Skip to main content

ReversingLabs TitaniumCloud v2

This Integration is part of the ReversingLabs TitaniumCloud Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

ReversingLabs TitaniumCloud provides threat analysis data from various ReversingLabs cloud services.

Configure ReversingLabs TitaniumCloud v2 on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for ReversingLabs TitaniumCloud v2.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    ReversingLabs TitaniumCloud URLTrue
    CredentialsTrue
    PasswordTrue
    ReliabilityFalse
    Verify certificatesFalse
    HTTP proxy address with the protocol and port number.False
    HTTP proxy usernameFalse
    HTTP proxy passwordFalse
    HTTPS proxy address with the protocol and port number.False
    HTTPS proxy usernameFalse
    HTTPS proxy passwordFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

reversinglabs-titaniumcloud-file-reputation#


Retrieve File Reputation data from TitaniumCloud

Base Command#

reversinglabs-titaniumcloud-file-reputation

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.MD5UnknownBad hash found
File.SHA1UnknownBad hash SHA1
File.SHA256UnknownBad hash SHA256
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.file_reputationUnknown

Command example#

!reversinglabs-titaniumcloud-file-reputation hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Reliability": "C - Fairly reliable",
"Score": 3,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"Malicious": {
"Description": "antivirus - Win32.Ransomware.Tox",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"ReversingLabs": {
"file_reputation": {
"rl": {
"malware_presence": {
"classification": {
"family_name": "Tox",
"is_generic": false,
"platform": "Win32",
"type": "Ransomware"
},
"first_seen": "2015-05-30T22:04:00",
"last_seen": "2023-06-06T16:16:58",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"query_hash": {
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
"reason": "antivirus",
"scanner_count": 34,
"scanner_match": 32,
"scanner_percent": 94.11764526367188,
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"status": "MALICIOUS",
"threat_level": 5,
"threat_name": "Win32.Ransomware.Tox",
"trust_factor": 5
}
}
}
}
}

Human Readable Output#

ReversingLabs File Reputation for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

Classification: MALICIOUS Classification reason: antivirus First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:16:58 AV scanner hits / total number of scanners: 32 / 34 AV scanner hit percentage: 94.11764526367188% MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 Threat name: Win32.Ransomware.Tox Threat level: 5

reversinglabs-titaniumcloud-av-scanners#


Retrieve AV Scanner data from TitaniumCloud.

Base Command#

reversinglabs-titaniumcloud-av-scanners

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.MD5UnknownBad hash found
File.SHA1UnknownBad hash SHA1
File.SHA256UnknownBad hash SHA256
ReversingLabs.av_scannersUnknown

Command example#

!reversinglabs-titaniumcloud-av-scanners hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Score": 0,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"ReversingLabs": {
"av_scanners": {
"rl": {
"sample": {
"first_scanned_on": "2015-05-30T22:04:00",
"first_seen_on": "2015-05-30T22:04:00",
"last_scanned_on": "2023-06-06T16:15:00",
"last_seen_on": "2023-06-06T16:15:00",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"ripemd160": "d26f686b6af13b9073f77a1ba5a7b610934dc625",
"sample_size": 636416,
"sample_type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed",
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"sha384": "e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be",
"sha512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",
"single_scan": false,
"xref": [
{
"results": [
{
"result": "[TROJAN] Trojan/Win32.Toxic.R150440",
"scanner": "scanner1"
},
{
"result": "detected",
"scanner": "scanner2"
},
{
"result": "Win32:Malware-gen",
"scanner": "scanner3"
},
{
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C",
"scanner": "scanner4"
},
{
"result": "trojan",
"scanner": "scanner5"
},
{
"result": "PUA.Win.Packer.UpxProtector-1",
"scanner": "scanner6"
},
{
"result": "win/malicious_confidence_100",
"scanner": "scanner7"
},
{
"result": "malware.confidence_100",
"scanner": "scanner8"
},
{
"result": "Trojan.Encoder.1155",
"scanner": "scanner9"
},
{
"result": "malicious (moderate confidence)",
"scanner": "scanner10"
},
{
"result": "Detected",
"scanner": "scanner11"
},
{
"result": "W32/ToxKrypt.A!tr",
"scanner": "scanner12"
},
{
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C",
"scanner": "scanner13"
},
{
"result": "Trojan.Win32.Filecoder",
"scanner": "scanner15"
},
{
"result": "Trojan (0055e3ef1)",
"scanner": "scanner16"
},
{
"result": "Generic.Malware/Suspicious",
"scanner": "scanner17"
},
{
"result": "Ransom-Tox!11B48E409D96 (trojan)",
"scanner": "scanner18"
},
{
"result": "Ransom-Tox!11B48E409D96 (trojan)",
"scanner": "scanner19"
},
{
"result": "Artemis!3133C2231FCE (trojan)",
"scanner": "scanner20"
},
{
"result": "Ransom:Win32/Tocrypt.B",
"scanner": "scanner21"
},
{
"result": "Ransom:Win32/Tocrypt.B",
"scanner": "scanner22"
},
{
"result": "Trj/Genetic.gen",
"scanner": "scanner23"
},
{
"result": "Trj/Genetic.gen",
"scanner": "scanner24"
},
{
"result": "",
"scanner": "scanner25"
},
{
"result": "Ransom.Tocrypt!8.53B6",
"scanner": "scanner26"
},
{
"result": "Malware.Undefined!8.C",
"scanner": "scanner27"
},
{
"result": "DFI - Suspicious PE",
"scanner": "scanner28"
},
{
"result": "",
"scanner": "scanner29"
},
{
"result": "Mal/Generic-R",
"scanner": "scanner30"
},
{
"result": "Trojan.Gen.2",
"scanner": "scanner31"
},
{
"result": "Trojan.Gen.2",
"scanner": "scanner32"
},
{
"result": "TROJ_CRYPTOX.T",
"scanner": "scanner33"
},
{
"result": "TROJ_CRYPTOX.T",
"scanner": "scanner34"
},
{
"result": "SScope.Malware-Cryptor.Toxic",
"scanner": "scanner35"
}
],
"scanned_on": "2023-06-06T16:15:00",
"scanner_count": 37,
"scanner_match": 32,
"scanners": [
{
"name": "scanner1",
"timestamp": "2023-06-06T12:15:00",
"version": "scanner_version1"
},
{
"name": "scanner2",
"timestamp": "2023-06-06T14:55:00",
"version": "scanner_version2"
},
{
"name": "scanner3",
"timestamp": "2023-06-06T15:26:00",
"version": "scanner_version3"
},
{
"name": "scanner4",
"timestamp": "2023-06-06T15:44:00",
"version": "scanner_version4"
},
{
"name": "scanner5",
"timestamp": "2023-06-06T16:03:00",
"version": "scanner_version5"
},
{
"name": "scanner6",
"timestamp": "2023-06-06T09:09:00",
"version": "scanner_version6"
},
{
"name": "scanner7",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version7"
},
{
"name": "scanner8",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version8"
},
{
"name": "scanner9",
"timestamp": "2023-06-06T15:06:00",
"version": "scanner_version9"
},
{
"name": "scanner10",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version10"
},
{
"name": "scanner11",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version11"
},
{
"name": "scanner12",
"timestamp": "2023-06-06T15:06:00",
"version": "scanner_version12"
},
{
"name": "scanner13",
"timestamp": "2023-06-06T15:28:00",
"version": "scanner_version13"
},
{
"name": "scanner14",
"timestamp": "2023-06-06T15:25:00",
"version": "scanner_version14"
},
{
"name": "scanner15",
"timestamp": "2023-06-06T14:31:00",
"version": "scanner_version15"
},
{
"name": "scanner16",
"timestamp": "2023-06-06T15:44:00",
"version": "scanner_version16"
},
{
"name": "scanner17",
"timestamp": "2023-06-06T16:05:00",
"version": "scanner_version17"
},
{
"name": "scanner18",
"timestamp": "2023-06-06T15:46:00",
"version": "scanner_version18"
},
{
"name": "scanner19",
"timestamp": "2023-06-06T01:34:00",
"version": "scanner_version19"
},
{
"name": "scanner20",
"timestamp": "2023-06-06T15:46:00",
"version": "scanner_version20"
},
{
"name": "scanner21",
"timestamp": "2023-06-06T10:11:00",
"version": "scanner_version21"
},
{
"name": "scanner22",
"timestamp": "2023-06-06T12:28:00",
"version": "scanner_version22"
},
{
"name": "scanner23",
"timestamp": "2023-06-06T12:28:00",
"version": "scanner_version23"
},
{
"name": "scanner24",
"timestamp": "2023-06-06T15:00:00",
"version": "scanner_version24"
},
{
"name": "scanner25",
"timestamp": "2023-06-06T15:00:00",
"version": "scanner_version25"
},
{
"name": "scanner26",
"timestamp": "2023-06-05T23:53:00",
"version": "scanner_version26"
},
{
"name": "scanner27",
"timestamp": "2023-06-06T11:13:00",
"version": "scanner_version27"
},
{
"name": "scanner28",
"timestamp": "2023-06-06T11:13:00",
"version": "scanner_version28"
},
{
"name": "scanner29",
"timestamp": "2023-06-06T16:08:00",
"version": "scanner_version29"
},
{
"name": "scanner30",
"timestamp": "2023-06-06T16:08:00",
"version": "scanner_version30"
},
{
"name": "scanner31",
"timestamp": "2023-06-06T12:00:00",
"version": "scanner_version31"
},
{
"name": "scanner32",
"timestamp": "2023-06-06T11:53:00",
"version": "scanner_version32"
},
{
"name": "scanner33",
"timestamp": "2023-06-06T14:29:00",
"version": "scanner_version33"
},
{
"name": "scanner34",
"timestamp": "2023-06-06T11:53:00",
"version": "scanner_version34"
},
{
"name": "scanner35",
"timestamp": "2023-06-06T15:43:00",
"version": "scanner_version35"
},
{
"name": "scanner36",
"timestamp": "2023-06-06T15:43:00",
"version": "scanner_version36"
},
{
"name": "scanner37",
"timestamp": "2023-06-06T11:01:00",
"version": "scanner_version37"
}
]
}
]
}
}
}
}
}

