": "ed831fea262d534bf28f8dd3f3466f64",

"sample_size": 7192,

"sample_type": "Binary/None",

"sha1": "4437fc239f27a97a49f84fbab1e4f2773f9304d7",

"sha256": "8dd4b1759a29553c870d43f7283091132688e34a94591d45b03408c9c6c2877a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pyhash.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "9a08377d25ef15fec3158ea12b8f6f15",

"sample_size": 4448,

"sample_type": "Binary/None",

"sha1": "d5f04638044b60af265ac7fff93fa5f84c2cb8ee",

"sha256": "a97038bb1ce3ee27694a2530fdc4e0fc9ccdc1f94c42a1f66b2a25e7c25c1fb6"

},

{

"classification": "MALICIOUS",

"file_name": "random.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "3491d1842035db52ba57f94a3037be59",

"sample_size": 32416,

"sample_type": "Binary/None",

"sha1": "6c5c6c6cbf166ec5ce5f72767fd62082d00fdd01",

"sha256": "d1215dc08bf0df8fc9bf8da9e0c79f1c751465330711c8466abf96e0bddb5dd5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",

"md5": "a2f668c46fa323da7b05b86c793a2561",

"sample_size": 4928,

"sample_type": "Binary/None",

"sha1": "5dfd4482da5f3e3e16e2cd2c35e84cc2c50fbd6a",

"sha256": "9c6fd3b109a6b8cc7993c802a87058d40d40e45681cd2d618f7b9326af2c57da"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "zipapp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "149906e70db72e066109d9daa7514cb4",

"sample_size": 7784,

"sample_type": "Binary/None",

"sha1": "a8116e4dacdc047a9408fd63615972fe8f6fcb8f",

"sha256": "07e0247f142e83db698a8c2e6826e7310e472b29af091780e0dd3ebe355f7fdb"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "squeezer.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "32e91f701e2e59e2f61aad16a6bc6ff7",

"sample_size": 13208,

"sample_type": "Binary/None",

"sha1": "5aac3d963583ecbfb6902ffe3e2aa2a9343af432",

"sha256": "97b9baf99e66029b34e013e2226a51ba832f1eeaa859834845acafa1f33bf6b5"

},

{

"classification": "MALICIOUS",

"file_name": "smtpd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "88cd50b900d9239f757f64f9d81760a0",

"sample_size": 35832,

"sample_type": "Binary/None",

"sha1": "07dc8362ffeac7ad509274eda4cba997497acd0c",

"sha256": "6b5696f5ec2c5eeedc971d81261e79d0f6e25146527a4fa00e30947036d8018a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_netrc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ff6eaee08880602f0a9aed3d6bd4a137",

"sample_size": 6312,

"sample_type": "Binary/None",

"sha1": "da14205e9128096abb0d5f12ca10b2428720d1bc",

"sha256": "274074b2bc77acdc77b22073aad9b11898640bdc89c40b8f5da6cc21f83c67e4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_sched.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "8df06e1927b3537f53d67680a5801a3c",

"sample_size": 6784,

"sample_type": "Binary/None",

"sha1": "34ca597d71064b399a6094721cdd71d8695ece2c",

"sha256": "800d46caa1ba07312a3fbda5cdf73a2959bc2ac5134069615d2df9f7e4f97e78"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "xdrlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "504838e547453c6649866cfde5c4d5a7",

"sample_size": 6192,

"sample_type": "Binary/None",

"sha1": "5de7e5a06175fbd98ab9475e9af72e47c0bad2ba",

"sha256": "c9fbe3e69db1424c8ad6a22500e30d0eb341465dc423718eca82e957010cfc83"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "Main.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\pynche",

"md5": "ed751f4f4d850e1fb638975ee784e354",

"sample_size": 6672,

"sample_type": "Binary/None",

"sha1": "67615b3d30f9a10338acfd62e3c5300c1c13801b",

"sha256": "f0948f6bff49620c428bc4da338695850971acb73d0466d494f23bf622863820"

},

{

"classification": "MALICIOUS",

"file_name": "cp869.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "aaa4f6246bccc7ed38711a30662f580a",

"sample_size": 33696,

"sample_type": "Binary/None",

"sha1": "848188498fe3137fbbbcc12c9cc29018d97d2c01",

"sha256": "740884bee1b290854202379582ea573daae0974e4530a2cf2523d772b024a976"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pyerrors.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "86c71f4c87b5bec9c1b56bd0ccd68916",

"sample_size": 12792,

"sample_type": "Binary/None",

"sha1": "1cf1b0965cc758fde9217a614ec44f371627e406",

"sha256": "4b5085c966be042bb5bbc99b9e9fed828f6cc28717c70d6e8735635c04c8236e"

},

{

"classification": "MALICIOUS",

"file_name": "re_tests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "5106ea12b22aa392c7db5a2c963aa2e4",

"sample_size": 27160,

"sample_type": "Binary/None",

"sha1": "9e207fa50c104c80c724ec7cc95767fb88615a1d",

"sha256": "8149f247b4579efcae2d224838ac47f7023a351bf566437b7588ae45fe505145"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "final_b.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3197358f6acaace84db86b8e9fce121e",

"sample_size": 472,

"sample_type": "Binary/None",

"sha1": "3fb86986def0db21b68d549985925b323f373400",

"sha256": "cc1c6b9e250feabb2a3ec2c19372452cc6ddd4389934ff0460cc77b440a7bdb7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_bootsubprocess.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "9f0dc23a9196287e2f3559845313c588",

"sample_size": 2816,

"sample_type": "Binary/None",

"sha1": "d309396b6e15557dfe3cb290fef0f50fa38591bf",

"sha256": "c3ec08669e001639fec3fc025ac42d96e007353d985ffae46fc7455d78b4591f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pty.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "1ce8828ff8b743f3c21bec299acf0d02",

"sample_size": 5016,

"sample_type": "Binary/None",

"sha1": "7ae15e4c8a839226f4df0a648e6afdf891da7855",

"sha256": "50569aaebd389736f7588d8e37ddb777742924955c8e682d1085bfa09413a2e0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "sunau.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "a6cdb6264ebeb72bf00361152bb2f9f9",

"sample_size": 18728,

"sample_type": "Binary/None",

"sha1": "6f407d34b4c0414861cb71f71859deb7fc2f057c",

"sha256": "5e63963b0d3a52e09611346fd4a492e888c3f8b5a99df5d4057d17fb30472639"

},

{

"classification": "MALICIOUS",

"file_name": "shutil.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "54691644e071d127fca331f0525ae5e8",

"sample_size": 54280,

"sample_type": "Binary/None",

"sha1": "dd2b1771cd6894e50208b15a4f6d27b347b4cbe7",

"sha256": "a7c0831be1580d458709592db853446b5fef59df5655442a1fc54412beaa9ea8"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__main__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"md5": "bf7a8a06c645cb3eefe3d05933e3b37b",

"sample_size": 112,

"sample_type": "Binary/None",

"sha1": "4dd79669b0687e3863ee0448c0401a875ead46d8",

"sha256": "64c17d2a470952f6c44026473812299cafedeedde21916a05d51307286a8bd8e"

},

{

"classification": "MALICIOUS",

"file_name": "ftplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "c3c81779734d71270dedee55ef8ab7f2",

"sample_size": 36520,

"sample_type": "Binary/None",

"sha1": "ff28427bfff901e5f3576e4353a89f50bdd582bc",

"sha256": "c4b1896e3cd13cf6070d238fb3edf9236b0b4313176142f2465d5049481eb048"

},

{

"classification": "MALICIOUS",

"file_name": "test_format.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "654317c8954632a348a2180d9083d75f",

"sample_size": 25040,

"sample_type": "Binary/None",

"sha1": "28aa1580c07a0cbaf090b19b0b148f1408392ded",

"sha256": "c54b0b6094c6804e4f68d76e7b458934d5194f78226e7e1f95e9d008a0b4c8e2"

},

{

"classification": "MALICIOUS",

"file_name": "fractions.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "15221724e7924a4958fc7248e1331f9b",

"sample_size": 25008,

"sample_type": "Binary/None",

"sha1": "1eb4c8c91edf96679747c0772de1d53eede004ed",

"sha256": "af16e688d13302a7782d56ed4f9d77ba0ed736e645fa52388674473cf507ecc7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",

"md5": "4226b724dcdddd8aa43db19b985e9d68",

"sample_size": 384,

"sample_type": "Binary/None",

"sha1": "4f0b217f37ec4a5a91fc56e4e493cc4575605915",

"sha256": "017c8faa6a646c27576c92a46ce875e30db2c3b5d013dee7de8a730731fb11cc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pyclbr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "58015ed3998014838a00cf118dbbe264",

"sample_size": 15696,

"sample_type": "Binary/None",

"sha1": "893172a10618e344663f82a2bb528a6f6853cc7c",

"sha256": "df8bfcf5dde08ef7b0b457c07bf9e6046525955fc3e44b4ec14049f339ae2030"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "parser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "7eff848eb316738239024ca16b99c0c8",

"sample_size": 5216,

"sample_type": "Binary/None",

"sha1": "7679c13a9ca95ded2ef91800d33067a6ed39d141",

"sha256": "c545645b60c322525a48268e70c35b5dfa92dd0eab2f9b3e9d03da68a64d1465"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "util.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",

"md5": "717e8c30d0c68d29cf64ba3f5880bd93",

"sample_size": 11664,

"sample_type": "Binary/None",

"sha1": "7479c793151153915b7d897bc556922fb178a1db",

"sha256": "41a5fd197a713fd3b37537d821d59396308408d1fc0ad74068573f20f1ae1083"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "zzdummy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "ae706df91aa4fcd5ade1775448dfe33a",

"sample_size": 2120,

"sample_type": "Binary/None",

"sha1": "a8adadad9c576055f7720efb6e9b196de39f5b47",

"sha256": "f59665c0b7c90b558b7024f2914ae161960a0f902440f92478fed8e2cbb8a069"

},

{

"classification": "MALICIOUS",

"file_name": "cp860.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "232b7d61b2727b2cf1fd12e89da2f0b8",

"sample_size": 35416,

"sample_type": "Binary/None",

"sha1": "a6cf2d3e7622306c3b645216a8a572cc8a984745",

"sha256": "d13d74edf5ec21ae7d3c43b73b6080e64a17ae0f868b430981289602f41c3f95"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "sre_constants.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "9458f5cbc647966279c2c7cc013b35c6",

"sample_size": 7480,

"sample_type": "Binary/None",

"sha1": "633fb5fd94a4b512c4163a3f7bbbf36d0acbb6e6",

"sha256": "f5a99b350ba2fff84eb56233449722fcd8772d9b6cadeaa211d8699b582c1d8c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_errno.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "d6ca8b00eb8d672e2f4153aca5f6bd9f",

"sample_size": 1144,

"sample_type": "Binary/None",

"sha1": "a59f9acb4b68e0450e23ade1bf772b8238f440f6",

"sha256": "9894486dc1a36e698e8f8674316f37115b7dee73ff70af9152d7034b39714a5f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "bltinmodule.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "47c853b05d08af5f7e7af8aa0e6b89e1",

"sample_size": 320,

"sample_type": "Binary/None",

"sha1": "3c08ae9dbdf8cfe5f35a11213949e4dc61213ac8",

"sha256": "1ed3ff6171a472d18d114d7ccac52406b92d24ee5f90459a5406473f900d2144"

},

{

"classification": "MALICIOUS",

"file_name": "test_tcl.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "2716e04cd0d83c5e6f3457e9e0df2975",

"sample_size": 32864,

"sample_type": "Binary/None",

"sha1": "4a6c0f36a937d51428d326d7be7a3baec6c4e846",

"sha256": "53e3b03d6f83a6c57bcdd316cb8ea4f2994ad2987339a3cfea150a63d487359d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "encoders.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "489eb892a32a599319e3ec162e7d31da",

"sample_size": 1896,

"sample_type": "Binary/None",

"sha1": "5acb5ef7aef1721180b1cbf4d63a8cdc1f68bb00",

"sha256": "336533773b0345a319499e023afac893a3df088d20c2db0ad0d94f6208b3006c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "idna.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "56400328c970672e89df5279f5f00edc",

"sample_size": 9520,

"sample_type": "Binary/None",

"sha1": "0e77e068f11bb9cf62e298d05b19bafbad583b8e",

"sha256": "b02891317f53b6fbf724dc2eab4128992c5aea10af1d079ddcdf85f8c3dc6558"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ssl_key.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "63c9974cc22ec4d79645249f75788e4f",

"sample_size": 2568,

"sample_type": "Binary/None",

"sha1": "071b9154f8b0b0dad5c1f5b01867b0d6945bb98d",

"sha256": "390b8abfddccdff2bac105bb1edeb958bd893a7de191a69087d56d6728dc0997"

},

{

"classification": "MALICIOUS",

"file_name": "uuid.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "71730a1aaf15f4d4185d40ac0032010b",

"sample_size": 28096,

"sample_type": "Binary/None",

"sha1": "9fa7f3bbd57908acee11a0f949b1ec9773d07496",

"sha256": "399d11a2c84598a683458f0bbdd62e9ec3cb2330d4685d50df79e2b720108380"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_sitebuiltins.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "7dfa800c9f0b9e48a689d8a4df55a8a8",

"sample_size": 3256,

"sample_type": "Binary/None",

"sha1": "abab6ca1986575339ba3b51b21526ee03529ddc7",

"sha256": "b927b53a8cc6af8a2fe81ca9bbaeade4a70364f16c7a8a0fdd804306af8be293"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "genobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "fa868e96f093aa8c10b94528c7d49fc7",

"sample_size": 3664,

"sample_type": "Binary/None",

"sha1": "19daad26b714e573fa9f9863c1bf24a7865ed559",

"sha256": "9b279c00d0b4717c1bd597bdd75cfa60efb6984ce36301e5da0171018cffe438"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "utf_32.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "fc285c2cf2c0418e51bb972a15f7ccb8",

"sample_size": 5320,

"sample_type": "Binary/None",

"sha1": "d56ba7c5617a1e942f502d17cee188d5109bd4f7",

"sha256": "902f2b626e479983e3df2f367e51391a2da8fa5b980df474a41fc242c59e8683"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "textpad.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"md5": "29de496cd66b27f3e793f59d8ffcc763",

"sample_size": 7896,

"sample_type": "Binary/None",

"sha1": "366d6e1f52af1b9a6a155119d030a00564bd461d",

"sha256": "3019e40c6464b6df2b6bad041075d0e1d7791ce8dead806279b4772e7712a24c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "reperf.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "29fc5437a588720d580daf425beb70f5",

"sample_size": 600,

"sample_type": "Binary/None",

"sha1": "f17c3ff5555f3ee309a5b4ac6586f8ace57315ce",

"sha256": "5fbcbbc68acda85e4109a8dac251ceefec5a103b188fa91d0043e96bf590785d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "keycert2.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "9f7b3d895af5be16092f93a5c6518297",

"sample_size": 4184,

"sample_type": "Binary/None",

"sha1": "9ddabbc95956e9b301716cd60efb5e0f183ee0bc",

"sha256": "b3158d805c42cd9bd62e9f6ce1984247d1def84e85a06a85579f6043ed101d5a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "frameobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "81d9d4ccc40a8563bc7bac4b5e7b1a37",

"sample_size": 400,

"sample_type": "Binary/None",

"sha1": "7588e52729653d15a6512278812c036588761338",

"sha256": "9a45674769e29bfd20f075d035718784b5876c0e20d8df2b0334f0fa29369d53"

},

{

"classification": "MALICIOUS",

"file_name": "pprint.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "fe9e2147cdac3cfe73f0234eb67fc28b",

"sample_size": 23208,

"sample_type": "Binary/None",

"sha1": "33ca47f36063839ca6571fb23163a7c8cd90e21a",

"sha256": "1919a0fa9585d49ba7867f96c30115c5c9b932b1973af8901546a74508616e0b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "fa48130888c03243bb703187ff31f948.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig",

"md5": "51635f7091b4a6337aff17a3cc75c7c3",

"sample_size": 2168,

"sample_type": "Binary/None",

"sha1": "aee92b43f1271af29d25282feb8a9f6d3686fc33",

"sha256": "62670bc96a53ccdcbdc85024997312be5b4f3a1160becc071b929db322730e0f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "fixps.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "b026c106e2fce51247c9a299fd51e50a",

"sample_size": 960,

"sample_type": "Binary/None",

"sha1": "3c43dc44e66dbc1038fb5f632d30b04142697ca2",

"sha256": "02e47fdf58a00cc701bfb9fe735b45af2fae7c0ae72c268d6643148700e22a02"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "suff.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "045f6b57e0da830424437ba4c3383e0d",

"sample_size": 576,

"sample_type": "Binary/None",

"sha1": "aefdb2c14b822c5f35836900cf0fa38de5ec1d95",

"sha256": "a38c64ad9231301917549810f894c06192238876ba573dd39af1f99622de3c4a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "bytesobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "b84c76eb4a3c1f5ed3075ce281781b87",

"sample_size": 3168,

"sample_type": "Binary/None",

"sha1": "39b30d3971ef8b0dfec314ce0e6903a41d7860fe",

"sha256": "9c724e8e530046f9ffd0cf479a6b9765450d35395211cce1923e2705afecb464"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "bz2.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "add98fd118be288e1f7d6b6737476dc3",

"sample_size": 12848,

"sample_type": "Binary/None",

"sha1": "2da676894d0a1cd51cd0ad93ffd20b2b9ad9a9f6",

"sha256": "e669fa3fe7a4ac5e23ae19b6eb60180f7fe7ac8daa7d09a3f079c7af0fef1bda"

