Skip to main content

ReversingLabs TitaniumCloud v2

This Integration is part of the ReversingLabs TitaniumCloud Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

ReversingLabs TitaniumCloud provides threat analysis data from various ReversingLabs cloud services.

Configure ReversingLabs TitaniumCloud v2 on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for ReversingLabs TitaniumCloud v2.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    ReversingLabs TitaniumCloud URLTrue
    CredentialsTrue
    PasswordTrue
    ReliabilityFalse
    Verify certificatesFalse
    HTTP proxy address with the protocol and port number.False
    HTTP proxy usernameFalse
    HTTP proxy passwordFalse
    HTTPS proxy address with the protocol and port number.False
    HTTPS proxy usernameFalse
    HTTPS proxy passwordFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

reversinglabs-titaniumcloud-file-reputation#


Retrieve File Reputation data from TitaniumCloud

Base Command#

reversinglabs-titaniumcloud-file-reputation

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.MD5UnknownBad hash found
File.SHA1UnknownBad hash SHA1
File.SHA256UnknownBad hash SHA256
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.file_reputationUnknown

Command example#

!reversinglabs-titaniumcloud-file-reputation hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Reliability": "C - Fairly reliable",
"Score": 3,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"Malicious": {
"Description": "antivirus - Win32.Ransomware.Tox",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"ReversingLabs": {
"file_reputation": {
"rl": {
"malware_presence": {
"classification": {
"family_name": "Tox",
"is_generic": false,
"platform": "Win32",
"type": "Ransomware"
},
"first_seen": "2015-05-30T22:04:00",
"last_seen": "2023-06-06T16:16:58",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"query_hash": {
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
"reason": "antivirus",
"scanner_count": 34,
"scanner_match": 32,
"scanner_percent": 94.11764526367188,
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"status": "MALICIOUS",
"threat_level": 5,
"threat_name": "Win32.Ransomware.Tox",
"trust_factor": 5
}
}
}
}
}

Human Readable Output#

ReversingLabs File Reputation for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

Classification: MALICIOUS Classification reason: antivirus First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:16:58 AV scanner hits / total number of scanners: 32 / 34 AV scanner hit percentage: 94.11764526367188% MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 Threat name: Win32.Ransomware.Tox Threat level: 5

reversinglabs-titaniumcloud-av-scanners#


Retrieve AV Scanner data from TitaniumCloud.

Base Command#

reversinglabs-titaniumcloud-av-scanners

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.MD5UnknownBad hash found
File.SHA1UnknownBad hash SHA1
File.SHA256UnknownBad hash SHA256
ReversingLabs.av_scannersUnknown

Command example#

!reversinglabs-titaniumcloud-av-scanners hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Score": 0,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"ReversingLabs": {
"av_scanners": {
"rl": {
"sample": {
"first_scanned_on": "2015-05-30T22:04:00",
"first_seen_on": "2015-05-30T22:04:00",
"last_scanned_on": "2023-06-06T16:15:00",
"last_seen_on": "2023-06-06T16:15:00",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"ripemd160": "d26f686b6af13b9073f77a1ba5a7b610934dc625",
"sample_size": 636416,
"sample_type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed",
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"sha384": "e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be",
"sha512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",
"single_scan": false,
"xref": [
{
"results": [
{
"result": "[TROJAN] Trojan/Win32.Toxic.R150440",
"scanner": "scanner1"
},
{
"result": "detected",
"scanner": "scanner2"
},
{
"result": "Win32:Malware-gen",
"scanner": "scanner3"
},
{
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C",
"scanner": "scanner4"
},
{
"result": "trojan",
"scanner": "scanner5"
},
{
"result": "PUA.Win.Packer.UpxProtector-1",
"scanner": "scanner6"
},
{
"result": "win/malicious_confidence_100",
"scanner": "scanner7"
},
{
"result": "malware.confidence_100",
"scanner": "scanner8"
},
{
"result": "Trojan.Encoder.1155",
"scanner": "scanner9"
},
{
"result": "malicious (moderate confidence)",
"scanner": "scanner10"
},
{
"result": "Detected",
"scanner": "scanner11"
},
{
"result": "W32/ToxKrypt.A!tr",
"scanner": "scanner12"
},
{
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C",
"scanner": "scanner13"
},
{
"result": "Trojan.Win32.Filecoder",
"scanner": "scanner15"
},
{
"result": "Trojan (0055e3ef1)",
"scanner": "scanner16"
},
{
"result": "Generic.Malware/Suspicious",
"scanner": "scanner17"
},
{
"result": "Ransom-Tox!11B48E409D96 (trojan)",
"scanner": "scanner18"
},
{
"result": "Ransom-Tox!11B48E409D96 (trojan)",
"scanner": "scanner19"
},
{
"result": "Artemis!3133C2231FCE (trojan)",
"scanner": "scanner20"
},
{
"result": "Ransom:Win32/Tocrypt.B",
"scanner": "scanner21"
},
{
"result": "Ransom:Win32/Tocrypt.B",
"scanner": "scanner22"
},
{
"result": "Trj/Genetic.gen",
"scanner": "scanner23"
},
{
"result": "Trj/Genetic.gen",
"scanner": "scanner24"
},
{
"result": "",
"scanner": "scanner25"
},
{
"result": "Ransom.Tocrypt!8.53B6",
"scanner": "scanner26"
},
{
"result": "Malware.Undefined!8.C",
"scanner": "scanner27"
},
{
"result": "DFI - Suspicious PE",
"scanner": "scanner28"
},
{
"result": "",
"scanner": "scanner29"
},
{
"result": "Mal/Generic-R",
"scanner": "scanner30"
},
{
"result": "Trojan.Gen.2",
"scanner": "scanner31"
},
{
"result": "Trojan.Gen.2",
"scanner": "scanner32"
},
{
"result": "TROJ_CRYPTOX.T",
"scanner": "scanner33"
},
{
"result": "TROJ_CRYPTOX.T",
"scanner": "scanner34"
},
{
"result": "SScope.Malware-Cryptor.Toxic",
"scanner": "scanner35"
}
],
"scanned_on": "2023-06-06T16:15:00",
"scanner_count": 37,
"scanner_match": 32,
"scanners": [
{
"name": "scanner1",
"timestamp": "2023-06-06T12:15:00",
"version": "scanner_version1"
},
{
"name": "scanner2",
"timestamp": "2023-06-06T14:55:00",
"version": "scanner_version2"
},
{
"name": "scanner3",
"timestamp": "2023-06-06T15:26:00",
"version": "scanner_version3"
},
{
"name": "scanner4",
"timestamp": "2023-06-06T15:44:00",
"version": "scanner_version4"
},
{
"name": "scanner5",
"timestamp": "2023-06-06T16:03:00",
"version": "scanner_version5"
},
{
"name": "scanner6",
"timestamp": "2023-06-06T09:09:00",
"version": "scanner_version6"
},
{
"name": "scanner7",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version7"
},
{
"name": "scanner8",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version8"
},
{
"name": "scanner9",
"timestamp": "2023-06-06T15:06:00",
"version": "scanner_version9"
},
{
"name": "scanner10",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version10"
},
{
"name": "scanner11",
"timestamp": "2023-06-06T16:04:00",
"version": "scanner_version11"
},
{
"name": "scanner12",
"timestamp": "2023-06-06T15:06:00",
"version": "scanner_version12"
},
{
"name": "scanner13",
"timestamp": "2023-06-06T15:28:00",
"version": "scanner_version13"
},
{
"name": "scanner14",
"timestamp": "2023-06-06T15:25:00",
"version": "scanner_version14"
},
{
"name": "scanner15",
"timestamp": "2023-06-06T14:31:00",
"version": "scanner_version15"
},
{
"name": "scanner16",
"timestamp": "2023-06-06T15:44:00",
"version": "scanner_version16"
},
{
"name": "scanner17",
"timestamp": "2023-06-06T16:05:00",
"version": "scanner_version17"
},
{
"name": "scanner18",
"timestamp": "2023-06-06T15:46:00",
"version": "scanner_version18"
},
{
"name": "scanner19",
"timestamp": "2023-06-06T01:34:00",
"version": "scanner_version19"
},
{
"name": "scanner20",
"timestamp": "2023-06-06T15:46:00",
"version": "scanner_version20"
},
{
"name": "scanner21",
"timestamp": "2023-06-06T10:11:00",
"version": "scanner_version21"
},
{
"name": "scanner22",
"timestamp": "2023-06-06T12:28:00",
"version": "scanner_version22"
},
{
"name": "scanner23",
"timestamp": "2023-06-06T12:28:00",
"version": "scanner_version23"
},
{
"name": "scanner24",
"timestamp": "2023-06-06T15:00:00",
"version": "scanner_version24"
},
{
"name": "scanner25",
"timestamp": "2023-06-06T15:00:00",
"version": "scanner_version25"
},
{
"name": "scanner26",
"timestamp": "2023-06-05T23:53:00",
"version": "scanner_version26"
},
{
"name": "scanner27",
"timestamp": "2023-06-06T11:13:00",
"version": "scanner_version27"
},
{
"name": "scanner28",
"timestamp": "2023-06-06T11:13:00",
"version": "scanner_version28"
},
{
"name": "scanner29",
"timestamp": "2023-06-06T16:08:00",
"version": "scanner_version29"
},
{
"name": "scanner30",
"timestamp": "2023-06-06T16:08:00",
"version": "scanner_version30"
},
{
"name": "scanner31",
"timestamp": "2023-06-06T12:00:00",
"version": "scanner_version31"
},
{
"name": "scanner32",
"timestamp": "2023-06-06T11:53:00",
"version": "scanner_version32"
},
{
"name": "scanner33",
"timestamp": "2023-06-06T14:29:00",
"version": "scanner_version33"
},
{
"name": "scanner34",
"timestamp": "2023-06-06T11:53:00",
"version": "scanner_version34"
},
{
"name": "scanner35",
"timestamp": "2023-06-06T15:43:00",
"version": "scanner_version35"
},
{
"name": "scanner36",
"timestamp": "2023-06-06T15:43:00",
"version": "scanner_version36"
},
{
"name": "scanner37",
"timestamp": "2023-06-06T11:01:00",
"version": "scanner_version37"
}
]
}
]
}
}
}
}
}

Human Readable Output#

ReversingLabs AV Scan results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

First scanned on: 2015-05-30T22:04:00 First seen on: 2015-05-30T22:04:00 Last scanned on: 2023-06-06T16:15:00 Last seen on: 2023-06-06T16:15:00 Sample size: 636416 bytes Sample type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 SHA-512 hash: 205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f SHA-384 hash: e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be RIPEMD-160 hash: d26f686b6af13b9073f77a1ba5a7b610934dc625 Scanner count: 37 Scanner match: 32

Latest scan results#

resultscanner
[TROJAN] Trojan/Win32.Toxic.R150440scanner1
detectedscanner2
Win32:Malware-genscanner3
DeepScan:Generic.Ransom.WCryG.5BC9065Cscanner4
trojanscanner5
PUA.Win.Packer.UpxProtector-1scanner6
win/malicious_confidence_100scanner7
malware.confidence_100scanner8
Trojan.Encoder.1155scanner9
malicious (moderate confidence)scanner10
Detectedscanner11
W32/ToxKrypt.A!trscanner12
DeepScan:Generic.Ransom.WCryG.5BC9065Cscanner13
Trojan.Win32.Filecoderscanner14
Trojan (0055e3ef1)scanner15
Generic.Malware/Suspiciousscanner16
Ransom-Tox!11B48E409D96 (trojan)scanner17
Ransom-Tox!11B48E409D96 (trojan)scanner18
Artemis!3133C2231FCE (trojan)scanner19
Ransom:Win32/Tocrypt.Bscanner20
Ransom:Win32/Tocrypt.Bscanner21
Trj/Genetic.genscanner22
Trj/Genetic.genscanner23
scanner24
Ransom.Tocrypt!8.53B6scanner25
Malware.Undefined!8.Cscanner26
DFI - Suspicious PEscanner27
scanner28
Mal/Generic-Rscanner29
Trojan.Gen.2scanner30
Trojan.Gen.2scanner31
TROJ_CRYPTOX.Tscanner32
TROJ_CRYPTOX.Tscanner33
SScope.Malware-Cryptor.Toxicscanner34

reversinglabs-titaniumcloud-file-analysis#


Retrieve File Analysis by hash data from TitaniumCloud.