Human Readable Output#

ReversingLabs AV Scan results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

First scanned on: 2015-05-30T22:04:00 First seen on: 2015-05-30T22:04:00 Last scanned on: 2023-06-06T16:15:00 Last seen on: 2023-06-06T16:15:00 Sample size: 636416 bytes Sample type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 SHA-512 hash: 205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f SHA-384 hash: e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be RIPEMD-160 hash: d26f686b6af13b9073f77a1ba5a7b610934dc625 Scanner count: 37 Scanner match: 32

Latest scan results#

resultscanner
[TROJAN] Trojan/Win32.Toxic.R150440scanner1
detectedscanner2
Win32:Malware-genscanner3
DeepScan:Generic.Ransom.WCryG.5BC9065Cscanner4
trojanscanner5
PUA.Win.Packer.UpxProtector-1scanner6
win/malicious_confidence_100scanner7
malware.confidence_100scanner8
Trojan.Encoder.1155scanner9
malicious (moderate confidence)scanner10
Detectedscanner11
W32/ToxKrypt.A!trscanner12
DeepScan:Generic.Ransom.WCryG.5BC9065Cscanner13
Trojan.Win32.Filecoderscanner14
Trojan (0055e3ef1)scanner15
Generic.Malware/Suspiciousscanner16
Ransom-Tox!11B48E409D96 (trojan)scanner17
Ransom-Tox!11B48E409D96 (trojan)scanner18
Artemis!3133C2231FCE (trojan)scanner19
Ransom:Win32/Tocrypt.Bscanner20
Ransom:Win32/Tocrypt.Bscanner21
Trj/Genetic.genscanner22
Trj/Genetic.genscanner23
scanner24
Ransom.Tocrypt!8.53B6scanner25
Malware.Undefined!8.Cscanner26
DFI - Suspicious PEscanner27
scanner28
Mal/Generic-Rscanner29
Trojan.Gen.2scanner30
Trojan.Gen.2scanner31
TROJ_CRYPTOX.Tscanner32
TROJ_CRYPTOX.Tscanner33
SScope.Malware-Cryptor.Toxicscanner34

reversinglabs-titaniumcloud-file-analysis#


Retrieve File Analysis by hash data from TitaniumCloud.

Base Command#

reversinglabs-titaniumcloud-file-analysis

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.MD5UnknownBad hash found
File.SHA1UnknownBad hash SHA1
File.SHA256UnknownBad hash SHA256
ReversingLabs.file_analysisUnknown