},

{

"classification": "MALICIOUS",

"file_name": "test_gc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "e2d8065f65b277651b1c2dad3e5e5137",

"sample_size": 48392,

"sample_type": "Binary/None",

"sha1": "15b42dfb5705fdd45e949a9f62245dd0f8cb0673",

"sha256": "b2ecdc5e5c2e56154a3e0221b8fd06862967d3586b1762de4123a07f05c1ec90"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_tk.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "aae98fcd462195c898e94815be55e472",

"sample_size": 560,

"sample_type": "Binary/None",

"sha1": "8e28e44aa9ef6363230f659be2c36864f334b82e",

"sha256": "f9b78ed491e72c99a1219695d1d6ea29314de652f46ef00f2f645be60bf0d516"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_stat.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "cca5bafb869fd1cc3c06dd7aac10f897",

"sample_size": 8776,

"sample_type": "Binary/None",

"sha1": "b1e1bd0c52b5440c4574228da8e0e2dbc0afdaaf",

"sha256": "d9db1f6769146cd4579d135a6a0cbe275ddeaf8b85b20cb9baab3e5b2ae1ea5a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "final_a.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b48ed43e6571bf9a20ccf1e133e408ca",

"sample_size": 472,

"sample_type": "Binary/None",

"sha1": "4b3e9be6361f0757124dbebb94c5046310e1965c",

"sha256": "f8fefd8e0a5ae0db8d90791645899ed6c9a8f2db077da5d51734b02d0ef18f4c"

},

{

"classification": "MALICIOUS",

"file_name": "modulefinder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "72de8fc219244198642ef06e4c47afeb",

"sample_size": 25128,

"sample_type": "Binary/None",

"sha1": "7f07fdf271f4f94e0b8b86e3b9b09389be1904a5",

"sha256": "75526c85c4027e5ecd668f7129652cfad7e683c310c648dfe0d113f3146d0a4d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "idle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "c31322ca69847578b96a0510e55f2468",

"sample_size": 512,

"sample_type": "Binary/None",

"sha1": "b847b2d3eacb4c7e226c92973e2ddc31b7861748",

"sha256": "937ce40eb1363dfea6bbe42b175c013e8664d89f97fd5ad1e1f3d5ea7cb9c0a6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "tty.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "e8e834af46bc8ea4387a1aee45f109d1",

"sample_size": 952,

"sample_type": "Binary/None",

"sha1": "08219bbc03b41506a6089d04f1de153281e2b8e9",

"sha256": "d8d4ce8e64a050d6413bdf15705fa7dd55130c8c981fc6927904fc06b4ad3e85"

},

{

"classification": "MALICIOUS",

"file_name": "streams.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "6c20d739996bf8ca8bc959b32f46d648",

"sample_size": 27440,

"sample_type": "Binary/None",

"sha1": "3a2178912304e8da9dbc84336cc59ea8262aab87",

"sha256": "6a54b02dac7bee517d9ee01d4205a97d762e76afd69a6294edbf923f7eca2ba8"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "HISTORY.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "db46b1c2022262071af15a8eaf044c01",

"sample_size": 10648,

"sample_type": "Binary/None",

"sha1": "5d958910d0cf8a7cde87e27670b7e2314922ffef",

"sha256": "dc7ad0ca3e9de7f6aeb10ab69f392a719438044bc1a7e1422888f323272d1d93"

},

{

"classification": "MALICIOUS",

"file_name": "sre_compile.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "86e9b1919383a83fdadda385b3b53279",

"sample_size": 28824,

"sample_type": "Binary/None",

"sha1": "9540426877ebd84cc07a6068d76613d3eb7e7562",

"sha256": "f86f241ecb1bc8e06af7882321a43646835486f9850966969ca2e23ce30a212a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"md5": "6b95bcadd8f86dd2a5053e730d43abbc",

"sample_size": 208,

"sample_type": "Binary/None",

"sha1": "395afb9f067adcfac997b8a91aa362f0e437158c",

"sha256": "e57239c1be07fb902314d813055fc36de27b4f0326816fee67532e9fb22863f9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "dd_SetupUtility.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "a031d1d6be8d2cfb66f3bae9bea89b0e",

"sample_size": 2496,

"sample_type": "Binary/None",

"sha1": "e6bc781b92c0d5ca529ee071355fa2ac94f61525",

"sha256": "cc8c0933883a37f0a971718bbc88f159fe8bbcc2fe221ab54b8ce86238c14f2a"

},

{

"classification": "MALICIOUS",

"file_name": "test_lzma.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "0f06da11bc416aa0be711e29455716de",

"sample_size": 92032,

"sample_type": "Binary/None",

"sha1": "8ab5a35437d9de71963eee812eb0508c4fddf95e",

"sha256": "344520af934b0d92da708d22d91a366c5916b8dfb58ae012af2119aed257ed67"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_py_abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "364b5f38fd33ddef379cbdbf0fa06c8f",

"sample_size": 6376,

"sample_type": "Binary/None",

"sha1": "bc2532f968297df05c5073423aaf44ad98e7aba7",

"sha256": "ba8e20ca82f095e320df3c8313c114d79f9d92d474016fa77d134dd363ab92d6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "dump.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",

"md5": "d3b8c3108df5ac46a2de7013f84b1519",

"sample_size": 2936,

"sample_type": "Binary/None",

"sha1": "63c2da13bf41721b49f8d5c9fd0ebb5d0f96506d",

"sha256": "7f3c3ba94fe0c1146903b0f3760c8c10afb0356aa0e5d081b94b6064e9e42351"

},

{

"classification": "MALICIOUS",

"file_name": "test_runpy.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "f1eac9fb99ae6eb01c8560589ffbf29d",

"sample_size": 35488,

"sample_type": "Binary/None",

"sha1": "519590d26d958039fe3953dc81865adef5304bd3",

"sha256": "f96c2f7276ea09f05b5ff3d6fb767fafa60839e3975125fdf260f55130fd3564"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "profilee.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "453afcf97c8b179b0c8e7d69fd453a90",

"sample_size": 3200,

"sample_type": "Binary/None",

"sha1": "5122a4556018e96d8cf8c00c0c0e1935847f65cc",

"sha256": "8696f8a93fd9b842fea40cfe748fa1e050765345404656f5e1d0668e6531ba2d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "big5.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "a1acddbc2112fc71f7e35d75b9139e2e",

"sample_size": 1096,

"sample_type": "Binary/None",

"sha1": "2dc3f8094d55832a81041657dd5ae6c581c0f1bd",

"sha256": "7b95bced1bce6d27afff6411181b4540ec0ba7a62c1932537aca432cd207ddf9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pydebug.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "73871ebf514eba78feeb9e3773af8e26",

"sample_size": 1168,

"sample_type": "Binary/None",

"sha1": "f8213aea2e5513d95397006b1be285ac0f030d4b",

"sha256": "7a0ed3e09a5f194414b0dac4b59ac4dc04880115e35efec62a1ffa64451b77bf"

},

{

"classification": "MALICIOUS",

"file_name": "re.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "ea52122c7037d97ad64068f6e26fe26f",

"sample_size": 16288,

"sample_type": "Binary/None",

"sha1": "c399ccb0192e1a642ff799b535e7ff32521dc0bb",

"sha256": "2b4fcdc5659d815495eeb43b6594ce97fd7ec6f8380eb71c80b31de216196016"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_html.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "39c01a5b9c60ca69fecfc35b70c74008",

"sample_size": 4480,

"sample_type": "Binary/None",

"sha1": "7996dc55be107326945690e8c1198cbb9676e0ba",

"sha256": "6e33af31929c5b49d671789e99a665b2afb02bfbb04a6312c460f68a349d2a95"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "koi8_t.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "b16d6b7c2b452d37921a813eb5481892",

"sample_size": 13544,

"sample_type": "Binary/None",

"sha1": "31c04bef67540ee13e50a6b803bc5812971aaf46",

"sha256": "d6e90ef1e6e93e52d00357a2dbd07a49c5bcfe6d05161aee4ff4524cc7d550b9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_bisect.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "54307ee457ff8922bf33d9304fa07162",

"sample_size": 14328,

"sample_type": "Binary/None",

"sha1": "141e348e9ffd696a67010326c6966ad092b222b9",

"sha256": "6064dc75a092037a9298c9344034df34f56481607f4f2de1f63baa86b342619b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_fork1.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "6f8c9a7e74965adec6b581a2c9778bc8",

"sample_size": 3456,

"sample_type": "Binary/None",

"sha1": "519cc6926dc4f38f78578c5a49f32b71f4c0a7e5",

"sha256": "344bbfff310b550698b0f1e1c1517b1f56ef4a462aa94276dac37d0629733c6d"

},

{

"classification": "MALICIOUS",

"file_name": "test_array.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "22d90065df8e163969b218b60460ccc1",

"sample_size": 54472,

"sample_type": "Binary/None",

"sha1": "041d267fcdbca06b905469674560b0e6facd8a02",

"sha256": "e441cb0d82b0b88f055e011dbb1e5207c125b2124558e9fa50ffd42333656e8f"

},

{

"classification": "MALICIOUS",

"file_name": "sortvisu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "e35b47efdf9ad31c1d95b4b648e306f8",

"sample_size": 20664,

"sample_type": "Binary/None",

"sha1": "10ebc50e6e2d0c793248606419040883cc8f23e3",

"sha256": "9b8989e3e397e33afaaba4f6ceb55b96cff64c8d36750821275e9cd3679ec92c"

},

{

"classification": "MALICIOUS",

"file_name": "test_dis.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "932312ddcbc3a2d3b95098db67b9f65f",

"sample_size": 55808,

"sample_type": "Binary/None",

"sha1": "a5c9227ee90649fa572eaa25e19b8c1f130c27ec",

"sha256": "d8fd69c9f01b1b490e99f55609f9ca8a8fa6112eaee04499fb1db4183607ec65"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "OneDriveMedTile.scale-150.png.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",

"md5": "64ee12ca8b02bfdceab2c18bafa1ad2e",

"sample_size": 1032,

"sample_type": "Binary/None",

"sha1": "44d1588b7c5ff34b97f542f1eacdc2f922612277",

"sha256": "3664864abe07d7216037b1a71421c1f6c246ed3839c581799a8d186ef278a867"

},

{

"classification": "MALICIOUS",

"file_name": "test_smtpd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "43a99f48777edc3219dce4415d5a3e7e",

"sample_size": 42344,

"sample_type": "Binary/None",

"sha1": "a4c0b983ef903bf00dcaaf8cf913f39f4c1c646f",

"sha256": "9feaff08719c930daf44faaf849f2ea741d25e41635be94236e3314bc1b37779"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "classobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "e9d24a3d2efe08b18ac80b3678d53a4f",

"sample_size": 1752,

"sample_type": "Binary/None",

"sha1": "12d25a3557ea0e14b5dcbc11b5cb4bb740953c07",

"sha256": "fd1a15d321eee6fe4e753cb69352529462cc265e27fec5cae207a9f22b88b7ac"

},

{

"classification": "MALICIOUS",

"file_name": "cp737.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "8f9a3be08291534e8d6290966c737f38",

"sample_size": 35416,

"sample_type": "Binary/None",

"sha1": "c64e8d910b450f9654a60a96df07b53234831aa3",

"sha256": "3435bd1f997128472f01b3cb1102729751b1211e8f294df9cea109139d89cc7e"

},

{

"classification": "MALICIOUS",

"file_name": "Outlook.pst.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook",

"md5": "75c5e5597dbfac35729da1e48812f250",

"sample_size": 271400,

"sample_type": "Binary/None",

"sha1": "6660271a0eea85460b60e82b2b091092dcbe511e",

"sha256": "ca983b39a4d8ea244ea2ba30aa933ac69cc33c51658fb4f9129d9cbaf20395f6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "log.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "b7729f563203c5df5b4daacc6beb1301",

"sample_size": 168,

"sample_type": "Binary/None",

"sha1": "2209fbb1e18308726b9c33ccc262dc5b97e35a7c",

"sha256": "dc1fb7242be1dc6de6a0ad1593469b871007ea587b6f6045221702cb2b0cfff3"

},

{

"classification": "MALICIOUS",

"file_name": "client.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xmlrpc",

"md5": "fd1d2932a1e9c44cf914401a35342fec",

"sample_size": 50960,

"sample_type": "Binary/None",

"sha1": "b624519b6ec50a2202ac95ba5507f09a3769b9a3",

"sha256": "1c94aec1481239c6553ff834726e1ddbd78ab44113431148c5f349e36eb77c6f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_global.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "7caebef3d8ec208e37794dae3ba82879",

"sample_size": 1480,

"sample_type": "Binary/None",

"sha1": "df6bc63d3b252e75f40e33d3c769a842aac2a467",

"sha256": "8bf01edebfcacf3df03b2dea5a5ebb01f4940f2585df13c176f288fec5e3f9ac"

},

{

"classification": "MALICIOUS",

"file_name": "cp866.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "28ae97e7c9a21c0ba58f664e6886063c",

"sample_size": 35136,

"sample_type": "Binary/None",

"sha1": "8e81f74480e48c3ae0e084d3e4216c03f79d00fe",

"sha256": "e833c4b9474cf8f07edbaf43c2c0d79162a55c4363e8eb4a924227e6c79b68ba"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_compat_pickle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "6b75b7cf1328b2a5abb008eade222e86",

"sample_size": 9040,

"sample_type": "Binary/None",

"sha1": "94e5d375c8cfaf7424ddc815c9bb58a65d726d36",

"sha256": "2b021d82962df91f12924d23ffb8c367f7035b241a6c218b55f524ce474e3466"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1140.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "2f2196e0a20acc656884b2f8db62b655",

"sample_size": 13456,

"sample_type": "Binary/None",

"sha1": "81676670b7948f4f783b79d9ec3b22c2dc06f694",

"sha256": "0f74db111afd4a51157b29e84e2a7b104cf7a3c525360b97999296020db2c522"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "sliceobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "4ee7a4b613302187c6b2e3efdc62f1b2",

"sample_size": 2624,

"sample_type": "Binary/None",

"sha1": "440b5b102bb0663f047cdb27ee4d77a70870ae01",

"sha256": "2959f1dda83b7a92382fcd2a16969ff659a9ca006cd6a682a9fbaab287528749"

},

{

"classification": "MALICIOUS",

"file_name": "test_dict.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "93d247d84bcb48a7caf4c663f209b05c",

"sample_size": 48904,

"sample_type": "Binary/None",

"sha1": "3975b067e88be9191de5c0946c53be1400c81685",

"sha256": "85aa0e73eb54afea8d6bdb28afd495a4bce92be51ab01bc7b8b22731976c3c75"

},

{

"classification": "MALICIOUS",

"file_name": "pickle.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "5bb787804b84e7d54b7589b594452f6f",

"sample_size": 66776,

"sample_type": "Binary/None",

"sha1": "b43f955f23de79a2bf27897cc0e3cbfb8cc72059",

"sha256": "f4fcd36faf62f34f6ccf8ac3b152bf1b62126a093307b0b0431c94ff292af882"

},

{

"classification": "MALICIOUS",

"file_name": "doctest.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "e493ae2e52284208cc611823a8bc6a2d",

"sample_size": 107400,

"sample_type": "Binary/None",

"sha1": "7ba09ce476399f20a6f6fef34e66cb7709d5bfbe",

"sha256": "f69820e6db476f35480ede0ca1de3039ed8d9998c0bdb19b0fa8fdb9337d1fbf"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pydtrace.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "7977eceae2b0c5940150de1053881a92",

"sample_size": 2512,

"sample_type": "Binary/None",

"sha1": "a9969c423f99989f9f04c8892db26d1b80404f2f",

"sha256": "9d46d14b573c5efa3819b01500e698aeec1d6f0fd7d282ab4d16d350c714beb2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "macosx.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "569901b10c41db8780f4fc070cd29bcc",

"sample_size": 9992,

"sample_type": "Binary/None",

"sha1": "962026bf78eea5a0d4bf455d20b077a158309186",

"sha256": "abe6bdfd68c0eebdf982cea563185ad3259eb465caa81983cc92e99468178f07"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pyexpat.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "54d5dc7aa9572815511929032703c03e",

"sample_size": 2544,

"sample_type": "Binary/None",

"sha1": "39cdc2a5701d7b67c2d7d8b7b6e9e9ef41e28db8",

"sha256": "b6a8748a4dc263671c0347a8c6c1ab485ff97879d17e5c1bf92029f1dea8010d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "uu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "6a0e3dee217ca96bedfda8bcde31fe0d",

"sample_size": 7208,

"sample_type": "Binary/None",

"sha1": "962907f6ed266de5679a97f1c210ed0da77e5fac",

"sha256": "dcca7d1e7bc29638231cf39414bb083f3a405605303bef07ef38ee0200ef9b80"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pyfpe.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "8269c9baa59a65e22b21ab20a5d1ef87",

"sample_size": 496,

"sample_type": "Binary/None",

"sha1": "d9481297a124308c5f9e3468a6b3f37e7f398f9a",

"sha256": "cccdacf67ed35a703eec3ff1b186130439e7a3e68ec43055a09768a9c2b8f0ac"

},

{

"classification": "MALICIOUS",

"file_name": "aifc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "178366fab9d4fa87a2e23610fc74a8ae",

"sample_size": 33592,

"sample_type": "Binary/None",

"sha1": "ac8adfdcf14d3bc50038097012908cb959e55869",

"sha256": "c78e88e30d5e7811110b318085577bb6c9cce7600a4f36b4526aef84fd078113"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_imghdr.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "2f9d96d927225d0a99bcddcd3664cf2d",