Base Command#

reversinglabs-titaniumcloud-file-analysis

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.MD5UnknownBad hash found
File.SHA1UnknownBad hash SHA1
File.SHA256UnknownBad hash SHA256
ReversingLabs.file_analysisUnknown

Command example#

!reversinglabs-titaniumcloud-file-analysis hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Score": 0,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"InfoFile": {
"EntryID": "7642@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "File Analysis report file for hash 21841b32c6165b27dddbd4d6eb3a672defe54271",
"Size": 422187,
"Type": "ASCII text, with very long lines"
},
"ReversingLabs": {
"file_analysis": {
"rl": {
"sample": {
"analysis": {
"entries": [
{
"analysis_type": "TC_REPORT",
"analysis_version": "3.0.1",
"record_time": "2021-06-17T14:15:17",
"tc_report": {
"info": {
"file": {
"file_subtype": "Exe",
"file_type": "PE"
},
"identification": {
"name": "UPX"
},
"validation": {
"valid": true
}
},
"interesting_strings": [
{
"category": "mailto",
"values": [
"O@0.0.0.2",
"d9@0.0.0.46",
"t@0.0.0.99"
]
}
],
"metadata": {
"application": {
"pe": {
"dos_header": {
"e_cblp": 3,
"e_cp": 0,
"e_cparhdr": 0,
"e_crlc": 4,
"e_cs": 64,
"e_csum": 0,
"e_ip": 0,
"e_lfanew": 128,
"e_lfarlc": 0,
"e_maxalloc": 0,
"e_minalloc": 65535,
"e_oemid": 0,
"e_oeminfo": 0,
"e_ovno": 0,
"e_res": "0000000000000000",
"e_res2": "0000000000000000000000000000000000000000",
"e_sp": 0,
"e_ss": 184,
"has_rich_header": true
},
"file_header": {
"characteristics": 783,
"machine": 332,
"number_of_sections": 3,
"number_of_symbols": 0,
"pointer_to_symbol_table": 0,
"size_of_optional_headers": 224,
"time_date_stamp": 1432851937,
"time_date_stamp_decoded": "Thu May 28 22:25:37 2015"
},
"imports": [
{
"apis": [
"CryptHashData"
],
"name": "ADVAPI32.dll"
},
{
"apis": [
"LoadLibraryA",
"GetProcAddress",
"VirtualProtect",
"VirtualAlloc",
"VirtualFree",
"ExitProcess"
],
"name": "KERNEL32.DLL"
},
{
"apis": [
"ShellExecuteA"
],
"name": "SHELL32.DLL"
},
{
"apis": [
"wsprintfA"
],
"name": "USER32.dll"
},
{
"apis": [
"InternetOpenA"
],
"name": "WININET.DLL"
},
{
"apis": [
"bind"
],
"name": "WS2_32.dll"
},
{
"apis": [
"_iob"
],
"name": "msvcrt.dll"
}
],
"optional_header": {
"address_of_entry_point": 2497408,
"base_of_code": 1880064,
"base_of_data": 2498560,
"checksum": 0,
"data_directories": [
{
"address": 0,
"size": 0
},
{
"address": 2515688,
"size": 480
},
{
"address": 2498560,
"size": 17128
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 2497904,
"size": 24
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
},
{
"address": 0,
"size": 0
}
],
"dll_characteristics": 0,
"file_alignment": 512,
"image_base": 4194304,
"is_checksum_valid": false,
"loader_flags": 0,
"major_image_version": 1,
"major_linker_version": 2,
"major_os_version": 4,
"major_subsystem_version": 4,
"minor_image_version": 0,
"minor_linker_version": 24,
"minor_os_version": 0,
"minor_subsystem_version": 0,
"number_of_rva_and_sizes": 16,
"section_alignment": 4096,
"size_of_code": 618496,
"size_of_headers": 4096,
"size_of_heap_commit": 4096,
"size_of_heap_reserve": 1048576,
"size_of_image": 2519040,
"size_of_initialized_data": 20480,
"size_of_stack_commit": 4096,
"size_of_stack_reserve": 2097152,
"size_of_uninitialized_data": 1875968,
"subsystem": 2,
"win32_version_value": 0
},
"resources": [
{
"code_page": 0,
"language_id": 1033,
"language_id_name": "English - United States",
"name": "1",
"offset": 618664,
"size": 16936,
"type": "RT_ICON"
},
{
"code_page": 0,
"language_id": 1033,
"language_id_name": "English - United States",
"name": "A",
"offset": 635604,
"size": 20,
"type": "RT_GROUP_ICON"
}
],
"sections": [
{
"address": 4096,
"flags": 3758096512,
"name": "UPX0",
"offset": 512,
"size": 0
},
{
"address": 1880064,
"flags": 3758096448,
"name": "UPX1",
"offset": 512,
"size": 617984
},
{
"address": 2498560,
"flags": 3221225536,
"name": ".rsrc",
"offset": 618496,
"size": 17920
}
]
}
}
},
"story": "This file (SHA1: 21841b32c6165b27dddbd4d6eb3a672defe54271) is a 32-bit portable executable application. Additionally, it was identified as UPX 0.60-3.x executable packer, and unpacking was successful. The application uses the Windows graphical user interface (GUI) subsystem, while the language used is English from United States. Cryptography related data was found in the file. This application has access to networking and running processes and has cryptography and security related capabilities. There is one extracted file."
}
}
]
},
"crc32": "8704451d",
"dynamic_analysis": {
"entries": [
{
"dynamic_analysis_report_joe_sandbox": {
"analysed_on": "2023-05-18T11:55:15",
"joe_sandbox_version": "34.0.0",
"summary": {
"mutexes": [
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:168:WilStaging_02",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh",
"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:64:WilError_01",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:64:WilError_01",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:168:WilStaging_02",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:168:WilStaging_02",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:64:WilError_01",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem"
]
}
}
},
{
"dynamic_analysis_report": {
"analysed_on": "2021-03-04T09:12:25",
"cuckoo_version": "2.0",
"summary": {
"mutexes": [
"gcc-shmem-tdm2-mxattr_recursive_shmem",
"gcc-shmem-tdm2-_pthread_key_sch_shmem",
"gcc-shmem-tdm2-sjlj_once",
"gcc-shmem-tdm2-_pthread_key_dest_shmem",
"gcc-shmem-tdm2-pthr_root_shmem",
"gcc-shmem-tdm2-idListMax_shmem",
"gcc-shmem-tdm2-global_lock_spinlock",
"gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"gcc-shmem-tdm2-idListCnt_shmem",
"gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"gcc-shmem-tdm2-idList_shmem",
"gcc-shmem-tdm2-mutex_global_shmem",
"gcc-shmem-tdm2-rwl_global_shmem",
"gcc-shmem-tdm2-mutex_global_static_shmem",
"gcc-shmem-tdm2-_pthread_key_max_shmem",
"gcc-shmem-tdm2-idListNextId_shmem",
"gcc-shmem-tdm2-_pthread_tls_shmem",
"gcc-shmem-tdm2-_pthread_tls_once_shmem",
"toxcrypt",
"gcc-shmem-tdm2-fc_key",
"gcc-shmem-tdm2-once_global_shmem",
"gcc-shmem-tdm2-_pthread_key_lock_shmem",
"gcc-shmem-tdm2-init",
"gcc-shmem-tdm2-use_fc_key",
"gcc-shmem-tdm2-once_obj_shmem"
]
}
}
}
]
},
"imphash": "ff43c5463f31cbd4000b19e8beed1ef0",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"relationships": {
"container_sample_sha1": [
"50267628309d0e320d6ed25b198bb9a9a6181535",
"0656564814da810938c100e7fef5bf14cc8fa691",
"21841b32c6165b27dddbd4d6eb3a672defe54271",
"f0d94e01b7c39bcd7fbf901811bfc7d8ea49bc11"
],
"parent_sample_sha1": [
"0656564814da810938c100e7fef5bf14cc8fa691",
"f0d94e01b7c39bcd7fbf901811bfc7d8ea49bc11",
"50267628309d0e320d6ed25b198bb9a9a6181535"
]
},
"ripemd160": "d26f686b6af13b9073f77a1ba5a7b610934dc625",
"sample_size": 636416,
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"sha384": "e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be",
"sha512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",
"sources": {
"entries": [
{
"properties": [
{
"name": "file_name",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"
}
],
"record_time": "2021-06-17T14:14:37",
"tag": "reversing_labs"
},
{
"properties": [
{
"name": "file_name",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"
}
],
"record_time": "2021-04-19T11:08:27",
"tag": "external_feed"
},
{
"properties": [
{
"name": "file_name",
"value": "Tox.exe.0.dr"
},
{
"name": "cuckoo_parent",
"value": "0437e2a71065624b78d41701ba07aebb200f684f"
}
],
"record_time": "2020-12-09T22:13:13",
"tag": "reversing_labs"
},
{
"properties": [
{
"name": "file_name",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271.rl"
}
],
"record_time": "2020-01-29T08:39:40",
"tag": "reversing_labs"
},
{
"record_time": "2019-10-10T09:13:15",
"tag": "reversing_labs"
},
{
"record_time": "2018-08-01T09:01:06",
"tag": "reversing_labs"
},
{
"record_time": "2018-07-31T20:07:27",
"tag": "reversing_labs"
},
{
"record_time": "2018-07-29T19:12:10",
"tag": "reversing_labs"
},
{
"record_time": "2015-06-11T23:54:00",
"tag": "reversing_labs"
},
{
"record_time": "2015-05-31T18:03:33",
"tag": "reversing_labs"
}
]
},
"ssdeep": "12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl",
"xref": {
"entries": [
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-06-06T12:15:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-06-06T14:55:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-06-06T15:26:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-06-06T15:44:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-06-06T16:03:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-06-06T09:09:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-06-06T16:04:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-06-06T16:04:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-06-06T15:06:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-06-06T16:04:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-06-06T16:04:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-06-06T15:06:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-06-06T15:28:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-06-06T15:25:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-06-06T14:31:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-06-06T15:44:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-06-06T16:05:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-06-06T15:46:00",
"version": "avvdat-10733.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-06-06T01:34:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-06-06T15:46:00",
"version": "avvdat-10733.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-06-06T10:11:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-06-06T12:28:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-06-06T12:28:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-06-06T15:00:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-06-06T15:00:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-06-05T23:53:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-06-06T11:13:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-06-06T11:13:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-06-06T16:08:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-06-06T16:08:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-06-06T12:00:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-06-06T11:53:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-06-06T14:29:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-06-06T11:53:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-06-06T15:43:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-06-06T15:43:00",
"version": "hcoth1849195.zip"
},
{
"name": "vba32",
"timestamp": "2023-06-06T11:01:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-06-06T16:15:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Malware.Undefined!8.C"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-24T11:26:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-24T15:18:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-24T14:20:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-24T15:04:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-24T15:20:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-24T08:55:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-24T15:20:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-24T15:21:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-24T15:09:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-24T15:21:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-24T15:21:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-24T14:55:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-24T11:28:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-24T14:41:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-23T19:22:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-24T13:48:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-24T15:22:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-23T14:36:00",
"version": "avvdat-10719.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-24T12:31:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-23T14:36:00",
"version": "avvdat-10719.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-24T12:41:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-24T03:59:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-24T03:59:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-24T14:56:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-24T14:56:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-24T03:17:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-24T10:51:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-24T10:51:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-24T15:26:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-24T15:26:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-24T10:56:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-23T11:47:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-24T14:03:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-23T11:47:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-24T15:24:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-24T15:24:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-24T12:46:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-24T15:33:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-18T10:07:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-18T10:32:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-18T10:40:00",
"version": "avast_db.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-18T09:58:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-18T11:44:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-18T08:58:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-18T11:45:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-18T11:45:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-18T09:49:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-18T11:45:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-18T11:45:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-18T10:57:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-18T10:30:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-18T10:49:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-18T10:07:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-18T10:54:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-18T11:46:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-18T09:54:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-18T10:41:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-18T10:41:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-18T09:58:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-18T09:58:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-18T01:11:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-18T11:44:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-18T11:44:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-18T11:48:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-18T11:48:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-18T02:19:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-18T11:02:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-18T11:08:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-18T11:02:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-18T11:28:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-18T09:26:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-18T11:51:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Malware.AI.3162889180"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.HLLP.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-18T06:06:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-18T08:32:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-18T08:35:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-18T07:54:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-18T09:03:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-18T08:58:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-18T09:03:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-18T09:03:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-18T07:38:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-18T09:04:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-18T09:05:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-18T08:54:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-18T08:26:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-18T08:43:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-17T19:59:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-18T06:53:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-18T09:08:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-18T07:39:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-18T06:40:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-18T06:40:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-18T07:55:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-18T07:55:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-18T01:11:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-18T05:41:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-18T05:41:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-18T09:12:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-18T09:12:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-18T02:19:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-18T08:58:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-18T07:06:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-18T08:58:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-18T07:25:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-18T07:25:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-18T09:16:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-17T11:54:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-17T16:27:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-17T18:05:00",
"version": "avast_db.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-17T17:24:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-17T18:28:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-17T08:38:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-17T18:29:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-17T18:29:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-17T18:18:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-17T18:30:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-17T18:30:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-17T16:28:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-17T18:04:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-17T17:56:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-17T13:55:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-17T16:48:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-17T18:33:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-17T15:23:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-17T17:39:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-17T17:39:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-16T22:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-17T17:36:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-17T17:36:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-17T18:38:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-17T18:39:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-17T12:15:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-17T17:02:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-17T17:14:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-17T17:14:00",
"version": "hcoth1844995.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-17T18:49:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-17T11:54:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-17T16:27:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-17T16:00:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-17T15:20:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-17T17:03:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-17T08:38:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-17T17:03:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-17T17:03:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-17T16:07:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-17T17:03:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-17T17:03:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-17T16:28:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-17T16:01:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-17T15:50:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-17T13:55:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-17T16:48:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-17T17:04:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T23:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-17T14:04:00",
"version": "avvdat-10713.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-17T15:23:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-17T16:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-17T15:37:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-17T15:37:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-16T22:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-17T11:33:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-17T11:33:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-17T17:06:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-17T17:06:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-17T12:15:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-17T17:02:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-17T15:12:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-17T13:11:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-17T15:35:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-17T17:09:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Malware.Undefined!8.C"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Mal/Generic-R"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2023-05-16T11:41:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2023-05-16T18:20:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2023-05-16T23:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2023-05-16T22:46:00",
"version": "bitdefender_pack.rar"
},
{
"name": "carbonblack",
"timestamp": "2023-05-16T23:32:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2023-05-16T22:30:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2023-05-16T23:32:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2023-05-16T23:32:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2023-05-16T22:12:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2023-05-16T23:32:00",
"version": "endgame.exe"
},
{
"name": "ffri",
"timestamp": "2023-05-16T23:32:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2023-05-16T21:58:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2023-05-16T23:31:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2023-05-16T22:57:00",
"version": "gdata_pack.rar"
},
{
"name": "ikarus",