Command example#

!reversinglabs-titaniumcloud-file-analysis hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Score": 0,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"InfoFile": {
"EntryID": "7642@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "File Analysis report file for hash 21841b32c6165b27dddbd4d6eb3a672defe54271",
"Size": 422187,
"Type": "ASCII text, with very long lines"
},
"ReversingLabs": {
"file_analysis": {
"rl": {
"sample": {
"analysis": {
"entries": [
{
"analysis_type": "TC_REPORT",
"analysis_version": "3.0.1",
"record_time": "2021-06-17T14:15:17",
"tc_report": {
"info": {
"file": {
"file_subtype": "Exe",
"file_type": "PE"
},
"identification": {
"name": "UPX"
},
"validation": {
"valid": true
}
},
"interesting_strings": [
{
"category": "mailto",
"values": [
"O@0.0.0.2",
"d9@0.0.0.46",
"t@0.0.0.99"
]
}
],
"metadata": {
"application": {
"pe": {
"dos_header": {
"e_cblp": 3,
"e_cp": 0,
"e_cparhdr": 0,
"e_crlc": 4,
"e_cs": 64,
"e_csum": 0,
"e_ip": 0,
"e_lfanew": 128,
"e_lfarlc": 0,
"e_maxalloc": 0,
"e_minalloc": 65535,
"e_oemid": 0,
"e_oeminfo": 0,
"e_ovno": 0,
"e_res": "0000000000000000",
"e_res2": "0000000000000000000000000000000000000000",
"e_sp": 0,
"e_ss": 184,
"has_rich_header": true
},
"file_header": {
"characteristics": 783,
"machine": 332,
"number_of_sections": 3,
"number_of_symbols": 0,
"pointer_to_symbol_table": 0,
"size_of_optional_headers": 224,
"time_date_stamp": 1432851937,
"time_date_stamp_decoded": "Thu May 28 22:25:37 2015"
},
"imports": [
{
"apis": [
"CryptHashData"
],
"name": "ADVAPI32.dll"
},
{
"apis": [
"LoadLibraryA",
"GetProcAddress",
"VirtualProtect",
"VirtualAlloc",
"VirtualFree",
"ExitProcess"
],
"name": "KERNEL32.DLL"
},
{
"apis": [
"ShellExecuteA"
],
"name": "SHELL32.DLL"
},
{
"apis": [
"wsprintfA"
],
"name": "USER32.dll"
},
{
"apis": [
"InternetOpenA"
],
"name": "WININET.DLL"
},
{
"apis": [
"bind"
],
"name": "WS2_32.dll"
},
{
"apis": [
"_iob"
],
"name": "msvcrt.dll"
}
],
"optional_header": {
"address_of_entry_point": 2497408,
"base_of_code": 1880064,
"base_of_data": 2498560,
"checksum": 0,
"data_directories": [
{
"address": 0,
"size": 0
},
{
"address": 2515688,
"size": 480
},
{
"address": 2498560,
"size": 17128
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 2497904,
"size": 24
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
}
],
"dll_characteristics": 0,
"file_alignment": 512,
"image_base": 4194304,
"is_checksum_valid": false,
"loader_flags": 0,
"major_image_version": 1,
"major_linker_version": 2,
"major_os_version": 4,
"major_subsystem_version": 4,
"minor_image_version": 0,
"minor_linker_version": 24,
"minor_os_version": 0,
"minor_subsystem_version": 0,
"number_of_rva_and_sizes": 16,
"section_alignment": 4096,
"size_of_code": 618496,
"size_of_headers": 4096,
"size_of_heap_commit": 4096,
"size_of_heap_reserve": 1048576,
"size_of_image": 2519040,
"size_of_initialized_data": 20480,
"size_of_stack_commit": 4096,
"size_of_stack_reserve": 2097152,
"size_of_uninitialized_data": 1875968,
"subsystem": 2,
"win32_version_value": 0
},
"resources": [
{
"code_page": 0,
"language_id": 1033,
"language_id_name": "English - United States",
"name": "1",
"offset": 618664,
"size": 16936,
"type": "RT_ICON"
},
{
"code_page": 0,
"language_id": 1033,
"language_id_name": "English - United States",
"name": "A",
"offset": 635604,
"size": 20,
"type": "RT_GROUP_ICON"
}
],
"sections": [
{
"address": 4096,
"flags": 3758096512,
"name": "UPX0",
"offset": 512,
"size": 0
},
{
"address": 1880064,
"flags": 3758096448,
"name": "UPX1",
"offset": 512,
"size": 617984
},
{
"address": 2498560,
"flags": 3221225536,
"name": ".rsrc",
"offset": 618496,
"size": 17920
}
]
}
}
},
"story": "This file (SHA1: 21841b32c6165b27dddbd4d6eb3a672defe54271) is a 32-bit portable executable application. Additionally, it was identified as UPX 0.60-3.x executable packer, and unpacking was successful. The application uses the Windows graphical user interface (GUI) subsystem, while the language used is English from United States. Cryptography related data was found in the file. This application has access to networking and running processes and has cryptography and security related capabilities. There is one extracted file."
}
}
]
},
"crc32": "8704451d",
"dynamic_analysis": {
"entries": [
{
"dynamic_analysis_report_joe_sandbox": {
"analysed_on": "2023-05-18T11:55:15",
"joe_sandbox_version": "34.0.0",
"summary": {
"mutexes": [
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:168:WilStaging_02",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh",
"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:64:WilError_01",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:64:WilError_01",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:168:WilStaging_02",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:168:WilStaging_02",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:64:WilError_01",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem"
]
}
}
},
{
"dynamic_analysis_report": {
"analysed_on": "2021-03-04T09:12:25",
"cuckoo_version": "2.0",
"summary": {
"mutexes": [
"gcc-shmem-tdm2-mxattr_recursive_shmem",
"gcc-shmem-tdm2-_pthread_key_sch_shmem",
"gcc-shmem-tdm2-sjlj_once",
"gcc-shmem-tdm2-_pthread_key_dest_shmem",
"gcc-shmem-tdm2-pthr_root_shmem",
"gcc-shmem-tdm2-idListMax_shmem",
"gcc-shmem-tdm2-global_lock_spinlock",
"gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"gcc-shmem-tdm2-idListCnt_shmem",
"gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"gcc-shmem-tdm2-idList_shmem",
"gcc-shmem-tdm2-mutex_global_shmem",
"gcc-shmem-tdm2-rwl_global_shmem",
"gcc-shmem-tdm2-mutex_global_static_shmem",
"gcc-shmem-tdm2-_pthread_key_max_shmem",
"gcc-shmem-tdm2-idListNextId_shmem",
"gcc-shmem-tdm2-_pthread_tls_shmem",
"gcc-shmem-tdm2-_pthread_tls_once_shmem",
"toxcrypt",
"gcc-shmem-tdm2-fc_key",
"gcc-shmem-tdm2-once_global_shmem",
"gcc-shmem-tdm2-_pthread_key_lock_shmem",
"gcc-shmem-tdm2-init",
"gcc-shmem-tdm2-use_fc_key",
"gcc-shmem-tdm2-once_obj_shmem"
]
}
}
}
]
},
"imphash": "ff43c5463f31cbd4000b19e8beed1ef0",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"relationships": {
"container_sample_sha1": [
"50267628309d0e320d6ed25b198bb9a9a6181535",
"0656564814da810938c100e7fef5bf14cc8fa691",
"21841b32c6165b27dddbd4d6eb3a672defe54271",
"f0d94e01b7c39bcd7fbf901811bfc7d8ea49bc11"
],
"parent_sample_sha1": [
"0656564814da810938c100e7fef5bf14cc8fa691",
"f0d94e01b7c39bcd7fbf901811bfc7d8ea49bc11",
"50267628309d0e320d6ed25b198bb9a9a6181535"
]
},
"ripemd160": "d26f686b6af13b9073f77a1ba5a7b610934dc625",
"sample_size": 636416,
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"sha384": "e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be",
"sha512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",
"sources": {
"entries": [
{
"properties": [
{
"name": "file_name",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"
}
],
"record_time": "2021-06-17T14:14:37",
"tag": "reversing_labs"
},
{
"properties": [
{
"name": "file_name",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"
}
],
"record_time": "2021-04-19T11:08:27",
"tag": "external_feed"
},
{
"properties": [
{
"name": "file_name",
"value": "Tox.exe.0.dr"
},
{
"name": "cuckoo_parent",
"value": "0437e2a71065624b78d41701ba07aebb200f684f"
}
],
"record_time": "2020-12-09T22:13:13",
"tag": "reversing_labs"
},
{
"properties": [
{
"name": "file_name",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"
}
],
"record_time": "2020-01-29T08:39:40",
"tag": "reversing_labs"
},
{
"record_time": "2019-10-10T09:13:15",
"tag": "reversing_labs"
},
{
"record_time": "2018-08-01T09:01:06",
"tag": "reversing_labs"
},
{
"record_time": "2018-07-31T20:07:27",
"tag": "reversing_labs"
},
{
"record_time": "2018-07-29T19:12:10",
"tag": "reversing_labs"
},
{
"record_time": "2015-06-11T23:54:00",
"tag": "reversing_labs"
},
{
"record_time": "2015-05-31T18:03:33",
"tag": "reversing_labs"
}
]
},
"ssdeep": "12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl",
"xref": {
"entries": [
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-06-06T12:15:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-06-06T14:55:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-06-06T15:26:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-06-06T15:44:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-06-06T16:03:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-06-06T09:09:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-06-06T16:04:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-06-06T16:04:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-06-06T15:06:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-06-06T16:04:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-06-06T16:04:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-06-06T15:06:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-06-06T15:28:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-06-06T15:25:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-06-06T14:31:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-06-06T15:44:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-06-06T16:05:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-06-06T15:46:00",
"version": "avvdat-10733.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-06-06T01:34:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-06-06T15:46:00",
"version": "avvdat-10733.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-06-06T10:11:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-06-06T12:28:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-06-06T12:28:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-06-06T15:00:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-06-06T15:00:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-06-05T23:53:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-06-06T11:13:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-06-06T11:13:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-06-06T16:08:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-06-06T16:08:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-06-06T12:00:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-06-06T11:53:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-06-06T14:29:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-06-06T11:53:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-06-06T15:43:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-06-06T15:43:00",
"version": "hcoth1849195.zip"
},
{
"name": "vba32",
"timestamp": "2023-06-06T11:01:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-06-06T16:15:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Malware.Undefined!8.C"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-24T11:26:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-24T15:18:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-24T14:20:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-24T15:04:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-24T15:20:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-24T08:55:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-24T15:20:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-24T15:21:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-24T15:09:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-24T15:21:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-24T15:21:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-24T14:55:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-24T11:28:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-24T14:41:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-23T19:22:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-24T13:48:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-24T15:22:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-23T14:36:00",
"version": "avvdat-10719.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-24T12:31:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-23T14:36:00",
"version": "avvdat-10719.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-24T12:41:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-24T03:59:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-24T03:59:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-24T14:56:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-24T14:56:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-24T03:17:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-24T10:51:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-24T10:51:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-24T15:26:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-24T15:26:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-24T10:56:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-23T11:47:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-24T14:03:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-23T11:47:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-24T15:24:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-24T15:24:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-24T12:46:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-24T15:33:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-18T10:07:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-18T10:32:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-18T10:40:00",
"version": "avast_db.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-18T09:58:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-18T11:44:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-18T08:58:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-18T11:45:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-18T11:45:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-18T09:49:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-18T11:45:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-18T11:45:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-18T10:57:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-18T10:30:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-18T10:49:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-18T10:07:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-18T10:54:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-18T11:46:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-18T09:54:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-18T10:41:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-18T10:41:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-18T09:58:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-18T09:58:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-18T01:11:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-18T11:44:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-18T11:44:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-18T11:48:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-18T11:48:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-18T02:19:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-18T11:02:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-18T11:08:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-18T11:02:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-18T11:28:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-18T09:26:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-18T11:51:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Malware.AI.3162889180"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.HLLP.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-18T06:06:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-18T08:32:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-18T08:35:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-18T07:54:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-18T09:03:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-18T08:58:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-18T09:03:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-18T09:03:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-18T07:38:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-18T09:04:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-18T09:05:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-18T08:54:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-18T08:26:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-18T08:43:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-17T19:59:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-18T06:53:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-18T09:08:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-18T07:39:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-18T06:40:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-18T06:40:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-18T07:55:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-18T07:55:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-18T01:11:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-18T05:41:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-18T05:41:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-18T09:12:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-18T09:12:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-18T02:19:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-18T08:58:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-18T07:06:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-18T08:58:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-18T07:25:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-18T07:25:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-18T09:16:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-17T11:54:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-17T16:27:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-17T18:05:00",
"version": "avast_db.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-17T17:24:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-17T18:28:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-17T08:38:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-17T18:29:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-17T18:29:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-17T18:18:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-17T18:30:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-17T18:30:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-17T16:28:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-17T18:04:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-17T17:56:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-17T13:55:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-17T16:48:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-17T18:33:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-17T15:23:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-17T17:39:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-17T17:39:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-16T22:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-17T17:36:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-17T17:36:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-17T18:38:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-17T18:39:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-17T12:15:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-17T17:02:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-17T17:14:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-17T17:14:00",
"version": "hcoth1844995.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-17T18:49:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-17T11:54:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-17T16:27:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-17T16:00:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-17T15:20:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-17T17:03:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-17T08:38:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-17T17:03:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-17T17:03:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-17T16:07:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-17T17:03:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-17T17:03:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-17T16:28:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-17T16:01:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-17T15:50:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-17T13:55:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-17T16:48:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-17T17:04:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-17T15:23:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-17T15:37:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-17T15:37:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-16T22:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-17T11:33:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-17T11:33:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-17T17:06:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-17T17:06:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-17T12:15:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-17T17:02:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-17T15:12:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-17T13:11:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-17T17:09:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Malware.Undefined!8.C"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-16T11:41:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-16T18:20:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-16T23:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-16T22:46:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-16T23:32:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-16T22:30:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-16T23:32:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-16T23:32:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-16T22:12:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-16T23:32:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-16T23:32:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-16T21:58:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-16T23:31:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-16T22:57:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-16T19:44:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-16T18:40:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-16T23:33:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-16T15:59:00",
"version": "avvdat-10712.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T21:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-16T15:59:00",
"version": "avvdat-10712.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-16T22:30:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-16T20:28:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-16T20:28:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-16T23:17:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-16T23:17:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-16T22:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-16T23:26:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-16T23:26:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-16T23:37:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-16T23:37:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-16T22:11:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-16T22:56:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-16T23:00:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-16T23:00:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-16T19:26:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-16T23:38:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2022-06-08T11:05:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2022-06-08T10:50:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2022-06-08T11:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2022-06-08T08:50:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2022-06-08T12:42:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2022-06-08T08:15:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2022-06-08T12:42:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2022-06-08T12:42:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "cyren",
"timestamp": "2022-06-08T11:40:00",
"version": "antivir-v2-z-202206081102.zip"
},
{
"name": "cyren_online",
"timestamp": "2022-06-08T11:40:00",
"version": "antivir-v2-z-202206081102.zip"
},
{
"name": "drweb",
"timestamp": "2022-06-08T11:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2022-06-08T12:42:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2022-06-08T12:42:00",
"version": "ensilo.exe"
},
{
"name": "ffri",
"timestamp": "2022-06-08T12:42:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2022-06-08T11:35:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2022-06-08T11:00:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2022-06-08T10:45:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2022-06-08T08:15:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2022-06-08T08:30:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2022-01-29T06:55:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2022-01-29T06:55:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2022-06-08T12:42:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2022-06-07T14:05:00",
"version": "avvdat-10371.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2022-06-08T11:15:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2022-06-07T14:05:00",
"version": "avvdat-10371.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2022-06-08T03:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2022-06-08T09:00:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2022-06-08T09:00:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2022-06-08T11:55:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2022-06-08T11:55:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2022-06-08T11:25:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2022-06-08T09:40:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2022-06-08T09:40:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2022-06-08T12:43:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2022-06-08T12:43:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2022-06-08T09:35:00",
"version": "ide_5.92.zip"
},
{
"name": "symantec",
"timestamp": "2022-06-08T11:55:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2022-06-08T10:35:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2022-06-08T11:55:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2022-06-08T11:00:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2022-06-08T09:25:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2022-06-08T09:50:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2022-06-08T12:43:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "cyren",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "cyren_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "Ransom-Tox!11B48E409D96"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-06-17T11:40:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-06-17T12:45:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-06-17T13:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-06-17T12:20:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-06-17T14:15:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-06-16T12:45:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-06-17T11:45:00",
"version": "antivir-v2-z-202106171027.zip"
},
{
"name": "command_online",
"timestamp": "2021-06-17T11:45:00",
"version": "antivir-v2-z-202106171027.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-06-17T14:15:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-06-17T14:16:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-06-17T13:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-06-17T14:15:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-06-17T14:16:00",
"version": "ensilo.exe"
},
{
"name": "f_prot",
"timestamp": "2021-06-17T11:45:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-06-17T14:16:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-06-17T13:10:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-06-17T13:10:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-06-17T12:55:00",
"version": "bd.zip"
},
{
"name": "ikarus",
"timestamp": "2021-06-17T12:45:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-06-17T12:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-06-17T13:20:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-06-17T13:20:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-06-17T14:16:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-06-16T21:00:00",
"version": "avvdat-10017.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-06-17T13:15:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-06-16T21:00:00",
"version": "avvdat-10017.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-06-17T03:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-06-17T10:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-06-17T10:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-06-17T11:30:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-06-17T11:30:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-06-17T11:25:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-06-17T09:30:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-06-17T09:30:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-06-17T14:16:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-06-17T14:16:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-06-17T07:45:00",
"version": "ide_5.84.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-06-17T07:45:00",
"version": "ide_5.84.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-06-17T14:16:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-06-17T12:35:00",
"version": "CSE39VT-EN-93362-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-06-17T13:25:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-06-17T12:00:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-06-17T13:25:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-06-17T06:20:00",
"version": "ioth1678500.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-06-16T17:20:00",
"version": "hcoth1678395.zip"
},
{
"name": "vba32",
"timestamp": "2021-06-17T08:55:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-06-17T14:16:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-06-17T14:17:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Mytob.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": ""
},
{
"name": "rising_online",
"result": ""
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-19T08:00:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-19T06:10:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-19T10:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-19T09:50:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-19T11:09:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-18T19:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-19T09:20:00",
"version": "antivir-v2-z-202104190807.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-19T09:20:00",