"sample_size": 4944,

"sample_type": "Binary/None",

"sha1": "e86853dfe6eb6e2b6298df3040f68f003d97dc53",

"sha256": "de43f6844d3c20db4bb0d028ab0f957af16493a312650284ce867b372110e666"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "token.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "a27a2afbb63e92ac4179dc27302b93ba",

"sample_size": 2544,

"sample_type": "Binary/None",

"sha1": "d8a7c4a5ac1dde8f8c663c446488c4db4d081d51",

"sha256": "4a3f570b875969b96033fa14ca37286ada07303d7dfa6ca1d9be8419f27741c4"

},

{

"classification": "MALICIOUS",

"file_name": "cp1125.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "433bed5d884f9dad4729467f8d375e11",

"sample_size": 35336,

"sample_type": "Binary/None",

"sha1": "5ec5a3af280495e45c727ab1e3dd8fa43342dd72",

"sha256": "c83112fa1134984f14ffb81f5ec164adca5d90be24c9212ef2ac8ccaa28d68ea"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "base64mime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "76272492c530fedf6cd4720a996fa309",

"sample_size": 3720,

"sample_type": "Binary/None",

"sha1": "7340e255447ad7a6df89d08936d1acdb5aafbf49",

"sha256": "87170847dcf6f6d6fcc5e63b929efa4bd65dae79184867cccea7b5bdbb073c30"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "markov.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "2a3c8617b241a4af766d5487a0f6effe",

"sample_size": 3856,

"sample_type": "Binary/None",

"sha1": "c5cb531d99e3e8d1bef41f6f6c45547f2f365a59",

"sha256": "22a9f6b7ad4b26cde1eb04874c164c455f10e5cafcb4a3e0d3615360aebe8bfc"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "mkreal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "f8c9e73e281fd62bf0b28c151b25f16e",

"sample_size": 1736,

"sample_type": "Binary/None",

"sha1": "81dc7eb7061c1723fe0739ba610a8a719bdd79cb",

"sha256": "2638b56639357a5fe175066413ab092568ff36cbd1c1fd119b20f73b624c14ba"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_binop.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "710e43ed98625c959544dc3f3900d4af",

"sample_size": 14960,

"sample_type": "Binary/None",

"sha1": "a6aecfbeace3c69b969862dbaf2f5511e88c0347",

"sha256": "508626328612bfc74ed38ecb65bd59ccb5b10f2729bcfad35eafa944fa8d2e53"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "nturl2path.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "106d9f15a6a1500262d9904d8cd82a66",

"sample_size": 3008,

"sample_type": "Binary/None",

"sha1": "566cbf78e111f55afb23c697e5cfa7b7d1e26179",

"sha256": "c111144619e6dced6966172cc7f93167f5a99a56f1b30afa789bf25af871d2cb"

},

{

"classification": "MALICIOUS",

"file_name": "pythoninfo.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "26d0a48d3428bc28234b34a37661304e",

"sample_size": 23648,

"sample_type": "Binary/None",

"sha1": "a2503adaf50eabd0ff11f272601b36800dae53ea",

"sha256": "cc87a70cf0bd60b3231e7ec4270ded2c38740bb12e65dd0784c240368533319b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "utils.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "24aa2348f9bae0ded94e5be980d94efe",

"sample_size": 13688,

"sample_type": "Binary/None",

"sha1": "6881bf5583aa63385160fad51509dca3fcf363da",

"sha256": "00ebb5a53b22be0e73feb32830665fce9c9ea0f604b46ad139c748433e4f3d32"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "stringprep.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "59e704e7e560bd15cad0cdaf1674190b",

"sample_size": 13232,

"sample_type": "Binary/None",

"sha1": "16b1f60b806e8e73664ad66bba89433e1199a725",

"sha256": "5c929cc6c442b9380a7e69e2ea6448f0f498cd34be183b680730a9e0fc5b65ff"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_msilib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "1241651d54adb5fee66cc7a6b1b54e02",

"sample_size": 5344,

"sample_type": "Binary/None",

"sha1": "8cc6a6eb026162b7a3cf9766949b020c884804cf",

"sha256": "0893fac20d7ffdb9b8c5a91a7638233f84bfdfb984404d817b86478d1bc084f2"

},

{

"classification": "MALICIOUS",

"file_name": "test_call.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "01a3bc8cf630638b0415f07d0aaf7cac",

"sample_size": 25376,

"sample_type": "Binary/None",

"sha1": "a09e223086a131df97e893b2faf27170727a9ae6",

"sha256": "fbeb73a49233d189a7bfbd746bfc410d51a8765894757c027ab3604b04036c56"

},

{

"classification": "MALICIOUS",

"file_name": "webbrowser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "d83516a5ba6c42c75c4d87e9d9cc9129",

"sample_size": 24840,

"sample_type": "Binary/None",

"sha1": "08775620d44c36cf8e3f8d5bc3d6514bef2bf06f",

"sha256": "363acfb97d7c95b68341d1f34638421e2bfe7f2099a2618249cb60e8d51789f3"

},

{

"classification": "MALICIOUS",

"file_name": "loader.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "d758a34f59e262d8056aee42483e0f30",

"sample_size": 23256,

"sample_type": "Binary/None",

"sha1": "d877869eca585620ec67bd41691a43cd5248d8e7",

"sha256": "f3fde0ae44b803c51d13d6b17b6b8556dc9306b335b9902c06ec5f35264379b8"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "outwin.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "c1cbb297b9c6efaeeda0560a76639c73",

"sample_size": 5936,

"sample_type": "Binary/None",

"sha1": "9a123ff5ce25cb18db837713cee812e8670c2ec2",

"sha256": "7884ef82789acf8ee308918989f46adc4adbb726b7c79746acd26990b4118662"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pydocfodder.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "cf9b14b9aa7e0623ba5cb65b329e1af3",

"sample_size": 6592,

"sample_type": "Binary/None",

"sha1": "9f1a82971854f5e73cb5cc21ffdc26e613380d7d",

"sha256": "06a8c01d43df302d10d9438b678381c638483ad732797e59930764de28751819"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "undo.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "c883a291d48498dd2a765ece0b46f159",

"sample_size": 11456,

"sample_type": "Binary/None",

"sha1": "42b426b6c54d15b1acf09309d18107f3392333fc",

"sha256": "3445c4a17a5787882e441f7ca3556680904a19bbccd43e513e357b0fd5da8665"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "compile.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "92aebfd06372d5760a4492cdecc90816",

"sample_size": 3936,

"sample_type": "Binary/None",

"sha1": "6fea8ade8bde9e8f5bc0369125182ca3d26f7c97",

"sha256": "b72c6bdb20a21addfa8a68bc98de5fcd84d26dfbdb3dfd34bdcf71e8d1ca51f5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_eof.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3f22c4cfbae39eaa43e7316a66649808",

"sample_size": 2592,

"sample_type": "Binary/None",

"sha1": "a105589949be91eb13f4c0e67aea34f3ab4c2d87",

"sha256": "8e0d53ab86fb44cec9ef649fb7f8fb8fc77b0f979d1e6deba9bec3033d4889f3"

},

{

"classification": "MALICIOUS",

"file_name": "pyparse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "fb0c693ead3e5bba59e60218f7f8cd4d",

"sample_size": 20496,

"sample_type": "Binary/None",

"sha1": "4f56abf1e8c76ead6539b3c03443d96a72a27a72",

"sha256": "8561a9f93ec982b56480592d39f9c6bebbb2de2a8db731c4c1472dcc74f8a3d8"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "paint.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",

"md5": "a8e5dac553b7da7a0b139f235a0a0671",

"sample_size": 1384,

"sample_type": "Binary/None",

"sha1": "033198e6bb62762db8f57c25f8f55f015af3f06b",

"sha256": "233c370367f9873c4d045608d66ed03b91c343ee61b97fc5cb0c958085cba5d5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "traceback.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "c6cbd5f911bbc0cbe0ddbb57cf2a96be",

"sample_size": 648,

"sample_type": "Binary/None",

"sha1": "391d3e737ef7f8a4dd09f16c1db46b779d185086",

"sha256": "845f9d1d154f59bf3e27bb57fe5867ee813ac432499b09f20d5e0fff9278004a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "README.txt.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "b65d51f7dbf4025ffbac06a38bfc3a59",

"sample_size": 9976,

"sample_type": "Binary/None",

"sha1": "7068f4836af51225fda3b757e0a3cf05e89fb9af",

"sha256": "c8e629051ce9dfdf817ddbacc35d2080f4bb255cf97791dd72271acc797874c2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_shelve.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "5b288a90e28416a90545a8e8e2649058",

"sample_size": 6344,

"sample_type": "Binary/None",

"sha1": "8c2d96940d1b46cdfa7ca63a4cd264acd5050ced",

"sha256": "1646c4e11e361e7a39729347a657fc93d200b7d9df3dc9927add2d719b1249f2"

},

{

"classification": "MALICIOUS",

"file_name": "contextlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "f7f39eedfb9a2a51e3382727b37501f4",

"sample_size": 25360,

"sample_type": "Binary/None",

"sha1": "8d4d0d23c852173447295acb77776343abaf8ab3",

"sha256": "b8eaeb6d1b014cda35471c15747dd9fd32373dd4bae04a083e5357a0fe4b9840"

},

{

"classification": "MALICIOUS",

"file_name": "socketserver.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "c950aaa184f197c45f38cfb8398a20b9",

"sample_size": 28184,

"sample_type": "Binary/None",

"sha1": "491f585f5c4030ac94cbae07b5508fb674f0ed68",

"sha256": "5f5d3ba2ff34c22e356be7689a0e202578085b6818fea14ec71d7f77da947024"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "seq_tests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "50bafc3a81a876733e2e9e3b3df5ab3c",

"sample_size": 15696,

"sample_type": "Binary/None",

"sha1": "900de59dfcb583bcecb2283c70dd127b94b56487",

"sha256": "9a3a6c259064ecd78c656fa5823839506fa38a2c085ed750f2f0ae4047cbe06d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "shelve.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "357c32ce2c811c1c78a942448d73f6d5",

"sample_size": 8808,

"sample_type": "Binary/None",

"sha1": "01ed01b57dd096767ac49247400279aab5c5b37c",

"sha256": "6a6a58a4e9e0c5c8aaa959a67d1beed42c1b361581206f4e76f8ea732a58f0f5"

},

{

"classification": "MALICIOUS",

"file_name": "run.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "917b83951da145e17460f91f3e044a85",

"sample_size": 21712,

"sample_type": "Binary/None",

"sha1": "03f50beee07aaf0c8904f9b122be51c268af254f",

"sha256": "1c7d2a55133ede983fb96ac42b806372eed42ed9682fd37d8b19f86151754f71"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1255.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "72dfe0ce6f968186f380808420ba1146",

"sample_size": 12816,

"sample_type": "Binary/None",

"sha1": "227e0137ccdbaef6217adc19adac2bfbd8f41937",

"sha256": "11ecee10c3bff7b0b08a134aee475af1920d3e2716f75280120f1f1b8b46aedd"

},

{

"classification": "MALICIOUS",

"file_name": "wave.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "f05ec732171bf44a800373481f048809",

"sample_size": 18560,

"sample_type": "Binary/None",

"sha1": "5416ef9ae8922af841c1355f4217f79b97a2acd5",

"sha256": "ba593b4eef9eb4f83fedd2797ead8e763095bd5d20a61c686912f4628ea8f16c"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_list.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "1d0f637aeaec9df4e713d50676bd759b",

"sample_size": 7992,

"sample_type": "Binary/None",

"sha1": "62d2c16375326ef57b725d9831213c2ad50daba1",

"sha256": "f7d9e13a9b3ced0c47bf3a55c89ef8cd886e7447b2d4974907b610f6c7a7bfdb"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_bufio.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "ed4e016c479435e11dadadb8166cb891",

"sample_size": 2712,

"sample_type": "Binary/None",

"sha1": "7c5f9dd0afd3708d408fb865bd3ec53ef43a02f4",

"sha256": "13a56f4409f3e0b5f4197d0ba0265e5230f0bcf7b6c6d4f18356028ffb387eaa"

},

{

"classification": "MALICIOUS",

"file_name": "locale.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "60ed9caf9b6a7562fa6889bed9a319ab",

"sample_size": 80064,

"sample_type": "Binary/None",

"sha1": "bd89f956f31435319c671cb774cdfb328239ffed",

"sha256": "2b743ebdc1c51cfa700fb18d6d133b4330850e72ace559a5508750f25ca61cda"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "window.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "7059cae7a1455d4bd6eb78a72f63f964",

"sample_size": 2752,

"sample_type": "Binary/None",

"sha1": "0889cd6699c0efffdf4c5df2d65a0a09a63a2f82",

"sha256": "442b20fcb2df72dd16d91e8613eb31d04848d41fe2457b470f1b9280ee33efc5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "calltip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "d0489b35fd641d4e600abcf98ba47877",

"sample_size": 7512,

"sample_type": "Binary/None",

"sha1": "e7ae840f462e98b89c282985e2d4d56e355a268f",

"sha256": "e601f30e8fc702d989d07a0b4783b5f4c6c682153dca9b2de9e0e271e4d0e619"

},

{

"classification": "MALICIOUS",

"file_name": "test_os.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "6aa19cc4afc53429cf78e8b2ec996458",

"sample_size": 167216,

"sample_type": "Binary/None",

"sha1": "f3961e88e8ed0accd2ddd187aae5197ccc75dab9",

"sha256": "d2ef4d3aa919c267ee272e086b907d3671ccb91fac6ad11bcd64bf11e5202f00"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\sax",

"md5": "e502bc9cdbd6ad99ddb49a137740231d",

"sample_size": 3792,

"sample_type": "Binary/None",

"sha1": "6d95a538727cea86333cfd62d8c14bb4fc9d4623",

"sha256": "2284695239544fd10331aeef6cea797f45c2dff2a5a2628d6f41e42c8578e0b8"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",

"md5": "8eb95d1f666a789546944980bcc87e1e",

"sample_size": 18592,

"sample_type": "Binary/None",

"sha1": "02517ba564347dac716c6937991b35fc27fbfea0",

"sha256": "fe7102740122286fbae40e27b14f340d555408f8755fbcf72b5266b8c252740a"

},

{

"classification": "MALICIOUS",

"file_name": "test_io.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "7c8a3c620fc757c73a6568fe1dc3fc9c",

"sample_size": 175280,

"sample_type": "Binary/None",

"sha1": "b1188cc68339b19374f0b8a5893ee055b53a6d09",

"sha256": "9276373a12ffbbd455b9f18b92a790b6dcdd5d2bedfe80dbd38dbe9ec4ac8908"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_atexit.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "75622fe47cc698feed1caa00a7772393",

"sample_size": 6216,

"sample_type": "Binary/None",

"sha1": "cd85cc7c4e444fb80e95521d152dc1a148daed6c",

"sha256": "39ce3e26dd6e7a2e6c9add767d7903f8464835e63524a95e9420b4d4cfa8dc90"

},

{

"classification": "MALICIOUS",

"file_name": "test_aifc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "0734abdf7da25fdfc91419bb15d493cd",

"sample_size": 18600,

"sample_type": "Binary/None",

"sha1": "a5e1158535d743640a86e3a3f778841cebde473e",

"sha256": "6b0e2d9255906cb23d73886ab1d1aeb1ad9f48031f2791860bbc539bf983c1e9"

},

{

"classification": "MALICIOUS",

"file_name": "test_enum.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "c256a0841490e1b780f11428ae496148",

"sample_size": 125448,

"sample_type": "Binary/None",

"sha1": "5a68d7705a9d5628ec1447a5ed4e40cf278b1a4e",

"sha256": "186a8fc45e742804e8c43da07dae7d28a332d688256287d5dcae84fdf6af6b8a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ceval.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",

"md5": "aa99db677a15cc3553784a012f3b61f7",

"sample_size": 1616,

"sample_type": "Binary/None",

"sha1": "bf669278778c1db80bac0914b38f4d2b3739b9f9",

"sha256": "9315dfb90c9075e467d08d9074fcf0737de0e8ef87fe4e0916703f39e8c72790"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pymem.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "8fb4872f535207e82cbf5a1b74d08324",

"sample_size": 4560,

"sample_type": "Binary/None",

"sha1": "e241e7d581cd862e2610b66b54ce1ede0826e6ec",

"sha256": "e1a88a03bd2eeef81a5c57a871773e8ab0249aa9e76f53c64bc7bdddf8e74edf"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",

"md5": "04b2dac8ae2c21f83d2b537650d99355",

"sample_size": 6072,

"sample_type": "Binary/None",

"sha1": "e46e92d6d2297f48aeac2271feafdd11ea9979d1",

"sha256": "10eb08ccaa117e7915c5573cc011361004f26f3e7b1a1e82b8a204d1d9ddf3f5"

},

{

"classification": "MALICIOUS",

"file_name": "nmakehlp.c.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\tcl\\nmake",

"md5": "b012da0069dfb5fc3b595c97049928a7",

"sample_size": 21984,

"sample_type": "Binary/None",

"sha1": "e4956d4722a3843913c4ee6964e555c1d85ec1a1",

"sha256": "dcdac09158d167840de917bf986ae1dae8b0687e703f70a83beb535223dc3e71"

},

{

"classification": "MALICIOUS",

"file_name": "test_buffer.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b0f155dbe20d558a8d0d2ee0f974ef50",

"sample_size": 168592,

"sample_type": "Binary/None",

"sha1": "47e6ecfbb70014d4de374fa1d76deaae8bf37e27",

"sha256": "01b9b36cd0f9f2196d04dff359b837204b83aa9a6548fba544722686940cc4c0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_imp.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "bb20f00ce74852273f90e675c1edbd18",