"timestamp": "2023-05-16T19:44:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2023-05-16T18:40:00",
"version": "K7Cmdline.zip"
},
{
"name": "malwarebytes",
"timestamp": "2023-05-16T23:33:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2023-05-16T15:59:00",
"version": "avvdat-10712.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2023-05-16T21:54:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2023-05-16T15:59:00",
"version": "avvdat-10712.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2023-05-16T22:30:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2023-05-16T20:28:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2023-05-16T20:28:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2023-05-16T23:17:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2023-05-16T23:17:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2023-05-16T22:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2023-05-16T23:26:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2023-05-16T23:26:00",
"version": "rame.zip"
},
{
"name": "sentinelone_online",
"timestamp": "2023-05-16T23:37:00",
"version": "not-available"
},
{
"name": "sonicwall",
"timestamp": "2023-05-16T23:37:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2023-05-16T22:11:00",
"version": "vdl-dataseta.zip"
},
{
"name": "symantec",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2023-05-16T22:56:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2023-05-16T12:49:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2023-05-16T23:00:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2023-05-16T23:00:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2023-05-16T19:26:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2023-05-16T23:38:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.UpxProtector-1"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "malwarebytes",
"result": "Generic.Malware/Suspicious"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone_online",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2022-06-08T11:05:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2022-06-08T10:50:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2022-06-08T11:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2022-06-08T08:50:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2022-06-08T12:42:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2022-06-08T08:15:00",
"version": "daily.cvd"
},
{
"name": "crowdstrike",
"timestamp": "2022-06-08T12:42:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2022-06-08T12:42:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "cyren",
"timestamp": "2022-06-08T11:40:00",
"version": "antivir-v2-z-202206081102.zip"
},
{
"name": "cyren_online",
"timestamp": "2022-06-08T11:40:00",
"version": "antivir-v2-z-202206081102.zip"
},
{
"name": "drweb",
"timestamp": "2022-06-08T11:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2022-06-08T12:42:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2022-06-08T12:42:00",
"version": "ensilo.exe"
},
{
"name": "ffri",
"timestamp": "2022-06-08T12:42:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2022-06-08T11:35:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2022-06-08T11:00:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2022-06-08T10:45:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2022-06-08T08:15:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2022-06-08T08:30:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2022-01-29T06:55:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2022-01-29T06:55:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2022-06-08T12:42:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2022-06-07T14:05:00",
"version": "avvdat-10371.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2022-06-08T11:15:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2022-06-07T14:05:00",
"version": "avvdat-10371.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2022-06-08T03:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2022-06-08T09:00:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2022-06-08T09:00:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2022-06-08T11:55:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2022-06-08T11:55:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2022-06-08T11:25:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2022-06-08T09:40:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2022-06-08T09:40:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2022-06-08T12:43:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2022-06-08T12:43:00",
"version": "sonicwall.exe"
},
{
"name": "sophos_susi",
"timestamp": "2022-06-08T09:35:00",
"version": "ide_5.92.zip"
},
{
"name": "symantec",
"timestamp": "2022-06-08T11:55:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2022-06-08T10:35:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2022-06-08T11:55:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2022-06-08T11:00:00",
"version": "icrc$tbl.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2022-06-08T09:25:00",
"version": "icrc$hctbl.zip"
},
{
"name": "vba32",
"timestamp": "2022-06-08T09:50:00",
"version": "vba32w-latest.7z"
}
]
},
"record_time": "2022-06-08T12:43:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "cyren",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "cyren_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "DeepScan:Generic.Ransom.WCryG.5BC9065C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "Ransom-Tox!11B48E409D96"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-06-17T11:40:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-06-17T12:45:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-06-17T13:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-06-17T12:20:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-06-17T14:15:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-06-16T12:45:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-06-17T11:45:00",
"version": "antivir-v2-z-202106171027.zip"
},
{
"name": "command_online",
"timestamp": "2021-06-17T11:45:00",
"version": "antivir-v2-z-202106171027.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-06-17T14:15:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-06-17T14:16:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-06-17T13:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-06-17T14:15:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-06-17T14:16:00",
"version": "ensilo.exe"
},
{
"name": "f_prot",
"timestamp": "2021-06-17T11:45:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-06-17T14:16:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-06-17T13:10:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-06-17T13:10:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-06-17T12:55:00",
"version": "bd.zip"
},
{
"name": "ikarus",
"timestamp": "2021-06-17T12:45:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-06-17T12:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-06-17T13:20:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-06-17T13:20:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-06-17T14:16:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-06-16T21:00:00",
"version": "avvdat-10017.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-06-17T13:15:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-06-16T21:00:00",
"version": "avvdat-10017.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-06-17T03:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-06-17T10:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-06-17T10:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-06-17T11:30:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-06-17T11:30:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-06-17T11:25:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-06-17T09:30:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-06-17T09:30:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-06-17T14:16:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-06-17T14:16:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-06-17T07:45:00",
"version": "ide_5.84.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-06-17T07:45:00",
"version": "ide_5.84.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-06-17T14:16:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-06-17T12:35:00",
"version": "CSE39VT-EN-93362-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-06-17T13:25:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-06-17T12:00:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-06-17T13:25:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-06-17T06:20:00",
"version": "ioth1678500.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-06-16T17:20:00",
"version": "hcoth1678395.zip"
},
{
"name": "vba32",
"timestamp": "2021-06-17T08:55:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-06-17T14:16:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-06-17T14:17:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Mytob.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": ""
},
{
"name": "rising_online",
"result": ""
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-19T08:00:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-19T06:10:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-19T10:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-19T09:50:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-19T11:09:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-18T19:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-19T09:20:00",
"version": "antivir-v2-z-202104190807.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-19T09:20:00",
"version": "antivir-v2-z-202104190807.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-19T11:09:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-19T11:09:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-19T10:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-19T11:09:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-19T11:09:00",
"version": "ensilo.exe"
},
{
"name": "f_prot",
"timestamp": "2021-04-19T09:20:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-19T11:09:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-19T09:55:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-19T10:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-19T10:20:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-19T08:20:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-19T08:40:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-19T10:20:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-19T10:20:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-19T11:09:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-18T14:05:00",
"version": "avvdat-9958.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-19T09:45:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-18T14:05:00",
"version": "avvdat-9958.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-19T03:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-19T07:05:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-19T07:05:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-19T06:40:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-19T06:40:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-18T12:25:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-19T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-19T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-19T11:09:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-19T11:09:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-19T02:25:00",
"version": "ide_5.83.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-19T02:25:00",
"version": "ide_5.83.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-19T11:09:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-19T10:00:00",
"version": "CSE39VT-EN-91944-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-19T10:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-19T10:10:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-19T10:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-19T06:30:00",
"version": "ioth1666500.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-18T15:15:00",
"version": "hcoth1666395.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-19T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-19T11:09:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-19T11:10:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-14T08:00:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-14T07:55:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-14T10:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-14T08:15:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-14T11:17:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-13T14:45:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-14T09:40:00",
"version": "antivir-v2-z-202104140841.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-14T09:40:00",
"version": "antivir-v2-z-202104140841.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-14T11:17:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-14T11:17:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-14T09:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-14T11:17:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-14T11:17:00",
"version": "ensilo.exe"
},
{
"name": "f_prot",
"timestamp": "2021-04-14T09:45:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-14T11:17:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-14T09:55:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-14T10:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-14T10:25:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-14T08:10:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-14T08:25:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-14T09:55:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-14T09:55:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-14T11:17:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-13T14:05:00",
"version": "avvdat-9953.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-14T10:25:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-13T14:05:00",
"version": "avvdat-9953.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-14T03:10:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-14T09:00:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-14T09:00:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-13T11:30:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-13T11:30:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-14T08:35:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-14T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-14T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-14T11:17:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-14T11:17:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-14T00:55:00",
"version": "ide_5.83.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-14T00:55:00",
"version": "ide_5.83.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-14T11:17:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-14T08:40:00",
"version": "CSE39VT-EN-91822-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-14T10:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-14T08:55:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-14T10:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-14T06:20:00",
"version": "ioth1665500.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-13T15:05:00",
"version": "hcoth1665395.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-14T09:05:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-14T11:17:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-14T11:18:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Pluto.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-07T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-07T10:50:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-07T13:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-07T11:10:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-07T14:26:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-07T13:15:00",
"version": "antivir-v2-z-202104071215.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-07T13:15:00",
"version": "antivir-v2-z-202104071215.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-07T14:26:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-07T14:26:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-07T13:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-07T14:26:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-07T14:26:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-07T13:20:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-07T14:26:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-07T12:10:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-07T13:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-07T12:35:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-07T12:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-07T11:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-07T12:45:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-07T12:45:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-07T14:26:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-07T12:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-07T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-07T13:10:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-07T13:10:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-07T11:45:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-07T11:45:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-07T10:55:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-07T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-07T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-07T14:27:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-07T14:27:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-07T07:55:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-07T07:55:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-07T14:27:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-07T12:00:00",
"version": "CSE39VT-EN-91658-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-07T13:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-07T13:05:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-07T13:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-07T08:15:00",
"version": "ioth1664100.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-07T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-07T14:27:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-07T14:27:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-06T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-06T21:10:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-06T21:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-06T21:10:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-06T22:28:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-06T20:45:00",
"version": "antivir-v2-z-202104061939.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-06T20:45:00",
"version": "antivir-v2-z-202104061939.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-06T22:28:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-06T22:28:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-06T21:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-06T22:28:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-06T22:28:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-06T20:45:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-06T22:28:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-06T20:55:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-06T21:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-06T21:40:00",
"version": "bd.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-06T18:35:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-06T17:35:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-06T21:00:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-06T21:00:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-06T22:28:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-06T21:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-06T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-06T17:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-06T17:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-06T21:30:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-06T21:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-06T21:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-06T22:28:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-06T22:29:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-06T22:29:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-06T20:30:00",
"version": "CSE39VT-EN-91642-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-06T21:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-06T21:20:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-06T21:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-06T16:10:00",
"version": "ioth1663900.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-06T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-06T22:29:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-06T22:29:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-06T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-06T16:00:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-06T17:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-06T15:35:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-06T17:57:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-06T17:57:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-06T17:57:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-06T17:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-06T17:57:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-06T17:57:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-06T17:57:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-06T16:20:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-06T17:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-06T16:30:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-06T12:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-06T15:35:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-06T17:57:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-06T16:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-06T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-06T07:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-06T17:58:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-06T17:58:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-06T17:58:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-06T16:25:00",
"version": "CSE39VT-EN-91638-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-06T16:50:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-06T16:10:00",