"version": "antivir-v2-z-202104190807.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-19T11:09:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-19T11:09:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-19T10:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-19T11:09:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-19T11:09:00",
"version": "ensilo.exe"
},
{
"name": "f_prot",
"timestamp": "2021-04-19T09:20:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-19T11:09:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-19T09:55:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-19T10:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-19T10:20:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-19T08:20:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-19T08:40:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-19T10:20:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-19T10:20:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-19T11:09:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-18T14:05:00",
"version": "avvdat-9958.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-19T09:45:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-18T14:05:00",
"version": "avvdat-9958.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-19T03:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-19T07:05:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-19T07:05:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-19T06:40:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-19T06:40:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-18T12:25:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-19T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-19T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-19T11:09:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-19T11:09:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-19T02:25:00",
"version": "ide_5.83.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-19T02:25:00",
"version": "ide_5.83.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-19T11:09:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-19T10:00:00",
"version": "CSE39VT-EN-91944-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-19T10:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-19T10:10:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-19T10:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-19T06:30:00",
"version": "ioth1666500.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-18T15:15:00",
"version": "hcoth1666395.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-19T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-19T11:09:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-19T11:10:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-14T08:00:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-14T07:55:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-14T10:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-14T08:15:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-14T11:17:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-13T14:45:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-14T09:40:00",
"version": "antivir-v2-z-202104140841.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-14T09:40:00",
"version": "antivir-v2-z-202104140841.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-14T11:17:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-14T11:17:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-14T09:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-14T11:17:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-14T11:17:00",
"version": "ensilo.exe"
},
{
"name": "f_prot",
"timestamp": "2021-04-14T09:45:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-14T11:17:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-14T09:55:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-14T10:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-14T10:25:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-14T08:10:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-14T08:25:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-14T09:55:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-14T09:55:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-14T11:17:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-13T14:05:00",
"version": "avvdat-9953.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-14T10:25:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-13T14:05:00",
"version": "avvdat-9953.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-14T03:10:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-14T09:00:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-14T09:00:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-13T11:30:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-13T11:30:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-14T08:35:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-14T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-14T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-14T11:17:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-14T11:17:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-14T00:55:00",
"version": "ide_5.83.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-14T00:55:00",
"version": "ide_5.83.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-14T11:17:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-14T08:40:00",
"version": "CSE39VT-EN-91822-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-14T10:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-14T08:55:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-14T10:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-14T06:20:00",
"version": "ioth1665500.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-13T15:05:00",
"version": "hcoth1665395.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-14T09:05:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-14T11:17:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-14T11:18:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Pluto.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-07T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-07T10:50:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-07T13:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-07T11:10:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-07T14:26:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-07T13:15:00",
"version": "antivir-v2-z-202104071215.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-07T13:15:00",
"version": "antivir-v2-z-202104071215.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-07T14:26:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-07T14:26:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-07T13:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-07T14:26:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-07T14:26:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-07T13:20:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-07T14:26:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-07T12:10:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-07T13:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-07T12:35:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-07T12:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-07T11:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-07T12:45:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-07T12:45:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-07T14:26:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-07T12:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-07T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-07T13:10:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-07T13:10:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-07T11:45:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-07T11:45:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-07T10:55:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-07T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-07T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-07T14:27:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-07T14:27:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-07T07:55:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-07T07:55:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-07T14:27:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-07T12:00:00",
"version": "CSE39VT-EN-91658-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-07T13:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-07T13:05:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-07T13:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-07T08:15:00",
"version": "ioth1664100.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-07T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-07T14:27:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-07T14:27:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-06T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-06T21:10:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-06T21:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-06T21:10:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-06T22:28:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-06T20:45:00",
"version": "antivir-v2-z-202104061939.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-06T20:45:00",
"version": "antivir-v2-z-202104061939.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-06T22:28:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-06T22:28:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-06T21:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-06T22:28:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-06T22:28:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-06T20:45:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-06T22:28:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-06T20:55:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-06T21:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-06T21:40:00",
"version": "bd.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-06T18:35:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-06T17:35:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-06T21:00:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-06T21:00:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-06T22:28:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-06T21:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-06T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-06T17:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-06T17:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-06T21:30:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-06T21:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-06T21:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-06T22:28:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-06T22:29:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-06T22:29:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-06T20:30:00",
"version": "CSE39VT-EN-91642-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-06T21:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-06T21:20:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-06T21:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-06T16:10:00",
"version": "ioth1663900.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-06T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-06T22:29:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-06T22:29:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-06T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-06T16:00:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-06T17:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-06T15:35:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-06T17:57:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-06T17:57:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-06T17:57:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-06T17:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-06T17:57:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-06T17:57:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-06T17:57:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-06T16:20:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-06T17:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-06T16:30:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-06T12:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-06T15:35:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-06T17:57:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-06T16:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-06T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-06T07:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-06T17:58:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-06T17:58:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-06T17:58:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-06T16:25:00",
"version": "CSE39VT-EN-91638-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-06T16:50:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-06T16:10:00",
"version": "ioth1663900.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-06T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-06T17:58:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-06T17:58:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-06T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-06T16:00:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-06T17:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-06T15:35:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-06T17:52:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-06T17:52:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-06T17:53:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-06T17:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-06T17:53:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-06T17:53:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-06T17:53:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-06T16:20:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-06T17:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-06T16:30:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-06T12:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-06T15:35:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-06T17:53:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-06T16:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-06T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-06T07:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-06T17:53:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-06T17:53:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-06T17:53:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-06T16:25:00",
"version": "CSE39VT-EN-91638-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-06T16:50:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-06T16:10:00",
"version": "ioth1663900.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-06T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-06T17:53:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-06T17:53:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-06T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-06T16:00:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-06T17:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-06T15:35:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-06T17:50:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-06T17:50:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-06T17:51:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-06T17:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-06T17:51:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-06T17:51:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-06T17:51:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-06T16:20:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-06T17:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-06T16:30:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-06T12:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-06T15:35:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-06T17:51:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-06T16:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-06T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-06T07:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-06T17:51:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-06T17:51:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-06T17:51:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-06T16:25:00",
"version": "CSE39VT-EN-91638-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-06T16:50:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-06T16:10:00",
"version": "ioth1663900.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-06T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-06T17:51:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-06T17:51:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-03-12T07:55:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-03-12T08:00:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-03-12T09:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-03-12T09:55:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-03-12T10:39:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-03-10T10:00:00",
"version": "bytecode.cvd"
},
{
"name": "command",
"timestamp": "2021-03-12T09:35:00",
"version": "antivir-v2-z-202103120821.zip"
},
{
"name": "command_online",
"timestamp": "2021-03-12T09:35:00",
"version": "antivir-v2-z-202103120821.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-03-12T10:40:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-03-12T10:41:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-03-12T09:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-03-12T10:42:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-03-12T10:42:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-03-12T09:40:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-03-12T09:40:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-03-12T10:43:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-03-12T09:25:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-03-12T09:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-03-12T08:05:00",
"version": "bd.zip"
},
{
"name": "ikarus",
"timestamp": "2021-03-12T09:10:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-03-12T08:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-03-12T09:00:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-03-12T09:00:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-03-12T10:45:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-03-11T14:10:00",
"version": "avvdat-9920.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-03-12T09:15:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-03-11T14:10:00",
"version": "avvdat-9920.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-03-12T04:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-03-12T09:10:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-03-12T09:10:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-03-11T12:35:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-03-11T12:35:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-03-12T08:15:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-03-12T09:50:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-03-12T09:50:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-03-12T10:47:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-03-12T10:47:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-03-12T08:05:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-03-12T08:05:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-03-12T10:47:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-03-12T09:45:00",
"version": "CSE39VT-EN-91030-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-03-12T09:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-03-12T08:45:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-03-12T09:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-03-12T08:20:00",
"version": "itbl2114200400.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-03-11T16:15:00",
"version": "hcoth1658795.zip"
},
{
"name": "vba32",
"timestamp": "2021-03-12T09:15:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-03-12T10:49:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-03-12T10:52:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": "TrojanRansom.Crypren"
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-03-11T11:30:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-03-11T07:55:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-03-11T11:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-03-11T08:00:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-03-11T12:32:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-03-10T10:00:00",
"version": "bytecode.cvd"
},
{
"name": "command",
"timestamp": "2021-03-11T11:10:00",
"version": "antivir-v2-z-202103111002.zip"
},
{
"name": "command_online",
"timestamp": "2021-03-11T11:10:00",
"version": "antivir-v2-z-202103111002.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-03-11T12:34:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-03-11T12:34:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-03-11T11:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-03-11T12:35:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-03-11T12:35:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-03-11T09:20:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-03-11T11:10:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-03-11T12:35:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-03-11T09:10:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-03-11T11:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-03-11T11:35:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-03-11T09:10:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-03-11T11:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-03-11T11:35:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-03-11T11:35:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-03-11T12:39:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-03-10T15:05:00",
"version": "avvdat-9919.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-03-11T11:15:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-03-10T15:05:00",
"version": "avvdat-9919.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-03-11T04:00:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-03-11T11:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-03-11T11:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-03-10T12:00:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-03-10T12:00:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-03-11T09:15:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-03-11T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-03-11T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-03-11T12:42:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-03-11T12:42:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-03-11T08:55:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-03-11T08:55:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-03-11T12:42:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-03-11T11:00:00",
"version": "CSE39VT-EN-91008-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-03-11T11:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-03-11T11:20:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-03-11T11:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-03-11T10:30:00",
"version": "itbl2114000700.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-03-10T17:50:00",
"version": "hcoth1658595.zip"
},
{
"name": "vba32",
"timestamp": "2021-03-11T09:30:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-03-11T12:44:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-03-11T12:47:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": "TrojanRansom.Crypren"
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-03-04T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-03-04T13:45:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-03-04T13:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-03-04T13:35:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-03-04T14:40:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-03-04T07:20:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-03-04T12:25:00",
"version": "antivir-v2-z-202103041126.zip"
},
{
"name": "command_online",
"timestamp": "2021-03-04T12:25:00",
"version": "antivir-v2-z-202103041126.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-03-04T14:40:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-03-04T14:40:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-03-04T13:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-03-04T14:40:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-03-04T14:40:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-03-04T12:50:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-03-04T12:25:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-03-04T14:40:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-03-04T12:45:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-03-04T13:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-03-04T13:35:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-03-04T13:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-03-04T11:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-02-03T05:40:00",
"version": "kdb-i386-cumul.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-02-03T05:40:00",
"version": "kdb-i386-cumul.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-03-04T14:41:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-03-03T15:05:00",
"version": "avvdat-9912.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-03-04T13:45:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-03-03T15:05:00",
"version": "avvdat-9912.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-03-04T13:50:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-03-04T13:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-03-04T13:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-03-04T12:20:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-03-04T12:20:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-03-04T11:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-03-04T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-03-04T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-03-04T14:41:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-03-04T14:41:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-03-04T05:35:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-03-04T05:35:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-03-04T14:41:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-03-04T13:00:00",
"version": "CSE39VT-EN-90842-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-03-04T13:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-03-04T13:55:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-03-04T13:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-03-04T12:55:00",
"version": "itbl2112601000.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-03-03T16:25:00",
"version": "hcoth1657195.zip"
},
{
"name": "vba32",
"timestamp": "2021-03-04T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-03-04T14:41:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-03-04T14:42:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": "TrojanRansom.Crypren"
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-03-04T07:55:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-03-04T07:55:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-03-04T08:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-03-04T07:40:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-03-04T09:07:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-03-04T07:20:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-03-04T08:00:00",
"version": "antivir-v2-z-202103040702.zip"
},
{
"name": "command_online",
"timestamp": "2021-03-04T08:00:00",
"version": "antivir-v2-z-202103040702.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-03-04T09:07:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-03-04T09:07:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-03-04T08:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-03-04T09:07:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-03-04T09:07:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-03-04T04:40:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-03-04T08:00:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-03-04T09:07:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-03-04T08:10:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-03-04T08:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-03-04T08:10:00",
"version": "bd.zip"
},
{
"name": "ikarus",
"timestamp": "2021-03-03T19:45:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-03-04T08:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-02-03T05:40:00",
"version": "kdb-i386-cumul.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-02-03T05:40:00",
"version": "kdb-i386-cumul.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-03-04T09:08:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-03-03T15:05:00",
"version": "avvdat-9912.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-03-04T08:45:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-03-03T15:05:00",
"version": "avvdat-9912.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-03-04T04:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-03-04T05:50:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-03-04T05:50:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-03-03T11:45:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-03-03T11:45:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-03-04T07:15:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-03-04T03:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-03-04T03:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-03-04T09:08:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-03-04T09:08:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-03-04T05:35:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-03-04T05:35:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-03-04T09:08:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-03-04T07:35:00",
"version": "CSE39VT-EN-90836-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-03-04T08:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-03-04T06:15:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-03-04T08:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-03-04T08:40:00",
"version": "itbl2112600600.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-03-03T16:25:00",
"version": "hcoth1657195.zip"
},
{
"name": "vba32",
"timestamp": "2021-03-03T09:20:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-03-04T09:08:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-03-04T09:09:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": "TrojanRansom.Crypren"
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
}
],
"first_seen": "2015-05-30T22:04:00",
"last_seen": "2023-06-06T16:15:00",
"sample_type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed"
}
}
}
}
}
}