"sample_size": 18656,

"sample_type": "Binary/None",

"sha1": "a213a487c7e8606a7e3df630c3d3ef3754bd7117",

"sha256": "f21c39bfedd99a6bccefa254a1f31327e55802ea37be249abc484391bfb05178"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "_log.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "59237a5ec84118b47cc455767fc9648b",

"sample_size": 2408,

"sample_type": "Binary/None",

"sha1": "77f6139f9099fc9e45030d6758b3c45df2610690",

"sha256": "f3f7879f886f66c217c1221d86c29b51e72126a55fdafe1a24312be08e7a9b1f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "beer.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "91d0b3cdeb80e0b7aab9d2d082246be6",

"sample_size": 632,

"sample_type": "Binary/None",

"sha1": "10c32d90f7de34a8dfafcadfe0e3200723d4011f",

"sha256": "ab0a6aa9490f55389a23f088d48a74891a63639fb2767a413ba03903c45626fc"

},

{

"classification": "MALICIOUS",

"file_name": "cp857.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "b84d8943ffc9f10c637e926183198303",

"sample_size": 34640,

"sample_type": "Binary/None",

"sha1": "353a223340804503bcc9d34ada2d8b73ba651d96",

"sha256": "9800d8aa58217cf53aab22aec8045fbb78354c9216ecd4b14b253b62bf89c78c"

},

{

"classification": "MALICIOUS",

"file_name": "test_ssl.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "69551f600d7ebf6e6c87f1d9e4b1aeb2",

"sample_size": 213480,

"sample_type": "Binary/None",

"sha1": "0d8a3e0a033a52b36680cd3f3138d3dab4574c1d",

"sha256": "bf8230984e3266784a3445765d5db9110a67db3d6cac674a0380e0e7f4fb805d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_tix.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "e4fdcba4393ffd8bab9399373206cc27",

"sample_size": 1008,

"sample_type": "Binary/None",

"sha1": "c372a194bdb742d59f8f2abcdd734768802c887e",

"sha256": "22e72dc812aa7048d8216e3e1a3395e8b30583265e31aa080d4170ff551991b7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pylifecycle.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "515f8ea944259eb9465e7d6d295421e0",

"sample_size": 2256,

"sample_type": "Binary/None",

"sha1": "aaacc9fc2c70883025b01a7b186c844ab1a0df7a",

"sha256": "0e38f7bcc5c86a62e118b0635be59f92eb70ba4dbf45152007270106d3946af4"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_ioctl.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "9e1ee88b2b53766626d83d0e8e0977e1",

"sample_size": 3408,

"sample_type": "Binary/None",

"sha1": "5efbfaf8baf728456c7b5fa088b3b336df338727",

"sha256": "1f23ee502aa64cad421cf226cb7a955ec8ff99830c40be788bef62d2ea2ffaa5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "abc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "1a90ca944fabc2457e725126ad8e0b94",

"sample_size": 5112,

"sample_type": "Binary/None",

"sha1": "a758edabb99ebcfe93b06b9562c5b8be62b75ade",

"sha256": "a6138e664b176cd900b48c97fbdc30c38c8ddc15bd1559e82652c9f98f1d96e6"

},

{

"classification": "MALICIOUS",

"file_name": "test_csv.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "713a3942fa3cb875e6c84901ecb5e86c",

"sample_size": 51512,

"sample_type": "Binary/None",

"sha1": "91b0bae7b492c1d960e992d2c1ac3c491165a50a",

"sha256": "c1825718cdd133223a04a5d489e14c48491770446cef03acfa32e50152d9d2b2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pystate.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "ad48467e51aa0e8561700cace0224d2d",

"sample_size": 5440,

"sample_type": "Binary/None",

"sha1": "b443a9bf94e5243471eecdcc25d323188cc7e6cd",

"sha256": "e6c82ba2571be52efa2ec0f2eb56abb4625c3fdaaab30fd4950a4eed563dee11"

},

{

"classification": "MALICIOUS",

"file_name": "test_class.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "6e9225dd9dad200bc36a2ebc2a95700c",

"sample_size": 18544,

"sample_type": "Binary/None",

"sha1": "79aa25b4b820c7069fb644a3f82f5ab6dbc918d8",

"sha256": "757c7836a3a036ab2083341854510f750f5b91b6e37129ceba800f8a5e782f02"

},

{

"classification": "MALICIOUS",

"file_name": "ntpath.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "61a18760086aba0d88ad90ef833dab70",

"sample_size": 28568,

"sample_type": "Binary/None",

"sha1": "54ed0cfb1a9b65b68c0da1215484499e4eddf3b5",

"sha256": "d71c3e5a51b53c986a7e4e93aaf889d99bccb1bde24419bdb54fe342ff6bf84f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "boolobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "f2a985c2fdc3198b0bc1e8020abaeb6b",

"sample_size": 960,

"sample_type": "Binary/None",

"sha1": "de53e990ccd95c75832304ed692417274ca10af7",

"sha256": "7cd0b8a4c857508677fd12823f395db583550bc66ed4e68010dd34176637d8af"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "sidebar.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "309157c18b97fd0b09f907d523977806",

"sample_size": 13968,

"sample_type": "Binary/None",

"sha1": "644b15087016e6a789ca3fb6b74988f7c48978e6",

"sha256": "885cbc65e6f5e2e75c8b8d38c56861c38511590408c199b97cdbc9e67bedd34b"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "audiotests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "33e6cc8991482f1bdd95add91d2ad477",

"sample_size": 12760,

"sample_type": "Binary/None",

"sha1": "752e4689a59ed4e517f862d43e8cb4ceabf2299e",

"sha256": "850e40158397a29b6c80641b6a8882926845da8c311d3658dc8b2beebcec03a6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "browser.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "38b3fc9a94ffa70c36e7bf6207033178",

"sample_size": 8600,

"sample_type": "Binary/None",

"sha1": "9709bc3e35e4bda71481a0aa75626861d42e5644",

"sha256": "81141adfcaa8c6c1acdaa8e813b2ad3594626428a15cf2609ae6297d272cb9a4"

},

{

"classification": "MALICIOUS",

"file_name": "trace.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "6ae6daf2cf64f51b283a165db6c9bc85",

"sample_size": 29976,

"sample_type": "Binary/None",

"sha1": "db298b7d625564df410489e4f485c159fdfb4ef0",

"sha256": "ad482fbdf429047cc5e3f0c40e4cc69a5d59417f405d2c34b22c5e7edcec2324"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "hashlib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "ae121bc208e03d0af125243670764b6a",

"sample_size": 10312,

"sample_type": "MZ/DOS",

"sha1": "01490c527b94ab99655846826dcf852014c12e30",

"sha256": "a409aee307ca44a46a765c07139a5d522640d1186b7598ad6b2cf5542c8ed4db"

},

{

"classification": "MALICIOUS",

"file_name": "handlers.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",

"md5": "a765315e6953b8cafe0869270655fa6c",

"sample_size": 62032,

"sample_type": "Binary/None",

"sha1": "3fcf591792f38293b7c85091e5e2f496878d5a88",

"sha256": "c091cc66f3ad6fee8f1bff404144415230f11c78d5592e7cae5bd103633a9911"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "bisect_cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "86041789713339250d9f0416138c1274",

"sample_size": 5560,

"sample_type": "Binary/None",

"sha1": "fef692b7dc0ad9c1f03183de83107da0bc15e77a",

"sha256": "43d43d732050e63e76afe9dae39822ff9be032227e6ea0c83780bd3c63cdb81c"

},

{

"classification": "MALICIOUS",

"file_name": "pytree.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",

"md5": "9574d0f84037a23a665cf61231168bdf",

"sample_size": 28864,

"sample_type": "Binary/None",

"sha1": "baa95b094ed4bfa8b1e578eb38e63629b57da8c2",

"sha256": "544db153dd1f23bc44edc02d680a8fcfc3fb73c64118527c777ce8ef36e26224"

},

{

"classification": "MALICIOUS",

"file_name": "tmpjnl2abyncacert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "dd21df9dbd7b4171c3bc9a9953783536",

"sample_size": 266008,

"sample_type": "Binary/None",

"sha1": "4cf6b423754facf94d2f51b899120e0d85c4ae8e",

"sha256": "cbceb201271ea2a599f3c8e1c4064b9c1e714b7c6c925f2f3f60952dec74c0c3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp1256.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "238cc213acd321cf066cec287f49cd2b",

"sample_size": 13160,

"sample_type": "Binary/None",

"sha1": "577d95396ba77ce515ba2d96dd0ff309742afda2",

"sha256": "c2f7639889073185bb8cc7612b2be86d6ae4048e05b254f66f4174b88b9ace34"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pytime.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "567011b04cf2305d53536e9386ffa35f",

"sample_size": 9216,

"sample_type": "Binary/None",

"sha1": "ffcb2057af6b7d633c7ed4e142e4cbf41b671dd0",

"sha256": "3d42038fd2e476eb68cc7a4a3627dc05678943ec361dbab1cfbcf2ebd028fb70"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "errors.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"md5": "b88f19829ed47e07b0b6d100b2ece2a3",

"sample_size": 3712,

"sample_type": "Binary/None",

"sha1": "919ff94eaab2b57893d2eeacd2b18a04535ae977",

"sha256": "a43fcd2dc8b8f28919c36bf40263b40ddba364e5a25fce5f0bd1ff5427f157a3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "TK.cs.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\tcl\\tix8.4.3\\pref",

"md5": "ad6cac133a844162a9d90e09b2948749",

"sample_size": 1096,

"sample_type": "Binary/None",

"sha1": "18ac8f1fd279ceba9dbb0311ec914e34ffb9cba1",

"sha256": "4a5b3e288f80940739129f3b77f6258f233fcf5e097938a80815c5fa81534388"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "context.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "8684073c3e06f447bd5360e98bd2c96f",

"sample_size": 2080,

"sample_type": "Binary/None",

"sha1": "490605ef9143a981bdeabb80403edf5e0efff657",

"sha256": "a2bfdbb39c2fe5ef3bf48f9e409ceaf787115410ea91351f363cba86579bd387"

},

{

"classification": "MALICIOUS",

"file_name": "pygettext.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\i18n",

"md5": "74cb4050c6be6aaf98afdb39eb3bca08",

"sample_size": 22208,

"sample_type": "Binary/None",

"sha1": "08b1271b68322d8f4dbf1f8bfee89ffd1766e25f",

"sha256": "033d415f514a431a7de76d93029197868fc802956e6cf59b636b6a171db170e3"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ast.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "3cad2a71cb4f220c287a476226cd10d1",

"sample_size": 1024,

"sample_type": "Binary/None",

"sha1": "e5accc9eb172ede4cb3edfa68349478bc436bfa2",

"sha256": "150bddf777b57e2a13364fe80f4ec376b2785d5a8d7953219362b53ee8d99cad"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ssltests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "3f8a5cd23c493117f20d5346f3d5c74f",

"sample_size": 1128,

"sample_type": "Binary/None",

"sha1": "9169480a73de2cb59057aa063bcdffad37151b39",

"sha256": "620f901c74211b73d059c45d5ee0608e3d8252f69d2aff2a0841c81523c7be95"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "vector.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "4d9769b3f062060072a7883d842cc52c",

"sample_size": 1568,

"sample_type": "Binary/None",

"sha1": "96e7c8e9efac8e32e08bf403c94cb1f2046567b3",

"sha256": "76cb310b9b1604febccc2a255c6dbaab8f7919af136e6daeb8f214e74b6e8e33"

},

{

"classification": "MALICIOUS",

"file_name": "editor.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "22afad8f02a4112857b209fa2af04ed7",

"sample_size": 67448,

"sample_type": "Binary/None",

"sha1": "d35bb20df36ab037a034ab3ac457df2e842285c8",

"sha256": "06d5999ee4e5ec5a1984ffd3e3dad051de12cc00150db799c49ac65fdeb0120d"

},

{

"classification": "MALICIOUS",

"file_name": "parse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",

"md5": "9f13a3a136af4df91e1b8b6db572c3d5",

"sample_size": 43552,

"sample_type": "Binary/None",

"sha1": "7c73130677167366ad66059c699859f3551f743e",

"sha256": "82eabfaea8eba7f679e80749243cd3e12769a7b7627091b0f9566090fa7d8e75"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "badkey.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "4e8200b6030c213d203bf4443dff9440",

"sample_size": 2240,

"sample_type": "Binary/None",

"sha1": "09fa070aa06809e657661101a5c48e9194585f2e",

"sha256": "e4238f9fdbe3b07806d1e80ef81c643b3ee7fcf2f3a7c35e37d0f01d0db91372"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_future.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "731a017eafc9d6822bc6de9b99b42afe",

"sample_size": 13672,

"sample_type": "Binary/None",

"sha1": "e5dacab821f8bc0c70194cfe3244377586689eee",

"sha256": "b6a630fdb34a47f0e449dd8bdadd124fa87bdf3139d6b7c74cb8d02fcc0384f6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "sequence.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",

"md5": "b6c547f2e47756d06d8c1093e36ffa41",

"sample_size": 4096,

"sample_type": "Binary/None",

"sha1": "0dc59105f86a299b268a1e2dce5a1ad3d7aacd79",

"sha256": "0049582a95af06ca508cd280e95008befc7b2ec53e551ef40ef7425668774cb6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "iterators.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "ff8e99ed6d0e2190180e1a2de8efb811",

"sample_size": 2248,

"sample_type": "Binary/None",

"sha1": "5f6ad08eb9c626acdb602452d74a5c592a832e42",

"sha256": "7bf273792320fdfe24e83ddac1a769f0037d9ee4f96ee674412eb5a923f35038"

},

{

"classification": "MALICIOUS",

"file_name": "argparse.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "31df238dd44c26060b4261c1a37661a2",

"sample_size": 100744,

"sample_type": "Binary/None",

"sha1": "711e78113746cd8de1202bc6986e705463010128",

"sha256": "ce70fd5f0a8c62068e34207a5e2103eea7806d12f44917664cab2ebfa41916f8"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "font.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",

"md5": "3d5269df79862c744d18f0baf3288280",

"sample_size": 7096,

"sample_type": "Binary/None",

"sha1": "bbb5a1af27e7ffbd570cbc601b5df7bcc445036c",

"sha256": "d9c9b33cb67d7305984b2c47133460fe2df8e409e74bfba2ee01cebbf63274c0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",

"md5": "c6adcb3445104f5626d10d9f545dbabb",

"sample_size": 3512,

"sample_type": "Binary/None",

"sha1": "0873c9b2810be1c39dd077f68397b88577455a87",

"sha256": "0532163f2192f4e5f5a95f8173db54c01a1535b8adb9cd1b2a149721795d8818"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "longintrepr.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "1723b99627e4bdf720027582b983ae6a",

"sample_size": 3936,

"sample_type": "Binary/None",

"sha1": "e0150934b85d54c20eaa34a84a8379f58be2086e",

"sha256": "dc3db19dede7d4277778149aefe58bb9da8eaf5bdab79ac2975d3997a422d2ca"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_cmd.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b84f0463c8519e86c8c136afd0bb3e39",

"sample_size": 6528,

"sample_type": "Binary/None",

"sha1": "f398989b5d69d7972bc137d2da6699592177678c",

"sha256": "a777aee97c2524c4024c00f61d6669d2a6528e5e0f5e916125e804bf009355ee"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "diff.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",

"md5": "61f06a47b45479b63c57f0cb49e713d5",

"sample_size": 2360,

"sample_type": "Binary/None",

"sha1": "07dca015053ca1cf3899a2554db56f801d308a17",

"sha256": "cbaa8b8db12c60690bee81d87455d5461063f05749585d30e825b4cb873a26cb"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "gdb_sample.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "da878be3c3beb17e3552246be730e946",

"sample_size": 208,

"sample_type": "Binary/None",

"sha1": "2397e6a8fc7676a9fd85d5dd4bf62e21d1f4a02e",

"sha256": "414f4a44a68b7354e6ab05db4bbcf8aefefefcf518497cdb02cd403a58c8a172"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_unary.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "38bb72a64b91b6b167514a2d9af86caf",

"sample_size": 1760,

"sample_type": "Binary/None",

"sha1": "3a1f071cd7c249d5bd16cee6563acdfa40897701",

"sha256": "f738fcaa4adbed539668e45a94cdbd98e38494d91abd752b50f3c706baa85aff"

},

{

"classification": "MALICIOUS",

"file_name": "entities.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",

"md5": "dc95235177e97927ce2ab38e09ca1eb2",

"sample_size": 77936,

"sample_type": "Binary/None",

"sha1": "bb798146c3a6bbd6a252e5b58e8e3c3b0986ce8f",

"sha256": "844c4ce8feae28e95c3bd9981ca4effc935dcfb061a9f7bf2248e51a655c8842"

},

{

"classification": "MALICIOUS",

"file_name": "test_signal.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "b7e1d7f97195feb2f50f7ea7492a1b6c",

"sample_size": 50560,

"sample_type": "Binary/None",

"sha1": "5864185114dca1cc0363efa0738e583b56ad5562",

"sha256": "a0b8c4c04078263c4ef286dc34cba3f4db552e9558878807ee71c5bd4d81b8af"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_getopt.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "a89d45ccf05f7ca33384548b0553ce6e",

"sample_size": 7136,

"sample_type": "Binary/None",

"sha1": "9380ee8e05d23de393ccdb50d1a6da7de6ffb8bf",

"sha256": "1f87328e23560bf321ef4304c1c5c30a9f17a13af26fe3e6386a71654ba52c72"