"version": "ioth1663900.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-06T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-06T17:58:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-06T17:58:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-06T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-06T16:00:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-06T17:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-06T15:35:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-06T17:52:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-06T17:52:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-06T17:53:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-06T17:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-06T17:53:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-06T17:53:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-06T17:53:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-06T16:20:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-06T17:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-06T16:30:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-06T12:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-06T15:35:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-06T17:53:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-06T16:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-06T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-06T07:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-06T17:53:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-06T17:53:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-06T17:53:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-06T16:25:00",
"version": "CSE39VT-EN-91638-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-06T16:50:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-06T16:10:00",
"version": "ioth1663900.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-06T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-06T17:53:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-06T17:53:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-04-06T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-04-06T16:00:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-04-06T17:25:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-04-06T15:35:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-04-06T17:50:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-04-06T15:15:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "command_online",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir-v2-z-202104061600.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-04-06T17:50:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-04-06T17:51:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-04-06T17:15:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-04-06T17:51:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-04-06T17:51:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-04-05T08:30:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-04-06T17:05:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-04-06T17:51:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-04-06T16:20:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-04-06T17:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-04-06T16:30:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-04-06T12:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-04-06T15:35:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-04-06T16:10:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-04-06T17:51:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-04-06T16:55:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-04-06T12:30:00",
"version": "avvdat-9946.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-04-06T12:25:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-04-06T15:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-04-06T11:15:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-04-06T07:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-04-06T15:50:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-04-06T17:51:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-04-06T17:51:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-04-06T15:25:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-04-06T17:51:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-04-06T16:25:00",
"version": "CSE39VT-EN-91638-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-04-06T16:50:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-04-06T17:20:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-04-06T16:10:00",
"version": "ioth1663900.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-04-06T14:40:00",
"version": "hcoth1663995.zip"
},
{
"name": "vba32",
"timestamp": "2021-04-06T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-04-06T17:51:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-04-06T17:51:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": ""
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-03-12T07:55:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-03-12T08:00:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-03-12T09:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-03-12T09:55:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-03-12T10:39:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-03-10T10:00:00",
"version": "bytecode.cvd"
},
{
"name": "command",
"timestamp": "2021-03-12T09:35:00",
"version": "antivir-v2-z-202103120821.zip"
},
{
"name": "command_online",
"timestamp": "2021-03-12T09:35:00",
"version": "antivir-v2-z-202103120821.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-03-12T10:40:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-03-12T10:41:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-03-12T09:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-03-12T10:42:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-03-12T10:42:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-03-12T09:40:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-03-12T09:40:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-03-12T10:43:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-03-12T09:25:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-03-12T09:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-03-12T08:05:00",
"version": "bd.zip"
},
{
"name": "ikarus",
"timestamp": "2021-03-12T09:10:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-03-12T08:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-03-12T09:00:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-03-12T09:00:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-03-12T10:45:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-03-11T14:10:00",
"version": "avvdat-9920.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-03-12T09:15:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-03-11T14:10:00",
"version": "avvdat-9920.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-03-12T04:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-03-12T09:10:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-03-12T09:10:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-03-11T12:35:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-03-11T12:35:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-03-12T08:15:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-03-12T09:50:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-03-12T09:50:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-03-12T10:47:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-03-12T10:47:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-03-12T08:05:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-03-12T08:05:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-03-12T10:47:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-03-12T09:45:00",
"version": "CSE39VT-EN-91030-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-03-12T09:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-03-12T08:45:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-03-12T09:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-03-12T08:20:00",
"version": "itbl2114200400.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-03-11T16:15:00",
"version": "hcoth1658795.zip"
},
{
"name": "vba32",
"timestamp": "2021-03-12T09:15:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-03-12T10:49:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-03-12T10:52:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": "TrojanRansom.Crypren"
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-03-11T11:30:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-03-11T07:55:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-03-11T11:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-03-11T08:00:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-03-11T12:32:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-03-10T10:00:00",
"version": "bytecode.cvd"
},
{
"name": "command",
"timestamp": "2021-03-11T11:10:00",
"version": "antivir-v2-z-202103111002.zip"
},
{
"name": "command_online",
"timestamp": "2021-03-11T11:10:00",
"version": "antivir-v2-z-202103111002.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-03-11T12:34:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-03-11T12:34:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-03-11T11:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-03-11T12:35:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-03-11T12:35:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-03-11T09:20:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-03-11T11:10:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-03-11T12:35:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-03-11T09:10:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-03-11T11:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-03-11T11:35:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-03-11T09:10:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-03-11T11:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-03-11T11:35:00",
"version": "database.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-03-11T11:35:00",
"version": "database.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-03-11T12:39:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-03-10T15:05:00",
"version": "avvdat-9919.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-03-11T11:15:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-03-10T15:05:00",
"version": "avvdat-9919.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-03-11T04:00:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-03-11T11:45:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-03-11T11:45:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-03-10T12:00:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-03-10T12:00:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-03-11T09:15:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-03-11T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-03-11T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-03-11T12:42:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-03-11T12:42:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-03-11T08:55:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-03-11T08:55:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-03-11T12:42:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-03-11T11:00:00",
"version": "CSE39VT-EN-91008-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-03-11T11:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-03-11T11:20:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-03-11T11:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-03-11T10:30:00",
"version": "itbl2114000700.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-03-10T17:50:00",
"version": "hcoth1658595.zip"
},
{
"name": "vba32",
"timestamp": "2021-03-11T09:30:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-03-11T12:44:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-03-11T12:47:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": "TrojanRansom.Crypren"
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-03-04T11:20:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-03-04T13:45:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-03-04T13:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-03-04T13:35:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-03-04T14:40:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-03-04T07:20:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-03-04T12:25:00",
"version": "antivir-v2-z-202103041126.zip"
},
{
"name": "command_online",
"timestamp": "2021-03-04T12:25:00",
"version": "antivir-v2-z-202103041126.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-03-04T14:40:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-03-04T14:40:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-03-04T13:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-03-04T14:40:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-03-04T14:40:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-03-04T12:50:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-03-04T12:25:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-03-04T14:40:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-03-04T12:45:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-03-04T13:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-03-04T13:35:00",
"version": "gd_sig.zip"
},
{
"name": "ikarus",
"timestamp": "2021-03-04T13:40:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-03-04T11:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-02-03T05:40:00",
"version": "kdb-i386-cumul.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-02-03T05:40:00",
"version": "kdb-i386-cumul.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-03-04T14:41:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-03-03T15:05:00",
"version": "avvdat-9912.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-03-04T13:45:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-03-03T15:05:00",
"version": "avvdat-9912.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-03-04T13:50:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-03-04T13:35:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-03-04T13:35:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-03-04T12:20:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-03-04T12:20:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-03-04T11:50:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-03-04T09:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-03-04T09:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-03-04T14:41:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-03-04T14:41:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-03-04T05:35:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-03-04T05:35:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-03-04T14:41:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-03-04T13:00:00",
"version": "CSE39VT-EN-90842-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-03-04T13:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-03-04T13:55:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-03-04T13:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-03-04T12:55:00",
"version": "itbl2112601000.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-03-03T16:25:00",
"version": "hcoth1657195.zip"
},
{
"name": "vba32",
"timestamp": "2021-03-04T09:00:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-03-04T14:41:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-03-04T14:42:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": "TrojanRansom.Crypren"
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
},
{
"info": {
"scanners": [
{
"name": "ahnlab",
"timestamp": "2021-03-04T07:55:00",
"version": "ahnscan-console.zip"
},
{
"name": "antivir",
"timestamp": "2021-03-04T07:55:00",
"version": "vdf_fusebundle.zip"
},
{
"name": "avast",
"timestamp": "2021-03-04T08:55:00",
"version": "avast_stream.zip"
},
{
"name": "bitdefender",
"timestamp": "2021-03-04T07:40:00",
"version": "bdc.zip"
},
{
"name": "carbonblack",
"timestamp": "2021-03-04T09:07:00",
"version": "carbonblack.exe"
},
{
"name": "clamav",
"timestamp": "2021-03-04T07:20:00",
"version": "daily.cvd"
},
{
"name": "command",
"timestamp": "2021-03-04T08:00:00",
"version": "antivir-v2-z-202103040702.zip"
},
{
"name": "command_online",
"timestamp": "2021-03-04T08:00:00",
"version": "antivir-v2-z-202103040702.zip"
},
{
"name": "crowdstrike",
"timestamp": "2021-03-04T09:07:00",
"version": "crowdstrike_v1.exe"
},
{
"name": "crowdstrike_online",
"timestamp": "2021-03-04T09:07:00",
"version": "crowdstrike_scan_result_lookup.exe"
},
{
"name": "drweb",
"timestamp": "2021-03-04T08:45:00",
"version": "drweb-500-wcl.zip"
},
{
"name": "endgame",
"timestamp": "2021-03-04T09:07:00",
"version": "endgame.exe"
},
{
"name": "ensilo",
"timestamp": "2021-03-04T09:07:00",
"version": "ensilo.exe"
},
{
"name": "esetnod32",
"timestamp": "2021-03-04T04:40:00",
"version": "mineset64.zip"
},
{
"name": "f_prot",
"timestamp": "2021-03-04T08:00:00",
"version": "antivir.def"
},
{
"name": "ffri",
"timestamp": "2021-03-04T09:07:00",
"version": "ffri.exe"
},
{
"name": "fireeye_online",
"timestamp": "2021-03-04T08:10:00",
"version": "fireeye_pack.rar"
},
{
"name": "fortinet",
"timestamp": "2021-03-04T08:15:00",
"version": "vir_high"
},
{
"name": "gdata",
"timestamp": "2021-03-04T08:10:00",
"version": "bd.zip"
},
{
"name": "ikarus",
"timestamp": "2021-03-03T19:45:00",
"version": "t3sigs.vdb"
},
{
"name": "k7computing",
"timestamp": "2021-03-04T08:05:00",
"version": "K7Cmdline.zip"
},
{
"name": "kaspersky",
"timestamp": "2021-02-03T05:40:00",
"version": "kdb-i386-cumul.zip"
},
{
"name": "kaspersky_online",
"timestamp": "2021-02-03T05:40:00",
"version": "kdb-i386-cumul.zip"
},
{
"name": "malwarebytes",
"timestamp": "2021-03-04T09:08:00",
"version": "mbbr.exe"
},
{
"name": "mcafee",
"timestamp": "2021-03-03T15:05:00",
"version": "avvdat-9912.zip"
},
{
"name": "mcafee_beta",
"timestamp": "2021-03-04T08:45:00",
"version": "avvwin_netware_betadat.zip"
},
{
"name": "mcafee_online",
"timestamp": "2021-03-03T15:05:00",
"version": "avvdat-9912.zip"
},
{
"name": "mcafeegwedition_online",
"timestamp": "2021-03-04T04:05:00",
"version": "mfegw-cmd-scanner-windows.zip"
},
{
"name": "microsoft",
"timestamp": "2021-03-04T05:50:00",
"version": "mpam-fe.exe"
},
{
"name": "microsoft_online",
"timestamp": "2021-03-04T05:50:00",
"version": "mpam-fe.exe"
},
{
"name": "panda",
"timestamp": "2021-03-03T11:45:00",
"version": "panda_pack.rar"
},
{
"name": "panda_online",
"timestamp": "2021-03-03T11:45:00",
"version": "panda_pack.rar"
},
{
"name": "quickheal",
"timestamp": "2021-03-04T07:15:00",
"version": "qhadvdef.zip"
},
{
"name": "rising",
"timestamp": "2021-03-04T03:45:00",
"version": "rame.zip"
},
{
"name": "rising_online",
"timestamp": "2021-03-04T03:45:00",
"version": "rame.zip"
},
{
"name": "sentinelone",
"timestamp": "2021-03-04T09:08:00",
"version": "sentinelone.exe"
},
{
"name": "sonicwall",
"timestamp": "2021-03-04T09:08:00",
"version": "sonicwall.exe"
},
{
"name": "sophos",
"timestamp": "2021-03-04T05:35:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_online",
"timestamp": "2021-03-04T05:35:00",
"version": "ide_5.82.zip"
},
{
"name": "sophos_susi",
"timestamp": "2021-03-04T09:08:00",
"version": "susicli.exe"
},
{
"name": "sunbelt",
"timestamp": "2021-03-04T07:35:00",
"version": "CSE39VT-EN-90836-F.sbr.sgn"
},
{
"name": "symantec",
"timestamp": "2021-03-04T08:50:00",
"version": "streamset.zip"
},
{
"name": "symantec_beta",
"timestamp": "2021-03-04T06:15:00",
"version": "symrapidreleasedefscore15-v5i32.exe"
},
{
"name": "symantec_online",
"timestamp": "2021-03-04T08:50:00",
"version": "streamset.zip"
},
{
"name": "trendmicro",
"timestamp": "2021-03-04T08:40:00",
"version": "itbl2112600600.zip"
},
{
"name": "trendmicro_consumer",
"timestamp": "2021-03-03T16:25:00",
"version": "hcoth1657195.zip"
},
{
"name": "vba32",
"timestamp": "2021-03-03T09:20:00",
"version": "vba32w-latest.7z"
},
{
"name": "watchguard",
"timestamp": "2021-03-04T09:08:00",
"version": "WWHS64.exe"
}
]
},
"record_time": "2021-03-04T09:09:00",
"scanners": [
{
"name": "ahnlab",
"result": "[TROJAN] Trojan/Win32.Toxic.R150440"
},
{
"name": "antivir",
"result": "detected"
},
{
"name": "avast",
"result": "Win32:Malware-gen"
},
{
"name": "bitdefender",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "carbonblack",
"result": "trojan"
},
{
"name": "clamav",
"result": "PUA.Win.Packer.Upx-49"
},
{
"name": "command",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "command_online",
"result": "W32/Filecoder.JKUY-0927"
},
{
"name": "crowdstrike",
"result": "win/malicious_confidence_100"
},
{
"name": "crowdstrike_online",
"result": "malware.confidence_100"
},
{
"name": "drweb",
"result": "Trojan.Encoder.1155"
},
{
"name": "endgame",
"result": "malicious (moderate confidence)"
},
{
"name": "ensilo",
"result": "Malicious-High"
},
{
"name": "esetnod32",
"result": "Win32/Filecoder.Tox.A trojan (variant)"
},
{
"name": "f_prot",
"result": "W32/Filecoder.E"
},
{
"name": "ffri",
"result": "Detected"
},
{
"name": "fireeye_online",
"result": "Generic.mg.3133c2231fcee5d6"
},
{
"name": "fortinet",
"result": "W32/ToxKrypt.A!tr"
},
{
"name": "gdata",
"result": "Generic.Ransom.WCryG.7651CF3C"
},
{
"name": "ikarus",
"result": "Trojan.Win32.Filecoder"
},
{
"name": "k7computing",
"result": "Trojan (0055e3ef1)"
},
{
"name": "kaspersky",
"result": "detected"
},
{
"name": "kaspersky_online",
"result": "detected"
},
{
"name": "malwarebytes",
"result": ""
},
{
"name": "mcafee",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_beta",
"result": "Ransom-Tox!11B48E409D96 (trojan)"
},
{
"name": "mcafee_online",
"result": "Artemis!3133C2231FCE (trojan)"
},
{
"name": "mcafeegwedition_online",
"result": "BehavesLike.Win32.Dropper.jc"
},
{
"name": "microsoft",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "microsoft_online",
"result": "Ransom:Win32/Tocrypt.B"
},
{
"name": "panda",
"result": "Trj/Genetic.gen"
},
{
"name": "panda_online",
"result": "Trj/Genetic.gen"
},
{
"name": "quickheal",
"result": "TrojanRansom.Crypren"
},
{
"name": "rising",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "rising_online",
"result": "Ransom.Tocrypt!8.53B6"
},
{
"name": "sentinelone",
"result": "DFI - Suspicious PE"
},
{
"name": "sonicwall",
"result": ""
},
{
"name": "sophos",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_online",
"result": "Troj/ToxKrypt-A"
},
{
"name": "sophos_susi",
"result": ""
},
{
"name": "sunbelt",
"result": "Trojan.Win32.Generic!BT"
},
{
"name": "symantec",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_beta",
"result": "Trojan.Gen.2"
},
{
"name": "symantec_online",
"result": "Trojan.Gen.2"
},
{
"name": "trendmicro",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "trendmicro_consumer",
"result": "TROJ_CRYPTOX.T"
},
{
"name": "vba32",
"result": "SScope.Malware-Cryptor.Toxic"
},
{
"name": "watchguard",
"result": "AboveThreshold563.008318"
}
]
}
],
"first_seen": "2015-05-30T22:04:00",
"last_seen": "2023-06-06T16:15:00",
"sample_type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed"
}
}
}
}
}
}