Human Readable Output#

ReversingLabs File Analysis results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

File type: PE File subtype: Exe Sample type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed Sample size: 636416 bytes Extended description: This file (SHA1: 21841b32c6165b27dddbd4d6eb3a672defe54271) is a 32-bit portable executable application. Additionally, it was identified as UPX 0.60-3.x executable packer, and unpacking was successful. The application uses the Windows graphical user interface (GUI) subsystem, while the language used is English from United States. Cryptography related data was found in the file. This application has access to networking and running processes and has cryptography and security related capabilities. There is one extracted file. First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:15:00 MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 SHA-384 hash: e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be SHA-512 hash: 205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f SSDEEP hash: 12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl RIPEMD-160 hash: d26f686b6af13b9073f77a1ba5a7b610934dc625

reversinglabs-titaniumcloud-rha1-functional-similarity#


Retrieve a list of functionally similar hashes to the provided one.

Base Command#

reversinglabs-titaniumcloud-rha1-functional-similarity

Input#

Argument NameDescriptionRequired
hashFile hash.Required
result_limitMaximum number of results to be returned. Default is 5000. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.functional_similarityUnknown

Command example#

!reversinglabs-titaniumcloud-rha1-functional-similarity hash=21841b32c6165b27dddbd4d6eb3a672defe54271 result_limit=2

Context Example#

{
"InfoFile": {
"EntryID": "7677@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "RHA1 Functional Similarity report file for hash 21841b32c6165b27dddbd4d6eb3a672defe54271",
"Size": 1303,
"Type": "ASCII text"
},
"ReversingLabs": {
"functional_similarity": [
{
"classification": "MALICIOUS",
"first_seen": "2015-06-01T19:11:00.592000",
"last_seen": "2021-07-27T09:29:09.915000",
"malware_family": "Tox",
"malware_type": "Ransomware",
"md5": "0e3e231c255a5eefefd20d70c247d5f0",
"platform": "Win32",
"sample_available": true,
"sample_size": 636416,
"sample_type": "PE/Exe/UPX",
"sha1": "03823b9fab3931d7c634fd3c2d40a89555c783af",
"sha256": "5cf1f17aef32603d3ec7c9af88c23122dd259b4303b7b8282a0e204cb4d1f1a4",
"threat_level": 5,
"threat_name": "Win32.Ransomware.Tox",
"trust_factor": 5
},
{
"classification": "MALICIOUS",
"first_seen": "2015-05-29T00:18:00",
"last_seen": "2021-08-06T10:26:56.085000",
"malware_family": "Tox",
"malware_type": "Ransomware",
"md5": "f4fa4d7c774eaba895ed005f3c84a8b3",
"platform": "Win32",
"sample_available": true,
"sample_size": 636416,
"sample_type": "PE/Exe/UPX",
"sha1": "0649cbb97387cb2ff5d1ed2f5c238b0914a2b63a",
"sha256": "354371ec3b0b2bc03e567dbef57e9211e700381f3f39fe3604fc26abfd16a641",
"threat_level": 5,
"threat_name": "Win32.Ransomware.Tox",
"trust_factor": 5
}
]
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-rha1-analytics#


Retrieve the number of hashes functionally similar to the provided one grouped by classification.

Base Command#

reversinglabs-titaniumcloud-rha1-analytics

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.SHA1UnknownFile SHA1
File.SHA256UnknownFile SHA256
File.MD5UnknownFile MD5
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.rha1_analyticsUnknown

Command example#

!reversinglabs-titaniumcloud-rha1-analytics hash=21841b32c6165b27dddbd4d6eb3a672defe54271

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Reliability": "C - Fairly reliable",
"Score": 3,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"Malicious": {
"Description": "Win32.Ransomware.Tox",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"ReversingLabs": {
"rha1_analytics": {
"rl": {
"rha1_counters": {
"rha1_first_seen": "2015-05-26T03:53:56",
"rha1_last_seen": "2020-04-20T00:42:11",
"rha1_type": "pe01",
"sample_counters": {
"known": 0,
"malicious": 144,
"suspicious": 0,
"total": 144
},
"sample_metadata": {
"classification": "MALICIOUS",
"first_seen": "2015-05-30T22:04:00",
"last_seen": "2023-06-06T16:16:58.328000",
"malware_family": "Tox",
"malware_type": "Ransomware",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"platform": "Win32",
"sample_available": true,
"sample_size": 636416,
"sample_type": "PE/Exe/UPX",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"threat_level": 5,
"threat_name": "Win32.Ransomware.Tox",
"trust_factor": 5
},
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271"
}
}
}
}
}

Human Readable Output#

ReversingLabs RHA1 Analytics results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