},

{

"classification": "MALICIOUS",

"file_name": "dis.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "6af48ff39dbdaeb5037626f988bd9095",

"sample_size": 21160,

"sample_type": "Binary/None",

"sha1": "03d01700a73822b74dca04d7d8f9627ce3a6c1fa",

"sha256": "e66384a92d233cf3ad782f29919a5d23e4249ffad7ce1f35427e3255ef511fc4"

},

{

"classification": "MALICIOUS",

"file_name": "server.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xmlrpc",

"md5": "7123342a3f6864ad33881ebef8a1548e",

"sample_size": 37704,

"sample_type": "Binary/None",

"sha1": "da78c94c57d7ca8b624ef07bfdcd60db7e7a1515",

"sha256": "cbd089b3a28dacd1082feebaa416077437d037c591d27876dc7bc95c838bbab6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "utf_7.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "92377baf49dd717debe3b84e6b7d5ba9",

"sample_size": 1024,

"sample_type": "Binary/None",

"sha1": "a5cae271da87ab0cd02d41469e35f8ecb4410217",

"sha256": "00e8835c3c710aad3c01590c7b63e3f577547fbeabc12e57fc505358538dc523"

},

{

"classification": "MALICIOUS",

"file_name": "test_bdb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "f521a2f49de062f370c75430a49e33f7",

"sample_size": 43592,

"sample_type": "Binary/None",

"sha1": "117551b54a7c0c052494fe1aec5bc1b1821204cd",

"sha256": "c6baf66b4475397f29436566c7f2ffac7e9fb39b62643885cc80a9ce9a52a06d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "tooltip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "7caff095de72d8087feb869b97dacf02",

"sample_size": 6784,

"sample_type": "Binary/None",

"sha1": "64e4570663d2d6a945becf1a34b47c8ab4068a39",

"sha256": "f67b6edc28a90f3ebec421c43b4fd43621f437819faf8883005b8a290a7ba736"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "longobject.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "c35322dd297009f73ca4c8129d2a2856",

"sample_size": 9792,

"sample_type": "MZ/DOS",

"sha1": "c0397f2e60c21e33c8ccbcd70c5e63172663e4a3",

"sha256": "97e2ca05e5ec70cfdd5d3d1696241038acaf6ae3bb9bf815136bb324bccec454"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "hanoi.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",

"md5": "6507207d236f00155cd00f20c3717be2",

"sample_size": 4808,

"sample_type": "Binary/None",

"sha1": "014dd80dd31d0bb6dfa022eaf45641b583b8a279",

"sha256": "60272955c879ef39e9f3dbd4e7296556c88d064641a473663de54b1a7f38dc7a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "iomenu.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "63354eb59874777b43f43a3f6cba70dd",

"sample_size": 16312,

"sample_type": "Binary/None",

"sha1": "cbdd8058b3554b97bdae9dc24dc8182b4cd15e7c",

"sha256": "edc22804ace0cb83bb6bc4f1b6eeea5304a0a116d281ea7c448b1a73ffd0d618"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "timeit.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "8ca7686c055460a56f8eb2d3b6637f61",

"sample_size": 13896,

"sample_type": "Binary/None",

"sha1": "fc3fd89d86fd03b16f378ba237bf20d410ae0a8f",

"sha256": "07bf88763d28266cab5ade1eab7a666672a23406b0da3cafd9c3c73f96d426b6"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "format.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "c2b940c1b75e8b365ddeebbc30760494",

"sample_size": 16240,

"sample_type": "Binary/None",

"sha1": "927a07752cee74376f37b392e684b5cebfb5553e",

"sha256": "57f1d099125d74f3795ad087392c9bb021d2ca57a9e95bb85568f945b493bc7a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cgitb.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "4dac5d43582618862deb77de2babda13",

"sample_size": 12456,

"sample_type": "Binary/None",

"sha1": "5e37d236b663b652f15cd5f9fc6ca3298b31d79f",

"sha256": "695bb83ab13bc6e85edcc96b3acb90dff94e5f2038e19aa0fc6a2a7d9a63cf93"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "cp950.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "19e867ff5fc9f93821102b49a1bb0d20",

"sample_size": 1104,

"sample_type": "Binary/None",

"sha1": "19da0527784a5f1c7deb71561acc4be6ed9f89e9",

"sha256": "cd84df10ff9443a8bb8ce9c099f67f7a856428c2ac5bc577938167f83c69f06d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "poplib.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "73001bf8bb135daeb8aada07ac429a89",

"sample_size": 15720,

"sample_type": "Binary/None",

"sha1": "13d86e5812432bd59f8cf769ecb8a3288c527808",

"sha256": "03b30cf06facc4a882961de7db095047369404b6206590784b493fee51d1774d"

},

{

"classification": "MALICIOUS",

"file_name": "selectors.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "d994316f941d88692a3ee31a6951cd41",

"sample_size": 20192,

"sample_type": "Binary/None",

"sha1": "8a8f875e85b1c489915e421be7933f4655941560",

"sha256": "04dce8dd06e2167c1bb13c8fd114aa57b2ca82b2c2778f87d297b9ccde900ef3"

},

{

"classification": "MALICIOUS",

"file_name": "pyshell.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "05c2915d97cf340947cd8000049e1419",

"sample_size": 59232,

"sample_type": "Binary/None",

"sha1": "1d4249b1aa37ba3c4e1bb0ace862003445e5a3ed",

"sha256": "35d01047d9d857f5a07a16e566192ddbc25cf78d7993f2e8d413b5021983cfdd"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "idnsans.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "39adbd8b498b0d5572be51e13e9abed1",

"sample_size": 10152,

"sample_type": "MZ/DOS",

"sha1": "deb03c95ebb092305f6ca9caec75c1299349a1c9",

"sha256": "de046c48cd112e979b2a68ff1fb840e2fb9100da3529e1e3be5084eac4fa886f"

},

{

"classification": "MALICIOUS",

"file_name": "cp864.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "edf555d2e3f74e8173f852198135a6c9",

"sample_size": 34392,

"sample_type": "Binary/None",

"sha1": "1bc09dd060df8d292c8f36f198f195a26464abfe",

"sha256": "7e45d52b96738515b6375bfdeb64c2acf577fc158aab67c84e9786c736e44b00"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "query.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "8fc082f1304ccb82b518afde8e540d2a",

"sample_size": 15504,

"sample_type": "Binary/None",

"sha1": "10549debf746b444563eff4b90d5ed4727b53456",

"sha256": "30eadf95f4625a137f63218a024c4a1b8cfcfa155139b20d12a9e405bd4c06c5"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ssl_servers.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "2db2b517a2ff4da36dfcc96b0334b491",

"sample_size": 7528,

"sample_type": "Binary/None",

"sha1": "4bda8591c54fc4dc7853ebdf6b2e2e3c9cecdc6a",

"sha256": "947a6ba50436d6e2526409831cb4b5bdad027d4b141e018b6c71e958c82f5133"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "main.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "735fe7cb4e618022989ac9dc75ba79e1",

"sample_size": 11568,

"sample_type": "Binary/None",

"sha1": "7945040cd3604f3553c37eea3a380d5f8ecdc0e2",

"sha256": "fdf866c2b7cd7c777df2755a3a5b76d4abe7dbdc3954e468ce29c5c659ec01a3"

},

{

"classification": "MALICIOUS",

"file_name": "sysconfig.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "f0fabb4ca0556e6e9300464627fca3e8",

"sample_size": 25680,

"sample_type": "Binary/None",

"sha1": "eac2e5ef1ce7a19827948f510a60781cde4c4a58",

"sha256": "8b6ce9e32face516055ad61ebeffd3204a6eac13726de134e76b2ac9ed464bb2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pycacert.pem.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "0d75b8b2a4fc0b6d9a2b202d05e61562",

"sample_size": 5800,

"sample_type": "Binary/None",

"sha1": "03f3088147d0cfc7a03f1ea536523c5d38d08f1d",

"sha256": "deb2bf3126b09b3ec97b3a639b265a6b83fe4bb5cc8b62fa6f4d2de3278fc1e2"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pyframe.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "d18ac835715af1f40626f05a75fd59ea",

"sample_size": 528,

"sample_type": "Binary/None",

"sha1": "87fecae0b6b8358ba2c265fb2cf53e24d8b03539",

"sha256": "0d100fc7a5f109ba456c05922be44f2b21ea1314d505374c91c968af27375093"

},

{

"classification": "MALICIOUS",

"file_name": "generator.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",

"md5": "bd5b9ddbf7194ab2964370e376cf92bf",

"sample_size": 20752,

"sample_type": "Binary/None",

"sha1": "4fb1b5d709e3bf81a0623d1df96615a66ede7c7a",

"sha256": "7d8caacc64756c706d5dd1fe26a3e79d8e1c71431f64208a3a0a1d90315d208d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "au-descriptor-1.8.0_371-b11.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",

"md5": "54b0891167272da470696c9f3f1fb728",

"sample_size": 6872,

"sample_type": "Binary/None",

"sha1": "09c294fb3feef54edd18dfe2104767e9700131ab",

"sha256": "00794d1c19081d14eefb33da7d229c34c8f1336179b88647cf7586f894a9386f"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "runner.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",

"md5": "6a164e99308737873671f632affd0315",

"sample_size": 8320,

"sample_type": "Binary/None",

"sha1": "9c4254dd3c2aac961c1211a11a8e3583af6a874b",

"sha256": "00be5a4ee498dc74aad7a6b8819c36a9baf7005f85b4da7ece45f3f64265bf20"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "import.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "df59afa9ffc38048390c63b83fa848bf",

"sample_size": 3168,

"sample_type": "Binary/None",

"sha1": "45f43c3c90d264bcd1e42947b4b4ef7eecd24b08",

"sha256": "200e500090f676aabbd6f2adbd55be1d743b005bcf45a636e24202dc76de4293"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "parsetok.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "6c5ba6b6741f0ceba9e30ab36ff31634",

"sample_size": 3112,

"sample_type": "Binary/None",

"sha1": "193d1bf3c1fc6f5480f4d0b83d76f7215659c517",

"sha256": "28765097f0bf88e54f12f2af929069658762bcfe8a2d7565bbeb245a9c91e1f9"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "xmltests.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "1d2f44db4f359a98cf07c364940db5f5",

"sample_size": 560,

"sample_type": "Binary/None",

"sha1": "c763c6adcdf10ea366995408510c8a3e11b0e028",

"sha256": "655bf9d69af0c1ec41fef625de5ea4b34bd503b24386e3e42a09d994b4e650c0"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_frame.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "7f47173650e4e29856f21ec78c7ab359",

"sample_size": 6056,

"sample_type": "Binary/None",

"sha1": "bac3b60588da442f28300cedf60cf06be9ea1e5b",

"sha256": "7474254e8ecf26a21ff84b485984ad428d3f5df07007efd2047e3623b524bd24"

},

{

"classification": "MALICIOUS",

"file_name": "cp863.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "34985d254506b2dbbf7aff0cd0a8c606",

"sample_size": 34992,

"sample_type": "Binary/None",

"sha1": "31fda7d0d2dd6bed3a6919704ae1bce57ae57de8",

"sha256": "3472ceb372a1372e37cfbe0f8dcfb2003ffdaa58917e0c2666e037e3057f83aa"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "filelist.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "5e43b1c795f0fbd27e7d15863f1beef6",

"sample_size": 4048,

"sample_type": "Binary/None",

"sha1": "c555aa076f1ee5edfd69fe0372f1041a27237d31",

"sha256": "3c3891eef7167f1eeb34bb23036658302585ec1f134cd7e1dd3c62c03d73e985"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_file.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "a32d95d8f5daa84a1f3f2bca83a992f2",

"sample_size": 12344,

"sample_type": "Binary/None",

"sha1": "f8d48ec64aec40c4a713c92e9ccbf76f402b1c50",

"sha256": "9871462f91b8cc7e941ada6fbd68ac5fc60badb7c57199d81c5c4c0150de6743"

},

{

"classification": "MALICIOUS",

"file_name": "test_gzip.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "21e2eb43689719dedb6bb74f31071379",

"sample_size": 31776,

"sample_type": "Binary/None",

"sha1": "e28fda1464e185031c6cdfaa3087f862706a02b1",

"sha256": "29e1d1c29a5560dcb3efe7aa693f48bd30f6463e7e7e9985faee4c532cdd8eef"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "__init__.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",

"md5": "ec34839e24c17652d98377ae7da847a3",

"sample_size": 2112,

"sample_type": "Binary/None",

"sha1": "ed94d31a40322008e892e9e8dfaeed17f9263b4a",

"sha256": "b89e9802131ce32d4162654e8da8b080fe8de5cc26dd2600122c01da9a9bfa95"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "debugobj.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "6365f84afa2357ee7ae246fe563a6b5c",

"sample_size": 4240,

"sample_type": "Binary/None",

"sha1": "3ccfec0c42f7e2ac014a0f478b6d87ed1f6de661",

"sha256": "f68b53231485ebfa45f92dcbb0169d5876af77916fc104cf7b2171573e3ca357"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "errcode.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "f8094036a3ebf5fe26070936aa906d19",

"sample_size": 1704,

"sample_type": "Binary/None",

"sha1": "21a3b03749bcbc6d5205e23d5061350a42f92b9d",

"sha256": "2de188f03d93fe3703ad060126e42452d6f57f80f89c4928239b19458393587c"

},

{

"classification": "MALICIOUS",

"file_name": "tasks.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "c552e2b110d748d471cd14d7fb7069c2",

"sample_size": 35448,

"sample_type": "Binary/None",

"sha1": "39ddc696d55b757785bb36662df5413bdf57e288",

"sha256": "62fa157d75c088a7980a247793b23625beb4530989da6e763bb60d4e94f29439"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "audio.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",

"md5": "5854888ff17abbca6edb03e0e1fb8c39",

"sample_size": 2856,

"sample_type": "Binary/None",

"sha1": "644a62687f78740c1d3fa2582167e1f75e91eb82",

"sha256": "ac73331166b36c1840889a6ec0e41bde6c9c111653e64e1a388e56df1a0fa5f7"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "5c4702cd526cc48a8ca08b053b04c176.xml.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig",

"md5": "d4df5d2f0b54b4708314b3ce2a692e0b",

"sample_size": 2168,

"sample_type": "Binary/None",

"sha1": "f2b6afd485689228062bab5f453fa2b5a0ba4f63",

"sha256": "8757531e09e21f0fdaa18c1a7fe1923157eeef9f2967e428aa4860ac0a52abd8"

},

{

"classification": "MALICIOUS",

"file_name": "pstats.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "fd20728c75685f8d9f8d2459a892e015",

"sample_size": 30144,

"sample_type": "Binary/None",

"sha1": "49661a36c53a151ccd24b130fba94ff3286aad93",

"sha256": "de6857475be57b465eb1f5b3a21ff2216448afec0f59c33b206fb64b7412ddba"

},

{

"classification": "MALICIOUS",

"file_name": "datetime.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "90bedd604a02e5969bbb471537b0696b",

"sample_size": 91776,

"sample_type": "Binary/None",

"sha1": "a529353fddf007810cd37d60c859320fee694fdf",

"sha256": "e7d518e0c9a73eb55acd007674e89b9f916dfe3da77960eccadd55108a768f39"

},

{

"classification": "MALICIOUS",

"file_name": "test_shutil.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "9689aa8beff05a81bf28ba34d6b2e18f",

"sample_size": 108864,

"sample_type": "Binary/None",

"sha1": "09361dc6d08bd5be81bcf4e5f21591e2c700b8bb",

"sha256": "0c23344518e05d5868a8a346c87128e9aed1fa9bd00649ccce18be2b2ada4fa6"

},

{

"classification": "MALICIOUS",

"file_name": "sslproto.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",

"md5": "e98b3e0347f854f6f8ebb9238ea5280b",

"sample_size": 28240,

"sample_type": "Binary/None",

"sha1": "95f874031d161426298ef90b89aaa70c06a9ddcf",

"sha256": "0bcd98cb477a99d325fa0dfe6a81c040d9cb2bed786f715060af4971af70003f"

},

{

"classification": "MALICIOUS",

"file_name": "rpc.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",

"md5": "3172623b5df9b23c04e7e3c3c1512c50",

"sample_size": 21752,

"sample_type": "Binary/None",

"sha1": "799babf5c16623165b3f17ebc709e7f897cd9b16",

"sha256": "eadd94f4719731b6c33b1293fb2cdfdc24e7e3f405411612731fbcc8ac04e19a"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "linecache.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "cafbcfd1b6c907735333c426792229c5",

"sample_size": 5680,

"sample_type": "Binary/None",

"sha1": "a71b95f5fb587235218d01dcd39d6e35b1d551e7",

"sha256": "1e20834489ff00871dc5854eddf241bb1bdf75d89feaf163940273720b5de892"

},

{

"classification": "MALICIOUS",

"file_name": "ssl.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",

"md5": "b051959fa90489c3d55edfa7a4656ac9",

"sample_size": 52288,

"sample_type": "Binary/None",

"sha1": "de6b7b8efe92736c319e4f276625d4986b26ca7e",

"sha256": "135c41557a44f703c0cf9f48b59941d7c4f369ac3dd1e7fd926c976b52f32b19"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "ann_module.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "30272649ed2d747db3ce1b7cab85fe30",

"sample_size": 1208,

"sample_type": "Binary/None",

"sha1": "a81ac9f957f084f37e026429390c08af83b2c45f",

"sha256": "e92694e7993570a95ac9625741cf7fd7aaccb059deebb8c50be6975510e96d17"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pythread.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "88a6f2d25b7f404dc45ead21c2854ac9",