Human Readable Output#

ReversingLabs File Analysis results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

File type: PE File subtype: Exe Sample type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed Sample size: 636416 bytes Extended description: This file (SHA1: 21841b32c6165b27dddbd4d6eb3a672defe54271) is a 32-bit portable executable application. Additionally, it was identified as UPX 0.60-3.x executable packer, and unpacking was successful. The application uses the Windows graphical user interface (GUI) subsystem, while the language used is English from United States. Cryptography related data was found in the file. This application has access to networking and running processes and has cryptography and security related capabilities. There is one extracted file. First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:15:00 MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-1 hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 SHA-384 hash: e0b7bf0ad928500ee1dc06f8cbe035e663eaf546bb4b5217706706ba12c50ab6a24e1e858dae9a5ce0f7673bdb5621be SHA-512 hash: 205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f SSDEEP hash: 12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl RIPEMD-160 hash: d26f686b6af13b9073f77a1ba5a7b610934dc625

reversinglabs-titaniumcloud-rha1-functional-similarity#


Retrieve a list of functionally similar hashes to the provided one.

Base Command#

reversinglabs-titaniumcloud-rha1-functional-similarity

Input#

Argument NameDescriptionRequired
hashFile hash.Required
result_limitMaximum number of results to be returned. Default is 5000. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.functional_similarityUnknown

Command example#

!reversinglabs-titaniumcloud-rha1-functional-similarity hash=21841b32c6165b27dddbd4d6eb3a672defe54271 result_limit=2

Context Example#

{
"InfoFile": {
"EntryID": "7677@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "RHA1 Functional Similarity report file for hash 21841b32c6165b27dddbd4d6eb3a672defe54271",
"Size": 1303,
"Type": "ASCII text"
},
"ReversingLabs": {
"functional_similarity": [
{
"classification": "MALICIOUS",
"first_seen": "2015-06-01T19:11:00.592000",
"last_seen": "2021-07-27T09:29:09.915000",
"malware_family": "Tox",
"malware_type": "Ransomware",
"md5": "0e3e231c255a5eefefd20d70c247d5f0",
"platform": "Win32",
"sample_available": true,
"sample_size": 636416,
"sample_type": "PE/Exe/UPX",
"sha1": "03823b9fab3931d7c634fd3c2d40a89555c783af",
"sha256": "5cf1f17aef32603d3ec7c9af88c23122dd259b4303b7b8282a0e204cb4d1f1a4",
"threat_level": 5,
"threat_name": "Win32.Ransomware.Tox",
"trust_factor": 5
},
{
"classification": "MALICIOUS",
"first_seen": "2015-05-29T00:18:00",
"last_seen": "2021-08-06T10:26:56.085000",
"malware_family": "Tox",
"malware_type": "Ransomware",
"md5": "f4fa4d7c774eaba895ed005f3c84a8b3",
"platform": "Win32",
"sample_available": true,
"sample_size": 636416,
"sample_type": "PE/Exe/UPX",
"sha1": "0649cbb97387cb2ff5d1ed2f5c238b0914a2b63a",
"sha256": "354371ec3b0b2bc03e567dbef57e9211e700381f3f39fe3604fc26abfd16a641",
"threat_level": 5,
"threat_name": "Win32.Ransomware.Tox",
"trust_factor": 5
}
]
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-rha1-analytics#


Retrieve the number of hashes functionally similar to the provided one grouped by classification.

Base Command#

reversinglabs-titaniumcloud-rha1-analytics

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

PathTypeDescription
File.SHA1UnknownFile SHA1
File.SHA256UnknownFile SHA256
File.MD5UnknownFile MD5
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.rha1_analyticsUnknown

Command example#

!reversinglabs-titaniumcloud-rha1-analytics hash=21841b32c6165b27dddbd4d6eb3a672defe54271

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Reliability": "C - Fairly reliable",
"Score": 3,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "3133c2231fcee5d6b0b4c988a5201da1"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
}
],
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"Malicious": {
"Description": "Win32.Ransomware.Tox",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
"ReversingLabs": {
"rha1_analytics": {
"rl": {
"rha1_counters": {
"rha1_first_seen": "2015-05-26T03:53:56",
"rha1_last_seen": "2020-04-20T00:42:11",
"rha1_type": "pe01",
"sample_counters": {
"known": 0,
"malicious": 144,
"suspicious": 0,
"total": 144
},
"sample_metadata": {
"classification": "MALICIOUS",
"first_seen": "2015-05-30T22:04:00",
"last_seen": "2023-06-06T16:16:58.328000",
"malware_family": "Tox",
"malware_type": "Ransomware",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"platform": "Win32",
"sample_available": true,
"sample_size": 636416,
"sample_type": "PE/Exe/UPX",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"threat_level": 5,
"threat_name": "Win32.Ransomware.Tox",
"trust_factor": 5
},
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271"
}
}
}
}
}

Human Readable Output#

ReversingLabs RHA1 Analytics results for hash 21841b32c6165b27dddbd4d6eb3a672defe54271#

Sample counters#

KNOWN: 0 MALICIOUS: 144 SUSPICIOUS: 0 TOTAL: 144

Sample metadata#

Classification: MALICIOUS MD5 hash: 3133c2231fcee5d6b0b4c988a5201da1 SHA-256 hash: 2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346 First seen: 2015-05-30T22:04:00 Last seen: 2023-06-06T16:16:58.328000 Sample available: True Sample size: 636416 bytes Sample type: PE/Exe/UPX Threat name: Win32.Ransomware.Tox Threat level: 5

reversinglabs-titaniumcloud-uri-statistics#


Retrieve the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command#

reversinglabs-titaniumcloud-uri-statistics

Input#

Argument NameDescriptionRequired
uriURI string.Required

Context Output#

PathTypeDescription
IP.AddressUnknownIP address
Domain.NameUnknownDomain name
URL.DataUnknownThe URL
Email.ToUnknownDestination email address
ReversingLabs.uri_statisticsUnknown

Command example#

!reversinglabs-titaniumcloud-uri-statistics uri=127.0.0.1

Context Example#

{
"DBotScore": {
"Indicator": "127.0.0.1",
"Score": 0,
"Type": "ip",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"IP": {
"Address": "127.0.0.1"
},
"ReversingLabs": {
"uri_statistics": {
"rl": {
"uri_state": {
"counters": {
"known": 48600,
"malicious": 163967,
"suspicious": 602
},
"ipv4": "127.0.0.1",
"sha1": "4b84b15bff6ee5796152495a230e45e3d7e947d9",
"uri_type": "ipv4"
}
}
}
}
}

Human Readable Output#

ReversingLabs URI Statistics results for URI 127.0.0.1#

Sample counters#

KNOWN: 48600 MALICIOUS: 163967 SUSPICIOUS: 602 SHA-1 hash: 4b84b15bff6ee5796152495a230e45e3d7e947d9 URI type: ipv4 IPv4: 127.0.0.1

reversinglabs-titaniumcloud-uri-index#


Retrieve a list of all available file hashes associated with a given URI.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command#

reversinglabs-titaniumcloud-uri-index

Input#

Argument NameDescriptionRequired
uriURI string.Required
result_limitMaximum number of results to be returned. Default is 5000. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.uri_indexUnknown

Command example#

!reversinglabs-titaniumcloud-uri-index uri=8.8.4.4 result_limit=2

Context Example#

{
"InfoFile": {
"EntryID": "7686@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Extension": "4",
"Info": "application/x-troff-man",
"Name": "URI Index report file for URI 8.8.4.4",
"Size": 98,
"Type": "ASCII text"
},
"ReversingLabs": {
"uri_index": [
"007525ef3ee9d4c969fd893f6c4f3d35ce2ee914",
"03c30532b3f750bc0232f560c4b51c53521df21b"
]
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-advanced-search#


Search for hashes using multi-part search criteria.