Sample counters#

KNOWN: 0 MALICIOUS: 144 SUSPICIOUS: 0 TOTAL: 144

Sample metadata#

Classification: MALICIOUS MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:16:58.328000 Sample available: True Sample size: 636416 bytes Sample type: PE/Exe/UPX Threat name: Win32.Ransomware.Tox Threat level: 5

reversinglabs-titaniumcloud-uri-statistics#


Retrieve the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command#

reversinglabs-titaniumcloud-uri-statistics

Input#

Argument NameDescriptionRequired
uriURI string.Required

Context Output#

PathTypeDescription
IP.AddressUnknownIP address
Domain.NameUnknownDomain name
URL.DataUnknownThe URL
Email.ToUnknownDestination email address
ReversingLabs.uri_statisticsUnknown

Command example#

!reversinglabs-titaniumcloud-uri-statistics uri=127.0.0.1

Context Example#

{
"DBotScore": {
"Indicator": "127.0.0.1",
"Score": 0,
"Type": "ip",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"IP": {
"Address": "127.0.0.1"
},
"ReversingLabs": {
"uri_statistics": {
"rl": {
"uri_state": {
"counters": {
"known": 48600,
"malicious": 163967,
"suspicious": 602
},
"ipv4": "127.0.0.1",
"sha1": "4b84b15bff6ee5796152495a230e45e3d7e947d9",
"uri_type": "ipv4"
}
}
}
}
}

Human Readable Output#

ReversingLabs URI Statistics results for URI 127.0.0.1#

Sample counters#

KNOWN: 48600 MALICIOUS: 163967 SUSPICIOUS: 602 SHA-1 hash: 4b84b15bff6ee5796152495a230e45e3d7e947d9 URI type: ipv4 IPv4: 127.0.0.1

reversinglabs-titaniumcloud-uri-index#


Retrieve a list of all available file hashes associated with a given URI.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command#

reversinglabs-titaniumcloud-uri-index

Input#

Argument NameDescriptionRequired
uriURI string.Required
result_limitMaximum number of results to be returned. Default is 5000. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.uri_indexUnknown

Command example#

!reversinglabs-titaniumcloud-uri-index uri=8.8.4.4 result_limit=2

Context Example#

{
"InfoFile": {
"EntryID": "7686@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Extension": "4",
"Info": "application/x-troff-man",
"Name": "URI Index report file for URI 8.8.4.4",
"Size": 98,
"Type": "ASCII text"
},
"ReversingLabs": {
"uri_index": [
"007525ef3ee9d4c969fd893f6c4f3d35ce2ee914",
"03c30532b3f750bc0232f560c4b51c53521df21b"
]
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-advanced-search#


Search for hashes using multi-part search criteria.

Base Command#

reversinglabs-titaniumcloud-advanced-search

Input#

Argument NameDescriptionRequired
queryQuery string.Required
result_limitMaximum number of results to be returned. Default is 5000. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.advanced_searchUnknown

Command example#

!reversinglabs-titaniumcloud-advanced-search query="av-count:5 available:TRUE" result_limit="2"

Context Example#

{
"InfoFile": {
"EntryID": "7619@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "Advanced Search report file",
"Size": 1050,
"Type": "ASCII text"
},
"ReversingLabs": {
"advanced_search": [
{
"antivirus": 5,
"available": true,
"classification": "KNOWN",
"filecount": 0,
"firstseen": "2023-06-06T20:16:04Z",
"lastseen": "2023-06-06T21:56:23Z",
"md5": "6b9b845c5e5f3bff5dde0420370b7f3c",
"sampletype": "Text/HTML/HTML",
"sha1": "e80869fa3a921f81941ccbde147ab38c65caa986",
"sha256": "462be991903270c3246396d216dfe5c79394a91053bf452ac2ce64519d0be613",
"size": 160159,
"threatlevel": 0,
"trustfactor": 5
},
{
"antivirus": 5,
"available": true,
"classification": "KNOWN",
"filecount": 0,
"firstseen": "2023-06-06T19:59:17Z",
"lastseen": "2023-06-06T23:56:32Z",
"md5": "5f25da1c21e80f040c803ea4356b736d",
"sampletype": "Text/HTML/HTML",
"sha1": "a969d353815f2bc77286033d45adf1073ed81716",
"sha256": "82fc5c39e0c409a4b49e6324bab04011eab60a31314d8b140092ca4306448280",
"size": 160159,
"threatlevel": 0,
"trustfactor": 5
}
]
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-expression-search#


Search provides samples first seen on a particular date, filtered by search criteria.

Base Command#

reversinglabs-titaniumcloud-expression-search

Input#

Argument NameDescriptionRequired
queryQuery string.Required
dateSearch date.Optional
result_limitMaximum number of results to be returned Default is 5000. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.expression_searchUnknown

Command example#

!reversinglabs-titaniumcloud-expression-search query="threat_level>=3 status=malicious malware_family=CVE-2017-11882" result_limit="2"

Context Example#

{
"InfoFile": {
"EntryID": "7637@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "Expression Search report file",
"Size": 1412,
"Type": "ASCII text"
},
"ReversingLabs": {
"expression_search": [
{
"first_seen": "2023-06-06 00:00:40",
"last_seen": "2023-06-06 00:28:05",
"malware_family": "CVE-2017-11882",
"malware_type": "Exploit",
"md5": "a9e8baef620a4a76c4207d9b48df8a37",
"platform": "Document",
"sample_available": "False",
"sample_size": "23799",
"sample_type": "Document/None/PDF",
"sha1": "d8df002404ae6783f5bb317d2b95657e411e6782",
"sha256": "33dda8b06e8de914090e405008910ba0a4c25a51ead127b2efe6cc1b795bf307",
"status": "MALICIOUS",
"subplatform": "Office",
"threat_level": 5,
"threat_name": "Document-Office.Exploit.CVE-2017-11882",
"trust_factor": 5
},
{
"first_seen": "2023-06-06 00:00:53",
"last_seen": "2023-06-06 00:32:06",
"malware_family": "CVE-2017-11882",
"malware_type": "Exploit",
"md5": "e2548e75542aca394e492f59aa6c080e",
"platform": "Document",
"sample_available": "False",
"sample_size": "23799",
"sample_type": "Document/None/PDF",
"sha1": "a14df376580500edf6f829030ec4153fd629225d",
"sha256": "f8a86c99ffa0b6aa2bc3b54747778852995717954d75ae3c033bd6d23b3aa6e4",
"status": "MALICIOUS",
"subplatform": "Office",
"threat_level": 5,
"threat_name": "Document-Office.Exploit.CVE-2017-11882",
"trust_factor": 5
}
]
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-file-download#


Download files associated with a SHA1, MD5 or SHA256 hash.

Base Command#

reversinglabs-titaniumcloud-file-download

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

There is no context output for this command.

Command example#

!reversinglabs-titaniumcloud-file-download hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"File": {
"EntryID": "7647@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "application/x-dosexec",
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"Name": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"SHA512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",
"SSDeep": "12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl",
"Size": 636416,
"Type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed"
}
}

Human Readable Output#

Requested sample is available for download under the name 21841b32c6165b27dddbd4d6eb3a672defe54271

reversinglabs-titaniumcloud-file-upload#


Upload a file using a byte stream with a SHA1 hash of the file provided in the request.

Base Command#

reversinglabs-titaniumcloud-file-upload

Input#

Argument NameDescriptionRequired
entryIdFile entry ID.Required

Context Output#

There is no context output for this command.

reversinglabs-titaniumcloud-url-report#


Return a URL analysis report.

Base Command#

reversinglabs-titaniumcloud-url-report

Input#

Argument NameDescriptionRequired
urlURL string.Required

Context Output#

PathTypeDescription
URL.DataUnknownThe URL
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.url_reportUnknown

Command example#

!reversinglabs-titaniumcloud-url-report url="http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt"

Context Example#

{
"DBotScore": {
"Indicator": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"Reliability": "C - Fairly reliable",
"Score": 3,
"Type": "url",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"ReversingLabs": {
"url_report": {
"rl": {
"analysis": {
"analysis_count": 3,
"analysis_history": [
{
"analysis_id": "168359658951508c",
"analysis_time": "2023-05-09T01:42:13",
"availability_status": "online",
"domain": "classicairjordanshoes.com",
"http_response_code": 200,
"serving_ip_address": "37.72.184.59"
},
{
"analysis_id": "16841931093501b5",
"analysis_time": "2023-05-15T23:24:35",
"availability_status": "online",
"domain": "classicairjordanshoes.com",
"http_response_code": 200,
"serving_ip_address": "37.72.184.59"
},
{
"analysis_id": "16844028829801b5",
"analysis_time": "2023-05-18T09:40:39",
"availability_status": "online",
"domain": "classicairjordanshoes.com",
"http_response_code": 200,
"serving_ip_address": "37.72.184.59"
}
],
"first_analysis": "2023-05-09T01:42:13",
"last_analysis": {
"analysis_id": "16844028829801b5",
"analysis_time": "2023-05-18T09:40:39",
"availability_status": "online",
"domain": "classicairjordanshoes.com",
"http_response_code": 200,
"serving_ip_address": "37.72.184.59"
},
"statistics": {
"known": 0,
"malicious": 3,
"suspicious": 0,
"total": 3,
"unknown": 0
},
"top_threats": [
{
"files_count": 3,
"threat_level": 5,
"threat_name": "Document-HTML.Trojan.RedirBA"
}
]
},
"classification": "malicious",
"requested_url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"third_party_reputations": {
"sources": [
{
"detection": "undetected",
"source": "phishing_database",
"update_time": "2023-06-06T15:08:12"
},
{
"detection": "undetected",
"source": "cyren",
"update_time": "2023-06-07T05:08:53"
},
{
"detection": "undetected",
"source": "cyradar",
"update_time": "2023-06-07T06:59:53"
},
{
"detection": "undetected",
"source": "netstar",
"update_time": "2023-06-07T12:51:41"
},
{
"detection": "undetected",
"source": "malsilo",
"update_time": "2023-06-07T11:07:56"
},
{
"detection": "undetected",
"source": "mute",
"update_time": "2023-06-07T09:39:35"
},
{
"detection": "undetected",
"source": "adminus_labs",
"update_time": "2023-06-07T13:02:50"
},
{
"detection": "undetected",
"source": "apwg",
"update_time": "2023-06-07T01:21:26"
},
{
"detection": "undetected",
"source": "0xSI_f33d",
"update_time": "2023-06-07T05:21:24"
},
{
"detection": "undetected",
"source": "threatfox_abuse_ch",
"update_time": "2023-06-07T07:20:28"
},
{
"detection": "undetected",
"source": "alphamountain",
"update_time": "2023-06-07T12:47:18"
},
{
"detection": "undetected",
"source": "phishstats",
"update_time": "2023-06-07T04:15:13"
},
{
"detection": "undetected",
"source": "comodo_valkyrie",
"update_time": "2023-06-06T14:40:10"
},
{
"detection": "undetected",
"source": "alien_vault",
"update_time": "2023-06-07T00:37:00"
},
{
"detection": "undetected",
"source": "osint",
"update_time": "2023-06-07T00:30:40"
},
{
"detection": "undetected",
"source": "openphish",
"update_time": "2023-06-07T09:50:56"
},
{
"detection": "undetected",
"source": "mrg",
"update_time": "2023-06-07T12:56:18"
},
{
"detection": "undetected",
"source": "phishtank",
"update_time": "2023-06-07T10:35:22"
},
{
"detection": "undetected",
"source": "crdf",
"update_time": "2023-06-07T12:44:52"
},
{
"detection": "undetected",
"source": "urlhaus",
"update_time": "2023-06-07T09:59:17"
}
],
"statistics": {
"clean": 0,
"malicious": 0,
"total": 20,
"undetected": 20
}
}
}
}
},
"URL": {
"Data": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"Malicious": {
"Description": "MALICIOUS",
"Vendor": "ReversingLabs TitaniumCloud v2"
}
}
}