"sample_size": 6144,

"sample_type": "Binary/None",

"sha1": "cf6554637b90dda0af507ea0a4a0342739ca8512",

"sha256": "8e86f854f055bc80c5f539042c64d54a5ae17f1d7cf8895e25f0bb4330721c6d"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "core.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",

"md5": "eb5dff40652ae7dd1995d5ccc54701b2",

"sample_size": 9152,

"sample_type": "Binary/None",

"sha1": "54f02c84de55e086fddb52f4a12995a45722edc5",

"sha256": "02177c597f6a5c7a7f993161a7b14f65154959fbb29719b9f047626c6c94c146"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "pymacro.h.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",

"md5": "41b5134d662b68d9a990f710456acf80",

"sample_size": 5096,

"sample_type": "Binary/None",

"sha1": "7335f23165f42a1fc2802be0cf0020248548db93",

"sha256": "1194056fe6cd6699aa5e907d60297f7fe0537853bcb038dd354e8d30749e5d99"

},

{

"classification": "MALICIOUS",

"file_name": "server.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",

"md5": "edf08c57b83eae98274cabbcd0669e87",

"sample_size": 48712,

"sample_type": "Binary/None",

"sha1": "11a4bc5c1f21810405b2104aecc4daab4a17f007",

"sha256": "231b9733ffa226da62ee9436c3a77b0c155ef3ea4ed37e765d8312665e37a916"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "headers.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",

"md5": "340d1ef349d9abca1bef4e1df2730dec",

"sample_size": 6992,

"sample_type": "Binary/None",

"sha1": "68f18461c9e58eb15a8bb08d4d6416e8c3ec0fdf",

"sha256": "e7f46189affdb87a0e0338b747e463ca6c5ed68ad3d8abb07f36cef79ee2d544"

},

{

"classification": "NO_THREATS_FOUND",

"file_name": "test_pkg.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",

"md5": "a1c43319ad3407421c40eca1cb5f3ddd",

"sample_size": 10160,

"sample_type": "Binary/None",

"sha1": "73252e34437f9344acc784b8439ffe4b048918a7",

"sha256": "a2deb4ae5a106bef23236a3dd07ff6f5385782d28b7f53b99fe27d28aa291b52"

},

{

"classification": "MALICIOUS",

"file_name": "cp862.py.toxcrypt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",

"md5": "1957097ab8f3948d2797c5707a2a6195",

"sample_size": 34112,

"sample_type": "Binary/None",

"sha1": "20a216c817f032232a38ef7dbe42a2bb3687ad90",

"sha256": "f9b18890c0233ecc0d425656b6564aa22fb09a7b75214ad95a4d2fd56d464574"

}

],

"dropped_files_url": "https://bucket.reversinglabs.com/rl-cloud-sandbox-dropped-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_dropped_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024237Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=0754967f88b69419f9aabe99ae040632546210ba012cbc35b19839ec8e5a60c5",

"md5": "d5720ea13de22edcbe76d20c7908c0bf",

"memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024237Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d09eaaf10332e5b4dfc8de433a19ba90d3f39c779b7241f5217184045018ff85",

"mitre_attack": {

"matrix_list": [

{

"name": "Enterprise",

"tactics": {

"tactic_list": [

{

"id": "TA0005",

"name": "Defense Evasion",

"techniques": {

"technique_list": [

{

"id": "T1055",

"name": "Process Injection"

},

{

"id": "T1027",

"name": "Obfuscated Files or Information"

},

{

"id": "T1036",

"name": "Masquerading"

},

{

"id": "T1140",

"name": "Deobfuscate/Decode Files or Information"

},

{

"id": "T1027.002",

"name": "Software Packing"

}

]

}

},

{

"id": "TA0007",

"name": "Discovery",

"techniques": {

"technique_list": [

{

"id": "T1083",

"name": "File and Directory Discovery"

},

{

"id": "T1082",

"name": "System Information Discovery"

},

{

"id": "T1124",

"name": "System Time Discovery"

},

{

"id": "T1518.001",

"name": "Security Software Discovery"

},

{

"id": "T1016",

"name": "System Network Configuration Discovery"

}

]

}

},

{

"id": "TA0002",

"name": "Execution",

"techniques": {

"technique_list": []

}

},

{

"id": "TA0011",

"name": "Command and Control",

"techniques": {

"technique_list": [

{

"id": "T1105",

"name": "Remote File Copy"

},

{

"id": "T1573",

"name": "Encrypted Channel"

}

]

}

},

{

"id": "TA0010",

"name": "Exfiltration",

"techniques": {

"technique_list": []

}

},

{

"id": "TA0004",

"name": "Privilege Escalation",

"techniques": {

"technique_list": [

{

"id": "T1547.001",

"name": "Registry Run Keys / Startup Folder"

}

]

}

},

{

"id": "TA0003",

"name": "Persistence",

"techniques": {

"technique_list": []

}

},

{

"id": "TA0009",

"name": "Collection",

"techniques": {

"technique_list": [

{

"id": "T1560",

"name": "Archive Collected Data"

},

{

"id": "T1056",

"name": "Input Capture"

},

{

"id": "T1005",

"name": "Data from Local System"

}

]

}

},

{

"id": "TA0040",

"name": "Impact",

"techniques": {

"technique_list": []

}

},

{

"id": "TA0006",

"name": "Credential Access",

"techniques": {

"technique_list": [

{

"id": "T1003",

"name": "OS Credential Dumping"

}

]

}

}

]

}

}

]

},

"network": {

"url": [

{

"source": "memory",

"url": "http://127.0.0.1:90500123456789ABCDEF"

},

{

"source": "memory",

"url": "http://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip"

},

{

"source": "memory",

"url": "http://gcc.gnu.org/bugs.html):"

},

{

"source": "memory",

"url": "http://curl.haxx.se/docs/http-cookies.html"

}

]

},

"optional_parameters": "internet_simulation=false",

"pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024237Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d0a36b3fb2b6682dade177a83c5119b0e725bb4ad0a2d28fd2a3a7a0dda56a35",

"platform": "windows10",

"process_tree": [

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 1040

},

{

"name": "rl_file.exe",

"parameters": "C:\\Users\\user\\Desktop\\rl_file.exe",

"parent_process_id": 4160,

"process_id": 5252

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 1040,

"process_id": 1076

},

{

"name": "rl_file.exe",

"parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" ",

"parent_process_id": 5252,

"process_id": 7716

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 1428

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 1428,

"process_id": 4548

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 7620

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 7620,

"process_id": 7568

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 7892

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 7892,

"process_id": 7880

},

{

"name": "Tox.exe",

"parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" ",

"parent_process_id": 4160,

"process_id": 8020

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 3456

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 3456,

"process_id": 6668

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 5256

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 5256,

"process_id": 6932

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 3816

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 3816,

"process_id": 6064

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 8140

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 8140,

"process_id": 3916

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 3764

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 3764,

"process_id": 7428

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 3516

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 3516,

"process_id": 7652

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 5540

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 5540,

"process_id": 2636

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 7452

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 7452,

"process_id": 5268

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 4576

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 4576,

"process_id": 4588

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 1552

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 1552,

"process_id": 8060

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 5596

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 5596,

"process_id": 8132

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 7848

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 7848,

"process_id": 8112

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 6164

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 6164,

"process_id": 1848

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 3816

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 3816,

"process_id": 8160

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 3400

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 3400,

"process_id": 6168

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 4068

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 4068,

"process_id": 6288

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 1076

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 1076,

"process_id": 6680

},

{

"name": "ipconfig.exe",

"parameters": "ipconfig /renew",

"parent_process_id": 7028,

"process_id": 3908

},

{

"name": "conhost.exe",

"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",

"parent_process_id": 3908,

"process_id": 7696

}

],

"risk_score": 96,

"screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024238Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=8984143143aa69d5eb2e5bd990a0e4d4e32822c2b1e67502e05c805e47d34301",

"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"sha256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19",

"signatures": [

{

"description": "Reads ini files",

"risk_factor": 5,

"sig_id": 1257

},

{

"description": "Creates a start menu entry (Start Menu\\\\Programs\\\\Startup)",

"risk_factor": 7,

"sig_id": 1376

},

{

"description": "Disables application error messages (SetErrorMode)",

"risk_factor": 5,

"sig_id": 1397

},

{

"description": "Uses Microsofts Enhanced Cryptographic Provider",

"risk_factor": 7,

"sig_id": 1312

},

{

"description": "Contains functionality to enumerate / list files inside a directory",

"risk_factor": 5,

"sig_id": 1088

},

{

"description": "Found string decryption functions",

"risk_factor": 7,

"sig_id": 1600

},

{

"description": "Found inlined nop instructions (likely shell or obfuscated code)",

"risk_factor": 7,

"sig_id": 1537

},

{

"description": "Creates temporary files",

"risk_factor": 5,

"sig_id": 1276

},

{

"description": "Tries to harvest and steal browser information (history, passwords, etc)",

"risk_factor": 8,

"sig_id": 1272

},

{

"description": "Sample reads its own file content",

"risk_factor": 5,

"sig_id": 1571

},

{

"description": "URLs found in memory or binary data",

"risk_factor": 5,

"sig_id": 357

},

{

"description": "Contains functionality to download additional files from the internet",

"risk_factor": 5,

"sig_id": 1090

},

{

"description": "Uses an in-process (OLE) Automation server",

"risk_factor": 5,

"sig_id": 1458

},

{

"description": "Sample is packed with UPX",

"risk_factor": 5,

"sig_id": 1366

},

{

"description": "Creates a DirectInput object (often for capturing keystrokes)",

"risk_factor": 7,

"sig_id": 1339

},

{

"description": "Stores files to the Windows startup directory",

"risk_factor": 7,

"sig_id": 1352

},

{

"description": "Creates a process in suspended mode (likely to inject code)",

"risk_factor": 7,

"sig_id": 1790

},

{

"description": "Spawns processes",

"risk_factor": 5,

"sig_id": 1271

},

{

"description": "Creates mutexes",

"risk_factor": 5,

"sig_id": 1150

},

{

"description": "Detected crypto function",

"risk_factor": 7,

"sig_id": 1826

},

{

"description": "Sample is known by Antivirus (Virustotal or Metascan)",

"risk_factor": 5,

"sig_id": 1532

},

{

"description": "Contains functionality to register its own exception handler",

"risk_factor": 5,

"sig_id": 1094

},

{

"description": "Classification label",

"risk_factor": 5,

"sig_id": 420

},

{

"description": "Uses 32bit PE files",

"risk_factor": 7,

"sig_id": 621

},

{

"description": "Contains functionality to query local / system time",

"risk_factor": 5,

"sig_id": 1103

},

{

"description": "Multi AV Scanner detection for dropped file",

"risk_factor": 10,

"sig_id": 1524

},

{

"description": "Drops PE files",

"risk_factor": 7,

"sig_id": 1167

},

{

"description": "Multi AV Scanner detection for submitted file",

"risk_factor": 10,

"sig_id": 362

},

{

"description": "Contains functionality to query CPU information (cpuid)",

"risk_factor": 7,

"sig_id": 1326

},

{

"description": "Uses code obfuscation techniques (call, push, ret)",

"risk_factor": 7,

"sig_id": 1577

},

{

"description": "Drops PE files to the startup folder (C:\\\\Documents and Settings\\\\All Users\\\\Start Menu\\\\Programs\\\\Startup)",

"risk_factor": 8,

"sig_id": 1378

},

{

"description": "Creates files inside the user directory",

"risk_factor": 5,

"sig_id": 1145

},

{

"description": "Reads software policies",

"risk_factor": 5,

"sig_id": 1460

},

{

"description": "Writes many files with high entropy",

"risk_factor": 8,

"sig_id": 2072

},

{

"description": "Binary contains paths to debug symbols",

"risk_factor": 0,

"sig_id": 1248

},

{

"description": "Enumerates the file system",

"risk_factor": 5,

"sig_id": 1173

},

{

"description": "Uses ipconfig to modify the Windows network settings",

"risk_factor": 8,

"sig_id": 1281

},

{

"description": "Sample execution stops while process was sleeping (likely an evasion)",

"risk_factor": 7,

"sig_id": 1681

}

],

"threat_names": [

{

"threat_name": "Unknown"

}

]

},

"requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271",

"requested_id": "08249dbc-77bf-482e-be4d-b8fa58de01c7"

}

}

}

}

Human Readable Output

ReversingLabs Sample Dynamic Analysis output for sample 21841b32c6165b27dddbd4d6eb3a672defe54271

Classification: MALICIOUS Sample SHA1: 21841b32c6165b27dddbd4d6eb3a672defe54271 Sample MD5: d5720ea13de22edcbe76d20c7908c0bf Sample SHA256: 0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19 Last analysis: None

Full report is returned as JSON in a downloadable file

reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis

---

Submit a URL for dynamic analysis.

Base Command

reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis

Input

Argument Name	Description	Required
url	URL string.	Required
platform	Desired platform; See the API documentation for possible values.	Required

Context Output

Path	Type	Description
ReversingLabs.detonate_url_dynamic	Unknown	The dynamic analysis.

Command example

!reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis url=http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt platform=windows10

Context Example

{

"ReversingLabs": {

"detonate_url_dynamic": {

"rl": {

"analysis_id": "033ae6c3-b6e3-4dcc-9544-e394401b92d6",

"sha1": "01b57da1914cff3920cf2ce6ae03001a3ba8e76f",

"status": "started",

"url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"url_base64": "aHR0cDovL2NsYXNzaWNhaXJqb3JkYW5zaG9lcy5jb20vY2xhc3NpYy1haXItam9yZGFuLTktYy03Lmh0bWw_emVuaWQ9ZWdibW1iaTAzOWlxbXM1aG81ZHQycW51bm0wbWV0dHQ"

}

}

}

}

Human Readable Output

ReversingLabs submit URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt for Dynamic Analysis

Status: started Requested UR: http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt URL SHA1: 01b57da1914cff3920cf2ce6ae03001a3ba8e76f URL BASE64: aHR0cDovL2NsYXNzaWNhaXJqb3JkYW5zaG9lcy5jb20vY2xhc3NpYy1haXItam9yZGFuLTktYy03Lmh0bWw_emVuaWQ9ZWdibW1iaTAzOWlxbXM1aG81ZHQycW51bm0wbWV0dHQ Analysis ID: 033ae6c3-b6e3-4dcc-9544-e394401b92d6

reversinglabs-titaniumcloud-get-url-dynamic-analysis-results

---

Retrieve dynamic analysis results for a URL.

Base Command

reversinglabs-titaniumcloud-get-url-dynamic-analysis-results

Input

Argument Name	Description	Required
sha1	URL SHA-1 hash. It can be found in the response while submitting the URL for analysis. Mutually exclusive with url.	Optional
url	The requested URL- Mutually exclusive with sha1.	Optional
analysis_id	ID of a specific analysis to fetch.	Optional
latest_analysis	Fetch the latest analysis. Possible values are: true, false. Default is false.	Optional

Context Output

Path	Type	Description
URL.Data	String	The URL.
DBotScore.Score	Number	The actual score.
DBotScore.Type	String	The indicator type.
DBotScore.Indicator	String	The indicator that was tested.
DBotScore.Vendor	String	The vendor used to calculate the score.
ReversingLabs.url_dynamic_analysis_results	Unknown	The URL dynamic analysis results.