Base Command#

reversinglabs-titaniumcloud-advanced-search

Input#

Argument NameDescriptionRequired
queryQuery string.Required
result_limitMaximum number of results to be returned. Default is 5000. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.advanced_searchUnknown

Command example#

!reversinglabs-titaniumcloud-advanced-search query="av-count:5 available:TRUE" result_limit="2"

Context Example#

{
"InfoFile": {
"EntryID": "7619@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "Advanced Search report file",
"Size": 1050,
"Type": "ASCII text"
},
"ReversingLabs": {
"advanced_search": [
{
"antivirus": 5,
"available": true,
"classification": "KNOWN",
"filecount": 0,
"firstseen": "2023-06-06T20:16:04Z",
"lastseen": "2023-06-06T21:56:23Z",
"md5": "6b9b845c5e5f3bff5dde0420370b7f3c",
"sampletype": "Text/HTML/HTML",
"sha1": "e80869fa3a921f81941ccbde147ab38c65caa986",
"sha256": "462be991903270c3246396d216dfe5c79394a91053bf452ac2ce64519d0be613",
"size": 160159,
"threatlevel": 0,
"trustfactor": 5
},
{
"antivirus": 5,
"available": true,
"classification": "KNOWN",
"filecount": 0,
"firstseen": "2023-06-06T19:59:17Z",
"lastseen": "2023-06-06T23:56:32Z",
"md5": "5f25da1c21e80f040c803ea4356b736d",
"sampletype": "Text/HTML/HTML",
"sha1": "a969d353815f2bc77286033d45adf1073ed81716",
"sha256": "82fc5c39e0c409a4b49e6324bab04011eab60a31314d8b140092ca4306448280",
"size": 160159,
"threatlevel": 0,
"trustfactor": 5
}
]
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-expression-search#


Search provides samples first seen on a particular date, filtered by search criteria.

Base Command#

reversinglabs-titaniumcloud-expression-search

Input#

Argument NameDescriptionRequired
queryQuery string.Required
dateSearch date.Optional
result_limitMaximum number of results to be returned Default is 5000. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.expression_searchUnknown

Command example#

!reversinglabs-titaniumcloud-expression-search query="threat_level>=3 status=malicious malware_family=CVE-2017-11882" result_limit="2"

Context Example#

{
"InfoFile": {
"EntryID": "7637@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "Expression Search report file",
"Size": 1412,
"Type": "ASCII text"
},
"ReversingLabs": {
"expression_search": [
{
"first_seen": "2023-06-06 00:00:40",
"last_seen": "2023-06-06 00:28:05",
"malware_family": "CVE-2017-11882",
"malware_type": "Exploit",
"md5": "a9e8baef620a4a76c4207d9b48df8a37",
"platform": "Document",
"sample_available": "False",
"sample_size": "23799",
"sample_type": "Document/None/PDF",
"sha1": "d8df002404ae6783f5bb317d2b95657e411e6782",
"sha256": "33dda8b06e8de914090e405008910ba0a4c25a51ead127b2efe6cc1b795bf307",
"status": "MALICIOUS",
"subplatform": "Office",
"threat_level": 5,
"threat_name": "Document-Office.Exploit.CVE-2017-11882",
"trust_factor": 5
},
{
"first_seen": "2023-06-06 00:00:53",
"last_seen": "2023-06-06 00:32:06",
"malware_family": "CVE-2017-11882",
"malware_type": "Exploit",
"md5": "e2548e75542aca394e492f59aa6c080e",
"platform": "Document",
"sample_available": "False",
"sample_size": "23799",
"sample_type": "Document/None/PDF",
"sha1": "a14df376580500edf6f829030ec4153fd629225d",
"sha256": "f8a86c99ffa0b6aa2bc3b54747778852995717954d75ae3c033bd6d23b3aa6e4",
"status": "MALICIOUS",
"subplatform": "Office",
"threat_level": 5,
"threat_name": "Document-Office.Exploit.CVE-2017-11882",
"trust_factor": 5
}
]
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-file-download#


Download files associated with a SHA1, MD5 or SHA256 hash.

Base Command#

reversinglabs-titaniumcloud-file-download

Input#

Argument NameDescriptionRequired
hashFile hash.Required

Context Output#

There is no context output for this command.

Command example#

!reversinglabs-titaniumcloud-file-download hash="21841b32c6165b27dddbd4d6eb3a672defe54271"

Context Example#

{
"File": {
"EntryID": "7647@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "application/x-dosexec",
"MD5": "3133c2231fcee5d6b0b4c988a5201da1",
"Name": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346",
"SHA512": "205ece960784bff6fdbd0d5a1ebad4fddeab6751728d5be2e0b5d91742d520df0c5d04fd3b9e67372c35cb0859d794b7d22ea78786669a4bd5725e814548143f",
"SSDeep": "12288:UxvYm8UX7FkiYiHSbhy783clwXqaAQWzRTChYl:+vY0LFrYi0s7w6a/Wzl",
"Size": 636416,
"Type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed"
}
}

Human Readable Output#

Requested sample is available for download under the name 21841b32c6165b27dddbd4d6eb3a672defe54271

reversinglabs-titaniumcloud-file-upload#


Upload a file using a byte stream with a SHA1 hash of the file provided in the request.

Base Command#

reversinglabs-titaniumcloud-file-upload

Input#

Argument NameDescriptionRequired
entryIdFile entry ID.Required

Context Output#

There is no context output for this command.

reversinglabs-titaniumcloud-url-report#


Return a URL analysis report.

Base Command#

reversinglabs-titaniumcloud-url-report

Input#

Argument NameDescriptionRequired
urlURL string.Required

Context Output#

PathTypeDescription
URL.DataUnknownThe URL
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.url_reportUnknown

Command example#

!reversinglabs-titaniumcloud-url-report url="http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt"

Context Example#

{
"DBotScore": {
"Indicator": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"Reliability": "C - Fairly reliable",
"Score": 3,
"Type": "url",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"ReversingLabs": {
"url_report": {
"rl": {
"analysis": {
"analysis_count": 3,
"analysis_history": [
{
"analysis_id": "168359658951508c",
"analysis_time": "2023-05-09T01:42:13",
"availability_status": "online",
"domain": "classicairjordanshoes.com",
"http_response_code": 200,
"serving_ip_address": "37.72.184.59"
},
{
"analysis_id": "16841931093501b5",
"analysis_time": "2023-05-15T23:24:35",
"availability_status": "online",
"domain": "classicairjordanshoes.com",
"http_response_code": 200,
"serving_ip_address": "37.72.184.59"
},
{
"analysis_id": "16844028829801b5",
"analysis_time": "2023-05-18T09:40:39",
"availability_status": "online",
"domain": "classicairjordanshoes.com",
"http_response_code": 200,
"serving_ip_address": "37.72.184.59"
}
],
"first_analysis": "2023-05-09T01:42:13",
"last_analysis": {
"analysis_id": "16844028829801b5",
"analysis_time": "2023-05-18T09:40:39",
"availability_status": "online",
"domain": "classicairjordanshoes.com",
"http_response_code": 200,
"serving_ip_address": "37.72.184.59"
},
"statistics": {
"known": 0,
"malicious": 3,
"suspicious": 0,
"total": 3,
"unknown": 0
},
"top_threats": [
{
"files_count": 3,
"threat_level": 5,
"threat_name": "Document-HTML.Trojan.RedirBA"
}
]
},
"classification": "malicious",
"requested_url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"third_party_reputations": {
"sources": [
{
"detection": "undetected",
"source": "phishing_database",
"update_time": "2023-06-06T15:08:12"
},
{
"detection": "undetected",
"source": "cyren",
"update_time": "2023-06-07T05:08:53"
},
{
"detection": "undetected",
"source": "cyradar",
"update_time": "2023-06-07T06:59:53"
},
{
"detection": "undetected",
"source": "netstar",
"update_time": "2023-06-07T12:51:41"
},
{
"detection": "undetected",
"source": "malsilo",
"update_time": "2023-06-07T11:07:56"
},
{
"detection": "undetected",
"source": "mute",
"update_time": "2023-06-07T09:39:35"
},
{
"detection": "undetected",
"source": "adminus_labs",
"update_time": "2023-06-07T13:02:50"
},
{
"detection": "undetected",
"source": "apwg",
"update_time": "2023-06-07T01:21:26"
},
{
"detection": "undetected",
"source": "0xSI_f33d",
"update_time": "2023-06-07T05:21:24"
},
{
"detection": "undetected",
"source": "threatfox_abuse_ch",
"update_time": "2023-06-07T07:20:28"
},
{
"detection": "undetected",
"source": "alphamountain",
"update_time": "2023-06-07T12:47:18"
},
{
"detection": "undetected",
"source": "phishstats",
"update_time": "2023-06-07T04:15:13"
},
{
"detection": "undetected",
"source": "comodo_valkyrie",
"update_time": "2023-06-06T14:40:10"
},
{
"detection": "undetected",
"source": "alien_vault",
"update_time": "2023-06-07T00:37:00"
},
{
"detection": "undetected",
"source": "osint",
"update_time": "2023-06-07T00:30:40"
},
{
"detection": "undetected",
"source": "openphish",
"update_time": "2023-06-07T09:50:56"
},
{
"detection": "undetected",
"source": "mrg",
"update_time": "2023-06-07T12:56:18"
},
{
"detection": "undetected",
"source": "phishtank",
"update_time": "2023-06-07T10:35:22"
},
{
"detection": "undetected",
"source": "crdf",
"update_time": "2023-06-07T12:44:52"
},
{
"detection": "undetected",
"source": "urlhaus",
"update_time": "2023-06-07T09:59:17"
}
],
"statistics": {
"clean": 0,
"malicious": 0,
"total": 20,
"undetected": 20
}
}
}
}
},
"URL": {
"Data": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"Malicious": {
"Description": "MALICIOUS",
"Vendor": "ReversingLabs TitaniumCloud v2"
}
}
}

Human Readable Output#

ReversingLabs URL Threat Intelligence report for URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt#

Requested URL: http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt Classification: MALICIOUS First analysis: 2023-05-09T01:42:13 Analysis count: 3

Last analysis#

Analysis ID: 16844028829801b5 Analysis time: 2023-05-18T09:40:39 Final URL: None Availability status: online Domain: classicairjordanshoes.com Serving IP Address: 37.72.184.59

Statistics#

KNOWN: 0 SUSPICIOUS: 0 MALICIOUS: 3 UNKNOWN: 0 TOTAL: 3

Analysis history#

analysis_idanalysis_timeavailability_statusdomainhttp_response_codeserving_ip_address
168359658951508c2023-05-09T01:42:13onlineclassicairjordanshoes.com20037.72.184.59
16841931093501b52023-05-15T23:24:35onlineclassicairjordanshoes.com20037.72.184.59
16844028829801b52023-05-18T09:40:39onlineclassicairjordanshoes.com20037.72.184.59

Third party statistics#

TOTAL: 20 MALICIOUS: 0 CLEAN: 0 UNDETECTED: 20

Third party sources#

detectionsourceupdate_time
undetectedphishing_database2023-06-06T15:08:12
undetectedcyren2023-06-07T05:08:53
undetectedcyradar2023-06-07T06:59:53
undetectednetstar2023-06-07T12:51:41
undetectedmalsilo2023-06-07T11:07:56
undetectedmute2023-06-07T09:39:35
undetectedadminus_labs2023-06-07T13:02:50
undetectedapwg2023-06-07T01:21:26
undetected0xSI_f33d2023-06-07T05:21:24
undetectedthreatfox_abuse_ch2023-06-07T07:20:28
undetectedalphamountain2023-06-07T12:47:18
undetectedphishstats2023-06-07T04:15:13
undetectedcomodo_valkyrie2023-06-06T14:40:10
undetectedalien_vault2023-06-07T00:37:00
undetectedosint2023-06-07T00:30:40
undetectedopenphish2023-06-07T09:50:56
undetectedmrg2023-06-07T12:56:18
undetectedphishtank2023-06-07T10:35:22
undetectedcrdf2023-06-07T12:44:52
undetectedurlhaus2023-06-07T09:59:17

reversinglabs-titaniumcloud-analyze-url#


Analyze a given URL.

Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.

Base Command#

reversinglabs-titaniumcloud-analyze-url

Input#

Argument NameDescriptionRequired
urlURL string.Required

Context Output#

PathTypeDescription
ReversingLabs.analyze_urlUnknown

Command example#

!reversinglabs-titaniumcloud-analyze-url url="http://34.150.1.150/hBQ"

Context Example#

{
"ReversingLabs": {
"analyze_url": {
"rl": {
"analysis_id": "1686150309665089",
"requested_url": "http://34.150.1.150/hBQ",
"status": "started"
}
}
}
}

Human Readable Output#

ReversingLabs Analyze URL response for URL http://34.150.1.150/hBQ#

Status: started Analysis ID: 1686150309665089 Requested URL: http://34.150.1.150/hBQ

reversinglabs-titaniumcloud-submit-for-dynamic-analysis#


Submit an existing sample for dynamic analysis.