Human Readable Output#

ReversingLabs URL Threat Intelligence report for URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt#

Requested URL: http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt Classification: MALICIOUS First analysis: 2023-05-09T01:42:13 Analysis count: 3

Last analysis#

Analysis ID: 16844028829801b5 Analysis time: 2023-05-18T09:40:39 Final URL: None Availability status: online Domain: classicairjordanshoes.com Serving IP Address: 37.72.184.59

Statistics#

KNOWN: 0 SUSPICIOUS: 0 MALICIOUS: 3 UNKNOWN: 0 TOTAL: 3

Analysis history#

analysis_idanalysis_timeavailability_statusdomainhttp_response_codeserving_ip_address
168359658951508c2023-05-09T01:42:13onlineclassicairjordanshoes.com20037.72.184.59
16841931093501b52023-05-15T23:24:35onlineclassicairjordanshoes.com20037.72.184.59
16844028829801b52023-05-18T09:40:39onlineclassicairjordanshoes.com20037.72.184.59

Third party statistics#

TOTAL: 20 MALICIOUS: 0 CLEAN: 0 UNDETECTED: 20

Third party sources#

detectionsourceupdate_time
undetectedphishing_database2023-06-06T15:08:12
undetectedcyren2023-06-07T05:08:53
undetectedcyradar2023-06-07T06:59:53
undetectednetstar2023-06-07T12:51:41
undetectedmalsilo2023-06-07T11:07:56
undetectedmute2023-06-07T09:39:35
undetectedadminus_labs2023-06-07T13:02:50
undetectedapwg2023-06-07T01:21:26
undetected0xSI_f33d2023-06-07T05:21:24
undetectedthreatfox_abuse_ch2023-06-07T07:20:28
undetectedalphamountain2023-06-07T12:47:18
undetectedphishstats2023-06-07T04:15:13
undetectedcomodo_valkyrie2023-06-06T14:40:10
undetectedalien_vault2023-06-07T00:37:00
undetectedosint2023-06-07T00:30:40
undetectedopenphish2023-06-07T09:50:56
undetectedmrg2023-06-07T12:56:18
undetectedphishtank2023-06-07T10:35:22
undetectedcrdf2023-06-07T12:44:52
undetectedurlhaus2023-06-07T09:59:17

reversinglabs-titaniumcloud-analyze-url#


Analyze a given URL.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command#

reversinglabs-titaniumcloud-analyze-url

Input#

Argument NameDescriptionRequired
urlURL string.Required

Context Output#

PathTypeDescription
ReversingLabs.analyze_urlUnknown

Command example#

!reversinglabs-titaniumcloud-analyze-url url="http://34.150.1.150/hBQ"

Context Example#

{
"ReversingLabs": {
"analyze_url": {
"rl": {
"analysis_id": "1686150309665089",
"requested_url": "http://34.150.1.150/hBQ",
"status": "started"
}
}
}
}

Human Readable Output#

ReversingLabs Analyze URL response for URL http://34.150.1.150/hBQ#

Status: started Analysis ID: 1686150309665089 Requested URL: http://34.150.1.150/hBQ

reversinglabs-titaniumcloud-submit-for-dynamic-analysis#


Submit an existing sample for dynamic analysis.

Base Command#

reversinglabs-titaniumcloud-submit-for-dynamic-analysis

Input#

Argument NameDescriptionRequired
sha1Sample SHA-1 hash.Required
platformDesired platform; See the API documentation for possible values.Required

Context Output#

PathTypeDescription
ReversingLabs.detonate_sample_dynamicUnknown

Command example#

!reversinglabs-titaniumcloud-submit-for-dynamic-analysis sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 platform=windows10

Context Example#

{
"ReversingLabs": {
"detonate_sample_dynamic": {
"rl": {
"analysis_id": "bd4819f0-0327-4579-b72e-08ebfeeae49a",
"requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"status": "started"
}
}
}
}

Human Readable Output#

ReversingLabs submit sample 21841b32c6165b27dddbd4d6eb3a672defe54271 for Dynamic Analysis#

Status: started Requested hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 Analysis ID: bd4819f0-0327-4579-b72e-08ebfeeae49a

reversinglabs-titaniumcloud-get-dynamic-analysis-results#


Retrieve dynamic analysis results.

Base Command#

reversinglabs-titaniumcloud-get-dynamic-analysis-results

Input#

Argument NameDescriptionRequired
sha1Sample SHA-1 hash.Required

Context Output#

PathTypeDescription
File.MD5StringMD5 hash.
File.SHA1StringSHA1 hash.
File.SHA256StringSHA256 hash.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.dynamic_analysis_resultsUnknownThe dynamic analysis results.

Command example#

!reversinglabs-titaniumcloud-get-dynamic-analysis-results sha1=21841b32c6165b27dddbd4d6eb3a672defe54271