Command example

!reversinglabs-titaniumcloud-get-url-dynamic-analysis-results url=http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt analysis_id=0f57134a-ecb8-4f8f-ad60-903b63bf8bc4 latest_analysis=false

Context Example

{

"DBotScore": {

"Indicator": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"Reliability": "C - Fairly reliable",

"Score": 1,

"Type": "url",

"Vendor": "ReversingLabs TitaniumCloud v2"

},

"InfoFile": {

"EntryID": "8959@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",

"Extension": "html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"Info": "html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"Name": "Dynamic analysis report file for URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"Size": 348681,

"Type": "ASCII text, with very long lines"

},

"ReversingLabs": {

"url_dynamic_analysis_results": {

"rl": {

"report": {

"analysis_duration": 166,

"analysis_id": "0f57134a-ecb8-4f8f-ad60-903b63bf8bc4",

"analysis_time": "2024-01-18T02:33:30",

"behavioral": [

{

"file_actions": [

{

"action_type": "file_opened",

"file_name": "tzres.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome.dll",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KsecDD",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Endpoint",

"file_path": "\\Device\\Afd",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tzres.dll.mui",

"file_path": "C:\\WINDOWS\\SYSTEM32\\en-US",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}",

"file_path": "\\DEVICE",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Users",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_200_percent.pak",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Secur32.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_100_percent.pak",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PROPSYS.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SSPICLI.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Local",

"file_path": "C:\\Users\\user\\AppData",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINMMBASE.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "user",

"file_path": "C:\\Users",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dhcpcsvc.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "Network Persistent State",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "TransportSecurity~RF29560.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_elf.dll",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "ff81d8f6-8d3c-47ae-8fd7-925ada68e204.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "TransportSecurity",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "113.0.5672.93",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntmarta.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Network Persistent State~RF29512.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AsyncConnectHlp",

"file_path": "\\Device\\Afd",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "VERSION.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Network Persistent State~RF37a23.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "RasAcd",

"file_path": "\\Device",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "IPHLPAPI.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "etc",

"file_path": "C:\\WINDOWS\\system32\\drivers",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AppData",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "f0e922b5-ad04-4bc2-ab8c-40e96d299d06.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hosts",

"file_path": "C:\\WINDOWS\\system32\\drivers\\etc",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "SCT Auditing Pending Reports~RF2696e.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "32e90c66-6d69-4e6e-8b26-a251eaa42ab8.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ole32.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UIAutomationCore.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DWrite.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "C:",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "SCT Auditing Pending Reports~RF268b3.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-US.pak",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Google",

"file_path": "C:\\Users\\user\\AppData\\Local",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NLAapi.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTBASE.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "USERENV.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mswsock.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINMM.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "SCT Auditing Pending Reports",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Nsi",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "fe60b991-49ae-459c-8360-27762fd34053.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dhcpcsvc6.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DNSAPI.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bcrypt.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINSPOOL.DRV",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icudtl.dat",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dbghelp.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}",

"file_path": "\\DEVICE",

"status": "object name not found"

},

{

"action_type": "file_opened",

"file_name": "v8_context_snapshot.bin",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINNSI.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINHTTP.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "resources.pak",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "crashpad_4464_DXVJSNHTQUJMXMSE",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rasadhlp.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "554b2999-c537-47d5-9ab6-a243b9192aec.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "\\KnownDlls\\DWrite.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\USER32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\combase.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\secur32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\Secur32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dbghelp.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\kernel.appcore.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dhcpcsvc.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ntmarta.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\msvcp_win.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\CRYPTBASE.DLL",

"module_tag": ""

},

{

"module_name": "unknown",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\OLEAUT32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\rasadhlp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\userenv.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\bcrypt.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\rasadhlp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winnsi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WS2_32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\nlaapi.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\ntmarta.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\UIAutomationCore.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\version.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\profapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\NSI.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\gdi32full.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\DWrite.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\USERENV.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\VERSION.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\cryptbase.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ucrtbase.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winmmbase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\DNSAPI.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\SSPICLI.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\ole32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\UIAutomationCore.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINMM.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\propsys.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\CRYPT32.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dhcpcsvc.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINNSI.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\sechost.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\cfgmgr32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\mswsock.dll",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\v8_context_snapshot.bin",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\bcrypt.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ADVAPI32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINTRUST.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\KERNELBASE.dll",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\bcryptPrimitives.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dbghelp.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\PROPSYS.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\shcore.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dnsapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\FLTLIB.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINHTTP.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\mswsock.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\winmmbase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\msvcrt.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\imm32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINSPOOL.DRV",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\windows.storage.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINMMBASE.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\KERNEL32.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\MSASN1.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\powrprof.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\shlwapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\win32u.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winmm.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dhcpcsvc6.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winhttp.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\RPCRT4.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\shell32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\IMM32.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\NLAapi.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\sspicli.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winspool.drv",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\IPHLPAPI.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\GDI32.dll",

"module_tag": ""

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "unknown",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2960:304:WilStaging_02",

"status": "success or wait"

}

],

"process": {

"name": "chrome.exe",

"parameters": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1816,i,13857433630562973425,11579335400417572304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8",

"parent_process_id": 4464,

"process_id": 2960

},

"registry_actions": [

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters",

"status": "pending",

"value": "",

"value_name": ""

}

]

},

{

"file_actions": [

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AutoIt3",

"file_path": "C:\\Program Files (x86)",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_elf.dll",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "113.0.5672.93",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "crashpad_5400_BFYJTIUXOZXDCSEH",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "VERSION.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTBASE.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntmarta.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "\\KnownDlls\\profapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\windows.storage.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\gdi32full.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\msvcp_win.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\KERNEL32.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\combase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\shcore.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\VERSION.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\shlwapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\sechost.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\cfgmgr32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\RPCRT4.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\cryptbase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ucrtbase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ntmarta.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ADVAPI32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\USER32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\KERNELBASE.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\CRYPTBASE.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\kernel.appcore.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\IMM32.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\bcryptPrimitives.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\win32u.dll",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\FLTLIB.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\ntmarta.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\SHELL32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\msvcrt.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\version.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\powrprof.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\imm32.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\GDI32.dll",

"module_tag": ""

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "unknown",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5400:304:WilStaging_02",

"status": "success or wait"

}

],

"process": {

"name": "chrome.exe",

"parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \"http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"parent_process_id": 4536,

"process_id": 5400

},

"process_actions": [

{

"action_type": "process_terminated",

"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",

"status": "success or wait"

},

{

"action_type": "process_created",

"path": "unknown",

"status": "success or wait"

}

],

"registry_actions": [

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_modified",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty",

"status": "success or wait",

"value": "NU LL ",

"value_name": "StatusCodes"

},

{

"action_type": "key_value_modified",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon",

"status": "success or wait",

"value": "2",

"value_name": "state"

}

]

},

{

"file_actions": [

{

"action_type": "file_opened",

"file_name": "AutoIt3",

"file_path": "C:\\Program Files (x86)",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "computed_hashes.json",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\hangout_services\\_metadata",

"status": "object path not found"

},

{

"action_type": "file_deleted",

"file_name": "lv",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "gu",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "upgrade-index",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.6768.3236221341262871307",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Local",

"file_path": "C:\\Users\\user~1\\AppData",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMApi",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Windows.UI.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARIAL.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Application",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "prefs.json",

"file_path": "C:\\Program Files\\Google\\GoogleUpdater",

"status": "object path not found"

},

{

"action_type": "file_deleted",

"file_name": "pl",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "VERSION.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Preferences~RF27e1f.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "km",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntshrui.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "lv",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "craw_window.css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SetupMetrics",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ro",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\uk",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KBDUS.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "en_US",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hu",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\tr",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AppData",

"file_path": "C:\\Users\\user",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zh_TW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\da",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ko",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ja",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF272c5.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_TW",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hi",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "verified_contents.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.9884927993438869709",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hu",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "nb",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tzres.dll.mui",

"file_path": "C:\\WINDOWS\\SYSTEM32\\en-US",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ml",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msvcp110_win.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Module Info Cache~RF2b04b.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "page_embed_script.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ja",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Preferences~RF368bd.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "computed_hashes.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF25bb2.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "113.0.5672.93",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "1.66.0_0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "id",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "af",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr_CA",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "vi",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cversions.1.db",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "de",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ca",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Tabs_13341351141015311",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "user~1",

"file_path": "C:\\Users",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cscui.dll",

"file_path": "C:\\WINDOWS\\System32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.9830066675901148501",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "Caches",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",

"status": "object name collision"

},

{

"action_type": "file_opened",

"file_name": "cryptsp.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dwmapi.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lt",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "b1ccf6d4-6223-4726-a8e3-ea766a35ff39.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403",

"file_path": "C:\\WINDOWS\\WinSxS",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "Preferences",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WindowsCodecsRaw.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "topbar_floating_button_maximize.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\si",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\de",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ur",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kk",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Users",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "gpapi.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dhcpcsvc.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "verified_contents.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ActXPrxy.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fil",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fil",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hy",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sortdefault.nls",

"file_path": "C:\\WINDOWS\\Globalization\\Sorting",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "gl",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fi",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "RTWorkQ.DLL",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tr",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "twinapi.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\tr",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "en-US.pak",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_PT",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\id",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zh_CN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ne",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "es_419",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "inetcomm.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\is",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dbghelp.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_locales",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "chrome_BITS_4464_1275025057",

"file_path": "C:\\Program Files",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pa",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.16657403304667141561",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ar",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "twinapi.appcore.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "BitsProxy.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bn",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "tr",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_200_percent.pak",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dlnashext.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "iw",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SSPICLI.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "fwbase.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cy",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sl",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WTSAPI32.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Module Info Cache~RF3756f.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ms",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sw",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MountPointManager",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRLs",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "eu",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARIALBI.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KERNEL32.DLL.mui",

"file_path": "C:\\WINDOWS\\System32\\en-US",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\bg",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\it",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF25cdb.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "computed_hashes.json",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\pdf\\_metadata",

"status": "object path not found"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF256ff.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pt_BR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_CN",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_PT",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lt",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "topbar_floating_button_pressed.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mscms.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DPAPI.dll",

"file_path": "C:\\WINDOWS\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\th",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.597526722011020277",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Local State~RF27c69.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "BrowserMetrics-65244C60-125C.pma",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Secur32.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ml",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "chrome_BITS_4464_1160353240",

"file_path": "C:\\Program Files",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_CA",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "topbar_floating_button_hover.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\eu",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "bcrypt.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ca",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lv",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF256e0.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "temp-index",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ka",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Caches",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wlanapi.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "it",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "000001.dbtmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\gdaefkejpgkiemlaofpalmlakkmbjdnl",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "default_apps",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "chrome_BITS_4464_1160353240",

"file_path": "C:\\Program Files",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARIALI.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF27277.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sr",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ta",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ru",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wpnapps.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "FirewallAPI.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_CN",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINHTTP.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.6408347921924087484",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "sRGB Color Space Profile.icm",

"file_path": "C:\\WINDOWS\\system32\\spool\\drivers\\color",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ta",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ko",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MSOHEVI.DLL",

"file_path": "C:\\PROGRA~1\\MICROS~1\\Office12",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_GB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF272a5.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IPHLPAPI.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sr",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sk",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "no",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "images",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "ef0ebb1a-af16-40a8-b462-7f58367a723f.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sv",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINSTA.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARIALBD.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\iw",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hr",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tbs.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "srmshell.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF262e6.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ka",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "lt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mn",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sk",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dxgi.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "USERENV.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sr",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\te",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "manifest.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF26bfe.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bfc3761f-a788-4a60-8860-db27b3bf6826",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\blob_storage",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome.dll",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "IMM32.DLL",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_BITS_4464_743776994",

"file_path": "C:\\Program Files",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fa",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "webcheck.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "craw_window.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "it",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fil",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Endpoint",

"file_path": "\\Device\\Afd",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "usermgrcli.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TIMESBI.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "te",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "stobject.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "manifest.json",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WorkfoldersShell.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ja",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\PersistentOriginTrials",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nb",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_16.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\az",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TIMES.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dataexchange.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_metadata",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DWrite.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ru",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\no",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "kn",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "21396532-59c8-445f-8958-2ec00a2eaf8f.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shellext.dll",

"file_path": "C:\\Program Files\\Windows Defender",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.6768.15204235271995857199",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\vi",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\de",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "th",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF272b5.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hi",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gu",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.16472181969836552073",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CoreUIComponents.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sl",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PCPKsp.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fi",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINMMBASE.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Certificates",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_HK",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MDMRegistration.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "computed_hashes.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db",

"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ntmarta.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF256ff.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fi",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zu",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_written",

"file_name": "unknown",

"file_path": "",

"status": "invalid handle"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\km",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.6768.11328892739696708463",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARIBLK.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "topbar_floating_button.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NLAapi.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wkssvc",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINMM.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wshext.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ro",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF272d4.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}",

"file_path": "\\DEVICE",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sr",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\my",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kn",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF27286.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "colorui.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "en_GB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "msoshext.dll",

"file_path": "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF25951.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "chrome_BITS_4464_743776994",

"file_path": "C:\\Program Files",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "manifest.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ar",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sv",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "topbar_floating_button_close.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTSP.dll",

"file_path": "C:\\WINDOWS\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "en_GB",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "nl",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "dc884606-ac61-47a5-a5bc-48b0aa09da61.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_BR",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ja",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "da",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINDOWS",

"file_path": "C:",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "lt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cs",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wab32.dll",

"file_path": "C:\\Program Files\\Common Files\\System",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\th",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_BITS_4464_1160353240",

"file_path": "C:\\Program Files",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "es",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_metadata",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es_419",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "lo",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Preferences~RF2f3ad.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CRYPTBASE.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TIMESI.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CTLs",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TPM",

"file_path": "",

"status": "object name not found"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "MMDevApi.dll",

"file_path": "C:\\WINDOWS\\System32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "Local State",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "trusted_vault.pb~RF26567.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "uk",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "_locales",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\et",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sl",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ne",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "user",

"file_path": "C:\\Users",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\et",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "todelete_68aa47498e871c55",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "html",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.6768.14971157679118795413",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pt_PT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "th",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\am",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "manifest.json",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\WidevineCdm",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.4007764809113624998",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Google",

"file_path": "C:\\Users\\user\\AppData\\Local",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fr",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.5565757489325583308",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "cryptext.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PROPSYS.dll.mui",

"file_path": "C:\\WINDOWS\\SYSTEM32\\en-US",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lo",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "c6edabb6-ec20-4a4e-9383-cae641afdc1a.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF272c5.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dhcpcsvc6.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "craw_background.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "the-real-index~RF2bb57.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "XmlLite.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CoreMessaging.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "cd7d8d4a-3c95-44cc-aab3-1bd9b1572265.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wintypes.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "mr",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pt_PT",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "trusted_vault.pb",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gl",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "PROPSYS.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF262c7.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.10638128438253861259",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fi",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ncrypt.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "my",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "eventpage_bin_prod.js",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "el",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "etc",

"file_path": "C:\\WINDOWS\\system32\\drivers",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\el",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ro",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "icon_128.png",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "dasherSettingSchema.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wlanapi.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "UIAutomationCore.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "USER32.dll.mui",

"file_path": "C:\\WINDOWS\\System32\\en-US",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "bg",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Secure Preferences~RF27de0.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "nmmhkkegccagdldgiimedpiccmgmieda",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "RMCLIENT.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.16434957911034825091",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hi",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "et",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "en",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\id",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "Secure Preferences",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hr",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CNG",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "tzres.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Local State~RF37531.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ca",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "26c0be8d-6788-4528-b222-7d81c12e24e6.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pl",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_100_percent.pak",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "preloaded_data.pb",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pt_BR",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "css",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "chrome_elf.dll",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sk",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "CMNotify",

"file_path": "\\Device\\DeviceApi",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "kk",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "appresolver.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "index~RF25cdb.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARIALN.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "hosts",

"file_path": "C:\\WINDOWS\\system32\\drivers\\etc",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mr",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "InputHost.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zh_TW",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\it",

"status": "success or wait"

},

{

"action_type": "file_created",

"file_name": "chrome_BITS_4464_743776994",

"file_path": "C:\\Program Files",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AppData",

"file_path": "C:\\Users\\user~1",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "wkscli.dll",

"file_path": "C:\\WINDOWS\\System32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "Module Info Cache",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hy",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF25bc2.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TextInputFramework.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "si",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "the-real-index",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fr",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.6768.4112476090139924661",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "el",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "crashpad_4464_DXVJSNHTQUJMXMSE",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "pl",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sw",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fr",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "KsecDD",

"file_path": "\\Device",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ms",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OneCoreUAPCommonProxyStub.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "uk",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "netutils.dll",

"file_path": "C:\\WINDOWS\\System32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.7285083756700285552",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bn",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "nl",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DMCmnUtils.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "index",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARIALNB.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zh_HK",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ghbmnnjooekpmoecnnnilnnbdlolhkhi",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "TIMESBD.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ur",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "d3d11.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "atlthunk.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sl",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NTASN1.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\el",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ru",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "manifest.fingerprint",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rpcss.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\da",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hr",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sv",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_TW",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "de",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "resources.pak",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "external_extensions.json",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\default_apps",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "COMCTL32.dll",

"file_path": "C:\\WINDOWS\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "BrowserMetrics-65A90BDD-1170.pma",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics",

"status": "cannot delete"

},

{

"action_type": "file_deleted",

"file_name": "be",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sk",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\uk",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARIALNI.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\af",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "R000000000013.clb",

"file_path": "C:\\WINDOWS\\Registration",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF2574d.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "chrome_shutdown_ms.txt",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "d2480ed6-5de2-4863-a1f6-04e0f239b467.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Local",

"file_path": "C:\\Users\\user\\AppData",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "et",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nl",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pa",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "computed_hashes.json",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\network_speech_synthesis\\_metadata",

"status": "object path not found"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_US",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ko",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "az",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "shell32.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cy",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "en_CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OLEACC.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "Session_13341351140337548",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ARIALNBI.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zu",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "b5a27007-5488-4fed-89ab-77b5a0a7fd13.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SEGUISB.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hi",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "flapper.gif",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}",

"file_path": "\\DEVICE",

"status": "object name not found"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF27277.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "c4cb84b2-d95d-4ddd-8db7-6ae006a2da1c.tmp",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "explorerframe.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ru",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_BR",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\nl",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fr_CA",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "uxtheme.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Windows.Media.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "fa",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "1.0.0.6_0",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hu",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "en",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "EhStorShell.dll",

"file_path": "C:\\Windows\\System32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\vi",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "is",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "LINKINFO.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "es_419",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mswsock.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "netapi32.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ca",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "da",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "am",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WINSPOOL.DRV",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en_GB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "computed_hashes.json",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\web_store\\_metadata",

"status": "object path not found"

},

{

"action_type": "file_opened",

"file_name": "C:",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "zh_CN",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.6768.6604557809140870167",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DEVOBJ.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ncryptprov.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "sv",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Google Chrome.lnk",

"file_path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "rsaenh.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "DSREG.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ro",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "vi",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ole32.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "AppContainerUserCertRead",

"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "mn",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "cs",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "directmanipulation.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "es",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lv",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "desktop.ini",

"file_path": "C:\\Program Files (x86)",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hu",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\cs",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "ColorAdapterClient.dll",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fil",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.6768.5186517594773466940",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es_419",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "hr",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "OLEACCRC.DLL",

"file_path": "C:\\WINDOWS\\SYSTEM32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pl",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "WindowsShell.Manifest",

"file_path": "C:\\WINDOWS",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "Nsi",

"file_path": "",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "craw_window.html",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\html",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "SEGOEUI.TTF",

"file_path": "C:\\WINDOWS\\FONTS",

"status": "success or wait"

},

{

"action_type": "file_moved",

"file_name": "LOG.old",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "dcomp.dll",

"file_path": "C:\\WINDOWS\\system32",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\be",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "messages.json",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bg",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "icudtl.dat",