Base Command#

reversinglabs-titaniumcloud-submit-for-dynamic-analysis

Input#

Argument NameDescriptionRequired
sha1Sample SHA-1 hash.Required
platformDesired platform; See the API documentation for possible values.Required

Context Output#

PathTypeDescription
ReversingLabs.detonate_sample_dynamicUnknown

Command example#

!reversinglabs-titaniumcloud-submit-for-dynamic-analysis sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 platform=windows10

Context Example#

{
"ReversingLabs": {
"detonate_sample_dynamic": {
"rl": {
"analysis_id": "bd4819f0-0327-4579-b72e-08ebfeeae49a",
"requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"status": "started"
}
}
}
}

Human Readable Output#

ReversingLabs submit sample 21841b32c6165b27dddbd4d6eb3a672defe54271 for Dynamic Analysis#

Status: started Requested hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 Analysis ID: bd4819f0-0327-4579-b72e-08ebfeeae49a

reversinglabs-titaniumcloud-get-dynamic-analysis-results#


Retrieve dynamic analysis results.

Base Command#

reversinglabs-titaniumcloud-get-dynamic-analysis-results

Input#

Argument NameDescriptionRequired
sha1Sample SHA-1 hash.Required

Context Output#

PathTypeDescription
File.MD5StringMD5 hash.
File.SHA1StringSHA1 hash.
File.SHA256StringSHA256 hash.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.dynamic_analysis_resultsUnknownThe dynamic analysis results.

Command example#

!reversinglabs-titaniumcloud-get-dynamic-analysis-results sha1=21841b32c6165b27dddbd4d6eb3a672defe54271