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Score": 0,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
}
],
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
"InfoFile": {
"EntryID": "7660@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "Dynamic analysis report file for sample 21841b32c6165b27dddbd4d6eb3a672defe54271",
"Size": 1001542,
"Type": "ASCII text, with very long lines"
},
"ReversingLabs": {
"dynamic_analysis_results": {
"rl": {
"report": {
"analysis_duration": 213,
"analysis_id": "9665584d-57d9-4f8a-b63b-5c762b37fc33",
"analysis_time": "2023-05-18T11:55:15",
"behavioral": [
{
"file_actions": [
{
"action_type": "file_created",
"file_name": "Start Menu",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "WS2_32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WININET.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Roaming",
"file_path": "C:\\Users\\user\\AppData",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.done.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "win32u.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cfgmgr32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ADVAPI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GDI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcryptPrimitives.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntdll.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcp_win.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SspiCli.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Programs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "combase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "windows.storage.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "apphelp.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "RPCRT4.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ucrtbase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNEL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sysmain.sdb",
"file_path": "C:\\WINDOWS\\AppPatch",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "user",
"file_path": "C:\\Users",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "SHELL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sechost.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shlwapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gdi32full.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kernel.appcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "powrprof.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "FLTLIB.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "profapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNELBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Tox.exe",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcrt.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls32\\msvcp_win.dll"
},
{
"module_name": "\\KnownDlls32\\RPCRT4.dll"
},
{
"module_name": "\\KnownDlls32\\WS2_32.dll"
},
{
"module_name": "\\KnownDlls32\\USER32.dll"
},
{
"module_name": "\\KnownDlls32\\combase.dll"
},
{
"module_name": "\\KnownDlls32\\profapi.dll"
},
{
"module_name": "\\KnownDlls32\\windows.storage.dll"
},
{
"module_name": "\\KnownDlls32\\FLTLIB.DLL"
},
{
"module_name": "\\KnownDlls32\\KERNEL32.DLL"
},
{
"module_name": "\\KnownDlls32\\kernel.appcore.dll"
},
{
"module_name": "\\KnownDlls32\\KERNELBASE.dll"
},
{
"module_name": "\\KnownDlls32\\win32u.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\apphelp.dll"
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"
},
{
"module_name": "\\KnownDlls32\\IMM32.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"
},
{
"module_name": "\\KnownDlls32\\kernel32.dll"
},
{
"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"
},
{
"module_name": "\\KnownDlls32\\powrprof.dll"
},
{
"module_name": "\\KnownDlls32\\msvcrt.dll"
},
{
"module_name": "\\KnownDlls\\wow64.dll"
},
{
"module_name": "\\KnownDlls32\\sechost.dll"
},
{
"module_name": "unknown"
},
{
"module_name": "\\KnownDlls\\wow64log.dll"
},
{
"module_name": "\\KnownDlls32\\apphelp.dll"
},
{
"module_name": "\\KnownDlls\\wow64cpu.dll"
},
{
"module_name": "\\KnownDlls32\\cfgmgr32.dll"
},
{
"module_name": "\\KnownDlls\\wow64win.dll"
},
{
"module_name": "\\KnownDlls32\\ucrtbase.dll"
},
{
"module_name": "\\KnownDlls32\\GDI32.dll"
},
{
"module_name": "\\KnownDlls32\\WININET.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"
},
{
"module_name": "\\KnownDlls32\\SspiCli.dll"
},
{
"module_name": "\\KnownDlls32\\shlwapi.dll"
},
{
"module_name": "\\KnownDlls32\\shcore.dll"
},
{
"module_name": "\\KnownDlls32\\SHELL32.DLL"
},
{
"module_name": "C:\\Windows\\apppatch\\sysmain.sdb"
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection"
},
{
"module_name": "\\KnownDlls32\\CRYPTBASE.dll"
},
{
"module_name": "\\KnownDlls32\\gdi32full.dll"
},
{
"module_name": "\\KnownDlls32\\ADVAPI32.dll"
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:64:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:168:WilStaging_02",
"status": "success or wait"
}
],
"process": {
"name": "Tox.exe",
"parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" "
},
"process_actions": [
{
"action_type": "process_queried",
"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",
"status": "success or wait"
},
{
"action_type": "process_terminated",
"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "buffer overflow"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Tox.exe",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\NULL",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found",
"value": ""
}
]
},
{
"file_actions": [
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "R000000000013.clb",
"file_path": "C:\\WINDOWS\\Registration",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "object name collision"
},
{
"action_type": "file_created",
"file_name": "Start Menu",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "uxtheme.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WININET.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ole32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.done.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "user",
"file_path": "C:\\Users",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "Desktop",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Roaming",
"file_path": "C:\\Users\\user\\AppData",
"status": "object name collision"
},
{
"action_type": "file_created",
"file_name": "Programs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "dwmapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TextInputFramework.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntmarta.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CoreUIComponents.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CoreMessaging.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wintypes.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "StaticCache.dat",
"file_path": "C:\\Windows\\Fonts",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "staticcache.dat",
"file_path": "C:\\Windows\\Fonts",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll.mui",
"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls32\\windows.storage.dll"
},
{
"module_name": "\\KnownDlls32\\OLEAUT32.dll"
},
{
"module_name": "\\KnownDlls32\\powrprof.dll"
},
{
"module_name": "\\KnownDlls32\\msvcrt.dll"
},
{
"module_name": "\\KnownDlls32\\combase.dll"
},
{
"module_name": "unknown"
},
{
"module_name": "\\KnownDlls\\wow64cpu.dll"
},
{
"module_name": "\\KnownDlls32\\clbcatq.dll"
},
{
"module_name": "\\KnownDlls32\\ucrtbase.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll"
},
{
"module_name": "C:\\Windows\\Registration\\R000000000013.clb"
},
{
"module_name": "\\KnownDlls32\\RPCRT4.dll"
},
{
"module_name": "\\KnownDlls32\\FLTLIB.DLL"
},
{
"module_name": "\\KnownDlls32\\KERNEL32.DLL"
},
{
"module_name": "\\KnownDlls32\\cfgmgr32.dll"
},
{
"module_name": "\\KnownDlls32\\uxtheme.dll"
},
{
"module_name": "\\KnownDlls32\\SHELL32.DLL"
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection"
},
{
"module_name": "\\KnownDlls32\\shcore.dll"
},
{
"module_name": "\\KnownDlls32\\WS2_32.dll"
},
{
"module_name": "\\KnownDlls32\\kernel.appcore.dll"
},
{
"module_name": "\\KnownDlls32\\win32u.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll"
},
{
"module_name": "\\KnownDlls32\\IMM32.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"
},
{
"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"
},
{
"module_name": "\\KnownDlls32\\sechost.dll"
},
{
"module_name": "\\KnownDlls\\wow64win.dll"
},
{
"module_name": "\\KnownDlls32\\GDI32.dll"
},
{
"module_name": "\\KnownDlls32\\SspiCli.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__"
},
{
"module_name": "\\KnownDlls32\\msvcp_win.dll"
},
{
"module_name": "\\KnownDlls32\\USER32.dll"
},
{
"module_name": "\\KnownDlls32\\KERNELBASE.dll"
},
{
"module_name": "\\KnownDlls32\\profapi.dll"
},
{
"module_name": "\\KnownDlls32\\kernel32.dll"
},
{
"module_name": "\\KnownDlls\\wow64.dll"
},
{
"module_name": "\\KnownDlls\\wow64log.dll"
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
},
{
"module_name": "\\KnownDlls32\\shlwapi.dll"
},
{
"module_name": "\\KnownDlls32\\WININET.DLL"
},
{
"module_name": "\\KnownDlls32\\CRYPTBASE.dll"
},
{
"module_name": "\\KnownDlls32\\gdi32full.dll"
},
{
"module_name": "\\KnownDlls32\\ADVAPI32.dll"
},
{
"module_name": "\\KnownDlls32\\ole32.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1"
},
{
"module_name": "C:\\Windows\\Fonts\\StaticCache.dat"
},
{
"module_name": "\\KnownDlls32\\ntmarta.dll"
},
{
"module_name": "\\KnownDlls32\\CoreMessaging.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\ole32.dll"
},
{
"module_name": "\\KnownDlls32\\dwmapi.dll"
},
{
"module_name": "\\Sessions\\1\\Windows\\ThemeSection"
},
{
"module_name": "\\KnownDlls32\\MSCTF.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\TextInputFramework.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\en-US\\user32.dll.mui"
},
{
"module_name": "C:\\Windows\\SysWOW64\\ntmarta.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\CoreMessaging.dll"
},
{
"module_name": "\\KnownDlls32\\TextInputFramework.dll"
},
{
"module_name": "\\KnownDlls32\\wintypes.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory"
},
{
"module_name": "\\KnownDlls32\\CoreUIComponents.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\dwmapi.dll"
},
{
"module_name": "\\Windows\\Theme2337474972",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\Theme3085020103",
"module_tag": ""
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:168:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:64:WilError_01",
"status": "success or wait"
}
],
"process": {
"name": "rl_file.exe",
"parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" "
},
"process_actions": [
{
"action_type": "process_queried",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
},
{
"action_type": "process_terminated",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\NULL",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\App Management",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\Compatibility\\rl_file.exe",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\App Management",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Input",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
"status": "success or wait",
"value": ""
}
]
},
{
"file_actions": [
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-white_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-black_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mk-MK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-white_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cs-CZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "248aaea9.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sr-Cyrl-BA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-GT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.done.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "History",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "294af3d2.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ms-MY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-IT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "edputil.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-AT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "294af3d2.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-TN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ro-RO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-RE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "da083887.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uxtheme.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "chrome_shutdown_ms.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "af-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UsageLogs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "DeviceDiagnostic.debugreport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-BH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "2ab80eb2.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-black_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ucrtbase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-black_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Temp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "DefaultLayouts.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "DefaultLayouts.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "versionlist.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Chrome",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-IT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Credentials",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "tox.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-YE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Converged_v21033[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Converged_v21033[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "active-update.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hi-IN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-ML",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-419",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "BrowserMetrics",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-black_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "DeviceDiagnostic.debugreport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ActiveSync",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "settings-tipset[2].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[3].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistMSI1AE4.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistUI7855.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-IE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-GT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "c43bb7d1.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "au-descriptor-1.8.0_301-b09.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "2ab80eb2.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "LogoImages",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "3534848bb9f4cb71",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "results.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-BZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Windows",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-FR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-SN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sl-SI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "lv-LV",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "BDN4269.tmp.dir",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "favicon[2].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shlwapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OLEAUT32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-black_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "InputPersonalization",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "favicon[3].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "end of file"
},
{
"action_type": "file_opened",
"file_name": "id-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-RE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "eu-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-white_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[2].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcrypt.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WININET.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Windows",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "705bcfd6.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "294af3d2.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-MY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GDI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ha-Latn-NG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rsaenh.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDrive.VisualElementsManifest.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sl-SI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hu-HU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcp_win.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TokenBroker",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sv-FI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ru-RU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "imagestore",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "2ab80eb2.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-black_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_vcredistUI7869.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTSP.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Media Player",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "es-HN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v2.0_32",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLDAPI.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MicrosoftEdge",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-SA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistMSI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "DefaultLayouts.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sq-AL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "System",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ResultReport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Event Viewer",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.decrypt.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_written",
"file_name": "dd_vcredistMSI7855.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hu-HU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-OM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-black_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "User",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistMSI7855.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_read",
"file_name": "brndlog.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WS2_32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-black_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "favicon[3].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fa-IR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "win32u.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistMSI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "510dd5a4.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sk-SK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "5fc0968a.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Microsoft",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistMSI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Firefox",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-SN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MountPointManager",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Converged_v21033[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-HK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kernel.appcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-BE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-GB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-white_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gl-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "12.0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "c:",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DeviceDiagnostic.debugreport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-white_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "favicon[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "end of file"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Converged_v21033[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GameDVR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-029",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistUI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-MX",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "4254396c.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WidevineCdm",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sk-SK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bg-BG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UserProfileRoaming",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Vault",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNELBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-DZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-white_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tr-TR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "Converged_v21033[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-FR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNEL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-white_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "input",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "favicon[2].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "desktop.ini",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "af-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-QA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-EG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "c43bb7d1.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sysmain.sdb",
"file_path": "C:\\WINDOWS\\AppPatch",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDrive.VisualElementsManifest.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "294af3d2.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-NZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-black_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDrive",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-IQ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "248aaea9.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "aeb763fb.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "apphelp.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-KW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-EC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CrashReports",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hy-AM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "favicon[3].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "end of file"
},
{
"action_type": "file_opened",
"file_name": "Low",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tr-TR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "eu-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Recovery",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-white_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "msapplication.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "brndlog.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-SG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fi-FI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hr-BA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistMSI19D2.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-VE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pt-PT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "versionlist.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nb-NO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "setup",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-MX",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Groove",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "user",
"file_path": "C:\\Users",
"status": "object name collision"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nl-BE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ka-GE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "clbcatq.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AppData",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "favicon[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-UY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "8fce0f3.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "au-descriptor-1.8.0_301-b09.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-black_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "History.IE5",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-SG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistUI19D2.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "favicon[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-DO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistMSI19D2.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sechost.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DBG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-black_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "acrocef_low",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "8fce0f3.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"