"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "id",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.1477200718984232282",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_opened",

"file_name": "mojo.4464.2472.9824906432084518089",

"file_path": "\\pipe",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "LOG.old~RF25ba3.TMP",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database",

"status": "success or wait"

},

{

"action_type": "file_deleted",

"file_name": "ko",

"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",

"status": "success or wait"

}

],

"modules_loaded": [

{

"module_name": "\\KnownDlls\\DWrite.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dpapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\USER32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\combase.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\secur32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dsreg.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\rpcss.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winsta.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\Secur32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dbghelp.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\rsaenh.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\arial.ttf",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\kernel.appcore.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\uxtheme.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\devobj.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\twinapi.appcore.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\XmlLite.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dhcpcsvc.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\msvcp110_win.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\ExplorerFrame.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ntmarta.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\msvcp_win.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\MMDevApi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINSTA.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\ncryptprov.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\ariblk.ttf",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\PCPKsp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINHTTP.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\CRYPTBASE.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dcomp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\ARIALNB.TTF",

"module_tag": ""

},

{

"module_name": "unknown",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\OLEAUT32.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\d3d11.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wlanapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\usermgrcli.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\en-US\\kernel32.dll.mui",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\TextInputFramework.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\ncrypt.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\nlaapi.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\segoeui.ttf",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\MMDevAPI.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\actxprxy.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\ntmarta.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\SHELL32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\UIAutomationCore.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\CoreUIComponents.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\version.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\arialbi.ttf",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winhttp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\linkinfo.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\explorerframe.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ActXPrxy.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\mdmregistration.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\CoreUIComponents.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wpnapps.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\InputHost.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dwmapi.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\CoreMessaging.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Registration\\R000000000013.clb",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\RTWorkQ.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\profapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINSPOOL.DRV",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\gdi32full.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\wtsapi32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\uxtheme.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\shcore.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\USERENV.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\en-US\\user32.dll.mui",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\VERSION.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\Windows\\ThemeSection",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\mscms.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\cryptbase.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ucrtbase.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\SETUPAPI.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\NLAapi.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\coloradapterclient.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\mswsock.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\timesbd.ttf",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\SSPICLI.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\msvcp110_win.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\seguisb.ttf",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\ole32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\UIAutomationCore.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ncrypt.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\tbs.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403\\comctl32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\xmllite.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\twinapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dataexchange.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\MSCTF.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINMM.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\usermgrcli.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\gpapi.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\propsys.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\twinapi.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\tbs.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\oleacc.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\ariali.ttf",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\Windows.Media.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\Windows.UI.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\cryptsp.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\CRYPT32.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\Windows\\SharedSection",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\twinapi.appcore.dll",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dhcpcsvc.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\BitsProxy.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dxgi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WS2_32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\NSI.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\WinTypes.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\KBDUS.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\sechost.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\cfgmgr32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winmmbase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\clbcatq.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\DSREG.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\netutils.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\TextInputFramework.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\arialbd.ttf",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\en-US\\propsys.dll.mui",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ADVAPI32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINTRUST.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\KERNELBASE.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WTSAPI32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winmm.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ole32.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:10328",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\mscms.dll",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dwmapi.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\KBDUS.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\RMCLIENT.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dmcmnutils.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\bcrypt.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\FirewallAPI.dll",

"module_tag": ""

},

{

"module_name": "\\Windows\\Theme3268744372",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\netutils.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\ARIALNBI.TTF",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dbghelp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\netapi32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\PROPSYS.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\LINKINFO.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\DWrite.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\rmclient.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:402da",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\FLTLIB.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\BitsProxy.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wintypes.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\mswsock.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\cryptsp.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\winmmbase.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\msvcrt.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dcomp.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\imm32.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\wkscli.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\gpapi.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\FirewallAPI.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\Windows.Media.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\MDMRegistration.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\windows.storage.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\WINMMBASE.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\dxgi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\KERNEL32.DLL",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\Windows\\Theme1581511869",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\MSASN1.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\PCPKsp.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\powrprof.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\ARIALNI.TTF",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\CRYPTSP.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\win32u.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\bcryptPrimitives.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\DEVOBJ.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\directmanipulation.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\dhcpcsvc6.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\wpnapps.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\bcrypt.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\OneCoreUAPCommonProxyStub.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\atlthunk.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\RTWorkQ.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\userenv.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\SHLWAPI.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\InputHost.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\Windows.UI.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ColorAdapterClient.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\RPCRT4.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\d3d11.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\ncryptprov.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\CoreMessaging.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\wlanapi.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\IMM32.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\atlthunk.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\sspicli.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\winspool.drv",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\fwbase.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\WindowsShell.Manifest",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\DataExchange.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\OLEACC.dll",

"module_tag": ""

},

{

"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\DMCmnUtils.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\fwbase.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\timesbi.ttf",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\IPHLPAPI.DLL",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\ntasn1.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\rsaenh.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\oleaccrc.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\ARIALN.TTF",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\netapi32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\directmanipulation.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\wkscli.dll",

"module_tag": ""

},

{

"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll",

"module_tag": ""

},

{

"module_name": "C:\\Windows\\Fonts\\timesi.ttf",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\DPAPI.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\GDI32.dll",

"module_tag": ""

},

{

"module_name": "\\KnownDlls\\NTASN1.dll",

"module_tag": ""

}

],

"mutex_actions": [

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4464:120:WilError_01",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "unknown",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!",

"status": "success or wait"

},

{

"action_type": "mutex_created",

"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4464:304:WilStaging_02",

"status": "success or wait"

}

],

"process": {

"name": "chrome.exe",

"parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --start-maximized \"about:blank",

"parent_process_id": 4536,

"process_id": 4464

},

"process_actions": [

{

"action_type": "process_created",

"path": "unknown",

"status": "success or wait"

},

{

"action_type": "process_terminated",

"path": "unknown",

"status": "process is terminating"

},

{

"action_type": "process_created",

"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",

"status": "success or wait"

}

],

"registry_actions": [

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\PriorityControl",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_modified",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon",

"status": "success or wait",

"value": "2",

"value_name": "state"

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_modified",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics",

"status": "success or wait",

"value": "0",

"value_name": "user_experience_metrics.stability.exited_cleanly"

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_deleted",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_created",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings",

"status": "success or wait",

"value": "1741B0A8517BEBEA259AF9047ECAAEFB3246AD31AF1113DAD021745EB94724CC",

"value_name": "ahfgeienlihckogmohjhadlkjgocpleb"

},

{

"action_type": "key_value_modified",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault",

"status": "success or wait",

"value": "26 F2 46 FA CC 6D 2F 00 ",

"value_name": "S-1-5-21-987036132-2528391375-4088684000-1001"

},

{

"action_type": "key_monitored",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_CURRENT_USER\\Control Panel\\Cursors",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Chrome\\Extensions",

"status": "object name not found",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_created",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault",

"status": "success or wait",

"value": "42 43 17 FA CC 6D 2F 00 ",

"value_name": "S-1-5-21-987036132-2528391375-4088684000-1001"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_created",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_created",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96}",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_created",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_modified",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty",

"status": "success or wait",

"value": "NU LL ",

"value_name": "StatusCodes"

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_modified",

"key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry",

"status": "success or wait",

"value": "AF AD E5 C6 01 4A DA 01 ",

"value_name": "TraceTimeLast"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_created",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default",

"status": "success or wait",

"value": "AC35DEE0912DD800572E8342460606D73D3EA35BDF0C54722EE54206F8552A2F",

"value_name": "prefs.preference_reset_time"

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_modified",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}",

"status": "success or wait",

"value": "13350051039534355",

"value_name": "lastrun"

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_deleted",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\FirstNotDefault",

"status": "success or wait",

"value": "",

"value_name": "S-1-5-21-987036132-2528391375-4088684000-1001"

},

{

"action_type": "key_value_deleted",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default",

"status": "object name not found",

"value": "",

"value_name": "extensions.settings"

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_created",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_value_modified",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default",

"status": "success or wait",

"value": "81046E921B34925EF9312C9A62CC5AFFB0D63E7CA2C13AC486278B291F7C08F2",

"value_name": "media.cdm.origin_data"

},

{

"action_type": "key_opened",

"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings",

"status": "success or wait",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions",

"status": "pending",

"value": "",

"value_name": ""

},

{

"action_type": "key_monitored",

"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",

"status": "pending",

"value": "",

"value_name": ""

}

]

}

],

"classification": "NO_THREATS_FOUND",

"configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11",

"md5": "",

"memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/01b57da1914cff3920cf2ce6ae03001a3ba8e76f_0f57134a-ecb8-4f8f-ad60-903b63bf8bc4_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024259Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d53fcc0454ee985a12bea8ef65dbb4ed5f8d7f13c51332e4968ac735fd2cb8c0",

"mitre_attack": {

"matrix_list": [

{

"name": "Enterprise",

"tactics": {

"tactic_list": [

{

"id": "TA0005",

"name": "Defense Evasion",

"techniques": {

"technique_list": [

{

"id": "T1055",

"name": "Process Injection"

},

{

"id": "T1036",

"name": "Masquerading"

}

]

}

},

{

"id": "TA0007",

"name": "Discovery",

"techniques": {

"technique_list": [

{

"id": "T1046",

"name": "Network Service Scanning"

}

]

}

},

{

"id": "TA0011",

"name": "Command and Control",

"techniques": {

"technique_list": [

{

"id": "T1071",

"name": "Application Layer Protocol"

},

{

"id": "T1095",

"name": "Non-Application Layer Protocol"

},

{

"id": "T1105",

"name": "Ingress Tool Transfer"

},

{

"id": "T1573",

"name": "Encrypted Channel"

}

]

}

}

]

}

}

]

},

"network": {

"dns": [

{

"address": "none",

"process_id": 2960,

"type": "65",

"value": "www.google.com"

},

{

"address": "142.250.186.36",

"process_id": 2960,

"type": "A (IP address)",

"value": "www.google.com"

},

{

"address": "none",

"process_id": 2960,

"type": "65",

"value": "clients2.google.com"

},

{

"address": "none",

"process_id": 2960,

"type": "A (IP address)",

"value": "wpad.example.org"

},

{

"address": "37.72.184.59",

"process_id": 2960,

"type": "A (IP address)",

"value": "classicairjordanshoes.com"

},

{

"address": "none",

"process_id": 2960,

"type": "65",

"value": "classicairjordanshoes.com"

},

{

"address": "142.250.27.84",

"process_id": 2960,

"type": "A (IP address)",

"value": "accounts.google.com"

},

{

"address": "142.250.186.110",

"process_id": 2960,

"type": "A (IP address)",

"value": "clients2.google.com"

},

{

"address": "none",

"process_id": 2960,

"type": "65",

"value": "accounts.google.com"

}

],

"http": [

{

"method": "GET",

"process_id": 2960,

"url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt"

}

],

"tcp": [

{

"destination_ip": "142.250.186.110",

"destination_port": 443,

"process_id": 2960

},

{

"destination_ip": "37.72.184.59",

"destination_port": 80,

"process_id": 2960

},

{

"destination_ip": "142.250.27.84",

"destination_port": 443,

"process_id": 2960

},

{

"destination_ip": "142.250.186.36",

"destination_port": 443,

"process_id": 2960

}

],

"udp": [

{

"destination_ip": "8.8.8.8",

"destination_port": 53,

"process_id": 2960

},

{

"destination_ip": "239.255.255.250",

"destination_port": 1900,

"process_id": 4464

},

{

"destination_ip": "8.8.4.4",

"destination_port": 53,

"process_id": 2960

}

],

"url": [

{

"source": "network",

"url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt"

}

]

},

"pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/01b57da1914cff3920cf2ce6ae03001a3ba8e76f_0f57134a-ecb8-4f8f-ad60-903b63bf8bc4_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024258Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=1e09709a9d68055c3a631f515f253d01b57e6ee797790d89f0e4c198a86eb270",

"platform": "windows10",

"process_tree": [

{

"name": "chrome.exe",

"parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --start-maximized \"about:blank",

"parent_process_id": 4536,

"process_id": 4464

},

{

"name": "chrome.exe",

"parameters": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1816,i,13857433630562973425,11579335400417572304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8",

"parent_process_id": 4464,

"process_id": 2960

},

{

"name": "chrome.exe",

"parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \"http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",

"parent_process_id": 4536,

"process_id": 5400

}

],

"risk_score": 0,

"screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/01b57da1914cff3920cf2ce6ae03001a3ba8e76f_0f57134a-ecb8-4f8f-ad60-903b63bf8bc4_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024259Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=28da467b004a3d9f270379b1440b6d155247d7351acf0c03074cbfe4b36b18f6",

"sha256": "",

"signatures": [

{

"description": "Downloads files from web servers via HTTP",

"risk_factor": 5,

"sig_id": 349

},

{

"description": "Performs DNS lookups",

"risk_factor": 5,

"sig_id": 353

},

{

"description": "Classification label",

"risk_factor": 5,

"sig_id": 420

},

{

"description": "Uses HTTPS",

"risk_factor": 5,

"sig_id": 392

},

{

"description": "Sends SSDP (simple service discovery protocol) broadcast queries",

"risk_factor": 5,

"sig_id": 447

},

{

"description": "Uses HTTPS for network communication",

"risk_factor": 5,

"sig_id": 1549

},

{

"description": "Creates files inside the program directory",

"risk_factor": 5,

"sig_id": 1143

},

{

"description": "Performs connections to IPs without corresponding DNS lookups",

"risk_factor": 5,

"sig_id": 472

},

{

"description": "Spawns processes",

"risk_factor": 5,

"sig_id": 1271

},

{

"description": "Creates a directory in C:\\Program Files",

"risk_factor": 0,

"sig_id": 1665

}

],

"threat_names": [

{

"threat_name": "Unknown"

}

],

"warnings": [

"Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe",

"Excluded IPs from analysis (whitelisted): 142.250.186.131, 34.104.35.123, 142.250.181.227",

"Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, dl.google.com, update.googleapis.com, clientservices.googleapis.com",

"Not all processes where analyzed, report is missing behavior information"

]

},

"requested_base64_url": "01b57da1914cff3920cf2ce6ae03001a3ba8e76f",

"requested_id": "0f57134a-ecb8-4f8f-ad60-903b63bf8bc4"

}

}

},

"URL": {

"Data": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt"

}

}

Human Readable Output

ReversingLabs URL Dynamic Analysis output for URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt

Classification: NO_THREATS_FOUND URL SHA1: None URL BASE64: None Last analysis: None

Full report is returned as JSON in a downloadable file

reversinglabs-titaniumcloud-customer-usage-data

---

Check API usage data for a single user or the whole company.

Base Command

reversinglabs-titaniumcloud-customer-usage-data

Input

Argument Name	Description	Required
data_type	Select the type of API usage data that will be returned. Options are DAILY USAGE, MONTHLY USAGE, DATE RANGE USAGE and QUOTA LIMITS. Possible values are: DAILY USAGE, MONTHLY USAGE, DATE RANGE USAGE, QUOTA LIMITS.	Required
whole_company	Return usage data for the whole company. Possible values are: true, false.	Optional
from	Starting day/month. Used only with DAILY USAGE and MONTHLY USAGE. In case of DAILY USAGE, the format is yyyy-MM-dd. In case of MONTHLY USAGE, the format is yyyy-MM. Mutually exclusive with single_time_unit.	Optional
to	Ending day/month. Used only with DAILY USAGE and MONTHLY USAGE. In case of DAILY USAGE, the format is yyyy-MM-dd. In case of MONTHLY USAGE, the format is yyyy-MM. Mutually exclusive with single_time_unit.	Optional
single_time_unit	Return usage data only for this day/month. Used only with DAILY USAGE and MONTHLY USAGE. In case of DAILY USAGE, the format is yyyy-MM-dd. In case of MONTHLY USAGE, the format is yyyy-MM. Mutually exclusive with from and to.	Optional

Context Output

Path	Type	Description
ReversingLabs.customer_usage_data	Unknown	API usage data.

Command example

!reversinglabs-titaniumcloud-customer-usage-data data_type="MONTHLY USAGE" whole_company="false"

Context Example

{

"ReversingLabs": {

"customer_usage_data": {

"rl": {

"month": "2024-06",

"usage_report": [

{

"number_of_queries": 22,

"product": "TCA-0101 File Reputation"

},

{

"number_of_queries": 11,

"product": "TCA-0104 File Analysis - Hash"

},

{

"number_of_queries": 3,

"product": "TCA-9999"

}

]

}

}

}

}

Human Readable Output

ReversingLabs MONTHLY USAGE data for u/user

Results for the whole company: False

Usage data

month	usage_report
2024-06	{'product': 'TCA-0101 File Reputation', 'number_of_queries': 22}, {'product': 'TCA-0104 File Analysis - Hash', 'number_of_queries': 11}, {'product': 'TCA-9999', 'number_of_queries': 3}

reversinglabs-titaniumcloud-customer-usage-yara

---

Return the number of active YARA rulesets for the TitaniumCloud account.

Base Command

reversinglabs-titaniumcloud-customer-usage-yara

Input

There are no input arguments for this command.

Context Output

Path	Type	Description
ReversingLabs.customer_usage_yara	Unknown	Number of active YARA rulesets.

Command example

!reversinglabs-titaniumcloud-customer-usage-yara

Context Example

{

"ReversingLabs": {

"customer_usage_yara": {

"rl": {

"number_of_active_rulesets": 3,

"product": "TCA-0303 Yara Hunting"

}

}

}

}

Human Readable Output

ReversingLabs active YARA rulesets for rl/msever

Results

number_of_active_rulesets	product
3	TCA-0303 Yara Hunting