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Score": 0,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
}
],
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
"InfoFile": {
"EntryID": "7660@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "Dynamic analysis report file for sample 21841b32c6165b27dddbd4d6eb3a672defe54271",
"Size": 1001542,
"Type": "ASCII text, with very long lines"
},
"ReversingLabs": {
"dynamic_analysis_results": {
"rl": {
"report": {
"analysis_duration": 213,
"analysis_id": "9665584d-57d9-4f8a-b63b-5c762b37fc33",
"analysis_time": "2023-05-18T11:55:15",
"behavioral": [
{
"file_actions": [
{
"action_type": "file_created",
"file_name": "Start Menu",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "WS2_32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WININET.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Roaming",
"file_path": "C:\\Users\\user\\AppData",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.done.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "win32u.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cfgmgr32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ADVAPI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GDI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcryptPrimitives.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntdll.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcp_win.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SspiCli.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Programs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "combase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "windows.storage.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "apphelp.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "RPCRT4.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ucrtbase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNEL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sysmain.sdb",
"file_path": "C:\\WINDOWS\\AppPatch",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "user",
"file_path": "C:\\Users",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "SHELL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sechost.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shlwapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gdi32full.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kernel.appcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "powrprof.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "FLTLIB.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "profapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNELBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Tox.exe",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcrt.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls32\\msvcp_win.dll"
},
{
"module_name": "\\KnownDlls32\\RPCRT4.dll"
},
{
"module_name": "\\KnownDlls32\\WS2_32.dll"
},
{
"module_name": "\\KnownDlls32\\USER32.dll"
},
{
"module_name": "\\KnownDlls32\\combase.dll"
},
{
"module_name": "\\KnownDlls32\\profapi.dll"
},
{
"module_name": "\\KnownDlls32\\windows.storage.dll"
},
{
"module_name": "\\KnownDlls32\\FLTLIB.DLL"
},
{
"module_name": "\\KnownDlls32\\KERNEL32.DLL"
},
{
"module_name": "\\KnownDlls32\\kernel.appcore.dll"
},
{
"module_name": "\\KnownDlls32\\KERNELBASE.dll"
},
{
"module_name": "\\KnownDlls32\\win32u.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\apphelp.dll"
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"
},
{
"module_name": "\\KnownDlls32\\IMM32.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"
},
{
"module_name": "\\KnownDlls32\\kernel32.dll"
},
{
"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"
},
{
"module_name": "\\KnownDlls32\\powrprof.dll"
},
{
"module_name": "\\KnownDlls32\\msvcrt.dll"
},
{
"module_name": "\\KnownDlls\\wow64.dll"
},
{
"module_name": "\\KnownDlls32\\sechost.dll"
},
{
"module_name": "unknown"
},
{
"module_name": "\\KnownDlls\\wow64log.dll"
},
{
"module_name": "\\KnownDlls32\\apphelp.dll"
},
{
"module_name": "\\KnownDlls\\wow64cpu.dll"
},
{
"module_name": "\\KnownDlls32\\cfgmgr32.dll"
},
{
"module_name": "\\KnownDlls\\wow64win.dll"
},
{
"module_name": "\\KnownDlls32\\ucrtbase.dll"
},
{
"module_name": "\\KnownDlls32\\GDI32.dll"
},
{
"module_name": "\\KnownDlls32\\WININET.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"
},
{
"module_name": "\\KnownDlls32\\SspiCli.dll"
},
{
"module_name": "\\KnownDlls32\\shlwapi.dll"
},
{
"module_name": "\\KnownDlls32\\shcore.dll"
},
{
"module_name": "\\KnownDlls32\\SHELL32.DLL"
},
{
"module_name": "C:\\Windows\\apppatch\\sysmain.sdb"
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection"
},
{
"module_name": "\\KnownDlls32\\CRYPTBASE.dll"
},
{
"module_name": "\\KnownDlls32\\gdi32full.dll"
},
{
"module_name": "\\KnownDlls32\\ADVAPI32.dll"
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:64:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:168:WilStaging_02",
"status": "success or wait"
}
],
"process": {
"name": "Tox.exe",
"parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" "
},
"process_actions": [
{
"action_type": "process_queried",
"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",
"status": "success or wait"
},
{
"action_type": "process_terminated",
"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "buffer overflow"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Tox.exe",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\NULL",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found",
"value": ""
}
]
},
{
"file_actions": [
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "R000000000013.clb",
"file_path": "C:\\WINDOWS\\Registration",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "object name collision"
},
{
"action_type": "file_created",
"file_name": "Start Menu",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "uxtheme.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WININET.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ole32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.done.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "user",
"file_path": "C:\\Users",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "Desktop",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Roaming",
"file_path": "C:\\Users\\user\\AppData",
"status": "object name collision"
},
{
"action_type": "file_created",
"file_name": "Programs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "dwmapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TextInputFramework.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntmarta.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CoreUIComponents.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CoreMessaging.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wintypes.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "StaticCache.dat",
"file_path": "C:\\Windows\\Fonts",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "staticcache.dat",
"file_path": "C:\\Windows\\Fonts",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll.mui",
"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls32\\windows.storage.dll"
},
{
"module_name": "\\KnownDlls32\\OLEAUT32.dll"
},
{
"module_name": "\\KnownDlls32\\powrprof.dll"
},
{
"module_name": "\\KnownDlls32\\msvcrt.dll"
},
{
"module_name": "\\KnownDlls32\\combase.dll"
},
{
"module_name": "unknown"
},
{
"module_name": "\\KnownDlls\\wow64cpu.dll"
},
{
"module_name": "\\KnownDlls32\\clbcatq.dll"
},
{
"module_name": "\\KnownDlls32\\ucrtbase.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll"
},
{
"module_name": "C:\\Windows\\Registration\\R000000000013.clb"
},
{
"module_name": "\\KnownDlls32\\RPCRT4.dll"
},
{
"module_name": "\\KnownDlls32\\FLTLIB.DLL"
},
{
"module_name": "\\KnownDlls32\\KERNEL32.DLL"
},
{
"module_name": "\\KnownDlls32\\cfgmgr32.dll"
},
{
"module_name": "\\KnownDlls32\\uxtheme.dll"
},
{
"module_name": "\\KnownDlls32\\SHELL32.DLL"
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection"
},
{
"module_name": "\\KnownDlls32\\shcore.dll"
},
{
"module_name": "\\KnownDlls32\\WS2_32.dll"
},
{
"module_name": "\\KnownDlls32\\kernel.appcore.dll"
},
{
"module_name": "\\KnownDlls32\\win32u.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll"
},
{
"module_name": "\\KnownDlls32\\IMM32.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"
},
{
"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"
},
{
"module_name": "\\KnownDlls32\\sechost.dll"
},
{
"module_name": "\\KnownDlls\\wow64win.dll"
},
{
"module_name": "\\KnownDlls32\\GDI32.dll"
},
{
"module_name": "\\KnownDlls32\\SspiCli.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__"
},
{
"module_name": "\\KnownDlls32\\msvcp_win.dll"
},
{
"module_name": "\\KnownDlls32\\USER32.dll"
},
{
"module_name": "\\KnownDlls32\\KERNELBASE.dll"
},
{
"module_name": "\\KnownDlls32\\profapi.dll"
},
{
"module_name": "\\KnownDlls32\\kernel32.dll"
},
{
"module_name": "\\KnownDlls\\wow64.dll"
},
{
"module_name": "\\KnownDlls\\wow64log.dll"
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
},
{
"module_name": "\\KnownDlls32\\shlwapi.dll"
},
{
"module_name": "\\KnownDlls32\\WININET.DLL"
},
{
"module_name": "\\KnownDlls32\\CRYPTBASE.dll"
},
{
"module_name": "\\KnownDlls32\\gdi32full.dll"
},
{
"module_name": "\\KnownDlls32\\ADVAPI32.dll"
},
{
"module_name": "\\KnownDlls32\\ole32.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1"
},
{
"module_name": "C:\\Windows\\Fonts\\StaticCache.dat"
},
{
"module_name": "\\KnownDlls32\\ntmarta.dll"
},
{
"module_name": "\\KnownDlls32\\CoreMessaging.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\ole32.dll"
},
{
"module_name": "\\KnownDlls32\\dwmapi.dll"
},
{
"module_name": "\\Sessions\\1\\Windows\\ThemeSection"
},
{
"module_name": "\\KnownDlls32\\MSCTF.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\TextInputFramework.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\en-US\\user32.dll.mui"
},
{
"module_name": "C:\\Windows\\SysWOW64\\ntmarta.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\CoreMessaging.dll"
},
{
"module_name": "\\KnownDlls32\\TextInputFramework.dll"
},
{
"module_name": "\\KnownDlls32\\wintypes.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory"
},
{
"module_name": "\\KnownDlls32\\CoreUIComponents.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\dwmapi.dll"
},
{
"module_name": "\\Windows\\Theme2337474972",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\Theme3085020103",
"module_tag": ""
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:168:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:64:WilError_01",
"status": "success or wait"
}
],
"process": {
"name": "rl_file.exe",
"parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" "
},
"process_actions": [
{
"action_type": "process_queried",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
},
{
"action_type": "process_terminated",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\NULL",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\App Management",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\Compatibility\\rl_file.exe",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\App Management",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Input",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
"status": "success or wait",
"value": ""
}
]
},
{
"file_actions": [
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-white_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-black_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mk-MK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-white_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cs-CZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "248aaea9.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sr-Cyrl-BA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-GT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.done.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "History",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "294af3d2.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ms-MY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-IT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "edputil.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-AT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "294af3d2.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-TN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ro-RO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-RE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "da083887.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uxtheme.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "chrome_shutdown_ms.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "af-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UsageLogs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "DeviceDiagnostic.debugreport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-BH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "2ab80eb2.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-black_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ucrtbase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-black_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Temp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "DefaultLayouts.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "DefaultLayouts.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "versionlist.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Chrome",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-IT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Credentials",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "tox.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-YE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Converged_v21033[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Converged_v21033[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "active-update.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hi-IN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-ML",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-419",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "BrowserMetrics",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-black_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "DeviceDiagnostic.debugreport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ActiveSync",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "settings-tipset[2].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[3].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistMSI1AE4.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistUI7855.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-IE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-GT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "c43bb7d1.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "au-descriptor-1.8.0_301-b09.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "2ab80eb2.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "LogoImages",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "3534848bb9f4cb71",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "results.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-BZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Windows",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-FR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-SN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sl-SI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "lv-LV",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "BDN4269.tmp.dir",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "favicon[2].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shlwapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OLEAUT32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-black_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "InputPersonalization",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "favicon[3].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "end of file"
},
{
"action_type": "file_opened",
"file_name": "id-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-RE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "eu-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-white_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[2].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcrypt.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WININET.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Windows",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "705bcfd6.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "294af3d2.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-MY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GDI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ha-Latn-NG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rsaenh.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDrive.VisualElementsManifest.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sl-SI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hu-HU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcp_win.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TokenBroker",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sv-FI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ru-RU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "imagestore",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "2ab80eb2.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-black_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_vcredistUI7869.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTSP.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Media Player",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "es-HN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v2.0_32",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLDAPI.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MicrosoftEdge",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-SA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistMSI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "DefaultLayouts.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sq-AL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "System",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ResultReport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Event Viewer",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.decrypt.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_written",
"file_name": "dd_vcredistMSI7855.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hu-HU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-OM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-black_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "User",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistMSI7855.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_read",
"file_name": "brndlog.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WS2_32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-black_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "favicon[3].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fa-IR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "win32u.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistMSI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "510dd5a4.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sk-SK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "5fc0968a.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Microsoft",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistMSI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Firefox",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-SN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MountPointManager",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Converged_v21033[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-HK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kernel.appcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-BE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-GB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-white_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gl-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "12.0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "c:",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DeviceDiagnostic.debugreport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-white_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "favicon[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "end of file"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Converged_v21033[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GameDVR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-029",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistUI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-MX",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "4254396c.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WidevineCdm",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sk-SK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bg-BG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UserProfileRoaming",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Vault",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNELBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-DZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-white_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tr-TR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "Converged_v21033[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-FR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNEL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-white_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "input",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "favicon[2].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "desktop.ini",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "af-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-QA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-EG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "c43bb7d1.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sysmain.sdb",
"file_path": "C:\\WINDOWS\\AppPatch",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDrive.VisualElementsManifest.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "294af3d2.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-NZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-black_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDrive",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-IQ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "248aaea9.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "aeb763fb.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "apphelp.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-KW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-EC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CrashReports",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hy-AM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "favicon[3].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "end of file"
},
{
"action_type": "file_opened",
"file_name": "Low",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tr-TR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "eu-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Recovery",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-white_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "msapplication.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "brndlog.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-SG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fi-FI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hr-BA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistMSI19D2.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-VE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pt-PT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "versionlist.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nb-NO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "setup",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-MX",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Groove",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "user",
"file_path": "C:\\Users",
"status": "object name collision"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nl-BE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ka-GE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "clbcatq.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AppData",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "favicon[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-UY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "8fce0f3.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "au-descriptor-1.8.0_301-b09.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-black_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "History.IE5",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-SG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistUI19D2.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "favicon[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-DO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistMSI19D2.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sechost.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DBG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-black_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "acrocef_low",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "8fce0f3.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "a5ea21[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-EC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-white_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "da083887.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "desktop.ini",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistUI19D2.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uk-UA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sw-KE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-AR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-IN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_vcredistMSI19D2.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DBG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pnacl",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-UY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sr-Cyrl-RS",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-AE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msdtadmin",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-white_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v4.0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sr-Cyrl-ME",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Vault",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-white_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "iecompatdata.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "1833c4e9.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "510dd5a4.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bg-BG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Low",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OriginTrials",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Unistore",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ResultReport.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistMSI1AE4.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "favicon[2].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ResultReport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-JM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-white_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistUI1AE4.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "favicon[3].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Microsoft",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Mozilla",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "History",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-KW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistMSI1AE4.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-NZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "msapplication.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "510dd5a4.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-white_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-black_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "b11b460a.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PROPSYS.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Internet Explorer",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "5fc0968a.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cfgmgr32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AudioDiagnostic.debugreport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "et-EE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "1833c4e9.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "update100[1].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fi-FI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msapplication.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ResultReport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Converged_v21033[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "favicon[2].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "end of file"
},
{
"action_type": "file_opened",
"file_name": "combase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Tox.exe",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PeerDistRepub",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-DO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pl-PL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "b11b460a.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_vcredistUI1AE4.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "RPCRT4.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "705bcfd6.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-NI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DefaultLayouts.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kk-KZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "results.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "rl_file.exe:Zone.Identifier",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "he-IL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "da-DK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-white_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "248aaea9.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-black_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "a5ea21[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PenWorkspace",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rl_file.exe",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Crashpad",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "acrord32_sbx",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ro-MD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-GB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Google",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "et-EE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "settings-tipset[2].xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-IN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "5fc0968a.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Windows.StateRepositoryPS.dll",
"file_path": "C:\\Windows\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-OM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Packages",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "chrome_shutdown_ms.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-black_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gl-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-JO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "248aaea9.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "1033",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "aeb763fb.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hy-AM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcryptPrimitives.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "favicon[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KsecDD",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WER",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "DefaultLayouts.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-white_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nl-NL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Default",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "8fce0f3.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-JO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistUI1AE4.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "unknown",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-JM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistMSI7855.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Tiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-TT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistMSI7855.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "iecompatdata.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "294af3d2.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "update100[1].xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Converged_v21033[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "el-GR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-HT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "AudioDiagnostic.debugreport.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dd_vcredistMSI1AE4.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcrt.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Office",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-white_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Sync Playlists",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-BO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-HT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "au-descriptor-1.8.0_301-b09.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntdll.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sv-SE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-IQ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-LU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "5fc0968a.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "lv-LV",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "msapplication.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "brndlog.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "user",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "c43bb7d1.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-black_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "active-update.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\308046B0AF4A39CB",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dd_vcredistMSI7869.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "510dd5a4.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mk-MK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-LI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "windows.storage.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gdi32full.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "settings-tipset[2].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe_ADMLogs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-YE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nl-BE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UsageLogs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "1833c4e9.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "705bcfd6.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "AudioDiagnostic.debugreport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-US",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kk-KZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Desktop",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-white_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "aeb763fb.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v4.0_32",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sr-Latn-ME",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "he-IL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-white_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rl_file.exe:Zone.Identifier",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-white_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-AE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tox.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "4254396c.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-AU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_vcredistUI7855.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v4.0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-AU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "AudioDiagnostic.debugreport.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "b11b460a.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Credentials",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "active-update.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v2.0_32",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Local",
"file_path": "C:\\Users\\user\\AppData",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Chrome",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Caches",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "ca-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SHELL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-black_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "b11b460a.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bn-BD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PROPSYS.dll.mui",
"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GameDVR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-DZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "da083887.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "favicon[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-white_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistUI7855.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pt-BR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-MC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ConnectedDevicesPlatform",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Microsoft Help",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Publishers",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "active-update.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-QA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-AR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "User Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "favicon[2].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sw-KE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "da083887.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "iertutil.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cversions.1.db",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-NI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ms-MY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "iecompatdata.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-LU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-TN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pt-BR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "desktop.ini",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistUI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TokenBroker",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ro-MD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-SA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "versionlist.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "a5ea21[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-MC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-black_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hr-BA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "oleaut32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_vcredistUI7855.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "2550435360",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Caches",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pl-PL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "a5ea21[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"status": "end of file"
},
{
"action_type": "file_written",
"file_name": "favicon[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CrashReports",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fa-IR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "favicon[2].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "end of file"
},
{
"action_type": "file_deleted",
"file_name": "favicon[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Safe Browsing",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-black_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nb-NO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-white_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "lt-LT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "id-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistUI1AE4.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "c43bb7d1.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "update100[1].xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "el-GR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "510dd5a4.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-EG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "History.IE5",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hr-HR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dd_vcredistUI1AE4.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-black_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "versionlist.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-SY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "favicon[2].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Converged_v21033[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Temp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "input",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-HK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_vcredistMSI1AE4.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-white_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ms-BN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "1833c4e9.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sv-FI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Start Menu",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "ca-ES-valencia",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Comms",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dd_vcredistUI7855.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-IE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[3].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "8fce0f3.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-white_scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.contrast-black_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nl-NL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-white_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-DE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ResultReport.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ole32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_vcredistMSI7869.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\TokenBroker",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-white_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Comms",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cs-CZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-TT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-MY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "8fce0f3.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-US",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ro-RO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "favicon[3].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "results.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "rl_file.exe",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "favicon[2].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hi-IN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bn-BD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "1833c4e9.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "iecompatdata.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-SV",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PepperFlash",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "results.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveSmallTile.scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "versionlist.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-LU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "FLTLIB.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v4.0_32",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_vcredistUI19D2.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDrive",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-BH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "aeb763fb.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "248aaea9.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "powrprof.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ShaderCache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Roaming",
"file_path": "C:\\Users\\user\\AppData",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "Users",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "R000000000013.clb",
"file_path": "C:\\WINDOWS\\Registration",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "profapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "4254396c.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_shutdown_ms.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "chrome_shutdown_ms.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistUI19D2.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "settings-tipset[2].xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "AudioDiagnostic.debugreport.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dd_vcredistUI19D2.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ADVAPI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "da-DK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Tox.exe",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_vcredistMSI19D2.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "favicon[3].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Unistore",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-black_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-black_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Programs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "de-DE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-HN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "results.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-SY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "D3DSCache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "da083887.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uz-Latn-UZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-LU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Office",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UsageLogs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0_32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-ML",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Vault",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-BO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-black_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_vcredistMSI7855.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "L.user",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ConnectedDevicesPlatform",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sr-Latn-BA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "favicon[3].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pt-PT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "chrome_shutdown_ms.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-VE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_vcredistUI7869.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "b11b460a.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "active-update.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\308046B0AF4A39CB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-white_scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dd_vcredistUI7869.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "brndlog.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "c43bb7d1.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "favicon[3].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WinTypes.dll",
"file_path": "C:\\Windows\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Google",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "D3DSCache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "desktop.ini",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "favicon[1].png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "end of file"
},
{
"action_type": "file_opened",
"file_name": "fr-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "update100[1].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uk-UA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-BZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveMedTile.scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-BE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "3D Objects",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-white_scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "msapplication.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "History.IE5",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ms-BN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "705bcfd6.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ka-GE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MEIPreload",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Converged_v21033[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "aeb763fb.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "12.0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PlayReady",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UnistoreDB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDrive.VisualElementsManifest.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sv-SE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nn-NO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TaskSchedulerConfig",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TabRoaming",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ElevatedDiagnostics",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-SV",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "User",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "C:",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "favicon[2].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "brndlog.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.scale-200.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Internet Explorer",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\PlayReady",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Low",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "update100[1].xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ru-RU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "settings-tipset[2].xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "2ab80eb2.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-029",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sq-AL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "Converged_v21033[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "2ab80eb2.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hr-HR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "4254396c.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveMedTile.contrast-white_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "az-Latn-AZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "updates",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PlayReady",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ActionCenterCache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SspiCli.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "urlmon.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sr-Latn-RS",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "705bcfd6.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDriveSmallTile.contrast-white_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.scale-100.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dd_vcredistMSI19D2.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-AT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nn-NO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "VirtualStore",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UnistoreDB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ca-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "iecompatdata.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "logs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "5fc0968a.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "4254396c.jpg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-LI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.contrast-black_scale-125.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WindowsApps",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OneDriveMedTile.scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveMedTile.contrast-black_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "lt-LT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DBG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "a5ea21[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ElevatedDiagnostics",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OneDriveSmallTile.scale-150.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CR_28192.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "b8aa184e[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "main.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "8cafcc5f[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "7d19123f[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "10379681[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "27a24753[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "windows-systemtoast-securityandmaintenance_249_0.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "69958a21[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "a0d3923c[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "8cafcc5f[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "43db4db3[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "69958a21[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "11ee0799[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "page_embed_script.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "e3f307cb[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "5e0abf48[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "359d2aee[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "a2f17337[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "1bf12095[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dbef2181[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "1bf12095[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "5e0abf48[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "69958a21[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "a2f17337[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "craw_window.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OldConvergedLogin_PCore[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "a2f17337[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "a2f17337[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "b8275b23[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "2743db28[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "3417f6c5[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "424a9e57[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "1bf12095[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "page_embed_script.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "a2f17337[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "eventpage_bin_prod.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "53c747e0[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "fd45bf1d[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "3a8048a4[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "b8275b23[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "craw_window.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "48a99eae[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "7d19123f[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OldConvergedLogin_PCore[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "b8aa184e[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IECompatData.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "045d3532[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "SettingsCache.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dbef2181[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "5e0abf48[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "known_providers_download_v1[1].xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "181f4d7eabe2d441119af774407152dd.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "69958a21[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OldConvergedLogin_PCore[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "8636b4dd[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "craw_background.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "a2f17337[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "045d3532[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "03cedd2d[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "7d19123f[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "2743db28[2].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "page_embed_script.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "0c3a2f0b[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OldConvergedLogin_PCore[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "craw_window.css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "IECompatData.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OldConvergedLogin_PCore[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OldConvergedLogin_PCore[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "craw_window.css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "0c3a2f0b[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "page_embed_script.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "page_embed_script.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "8636b4dd[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "a9486108724e44ae4e34492b400fcd5c.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "69958a21[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "main.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "96c26e78[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "craw_window.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "359d2aee[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "8cafcc5f[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "2743db28[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "424a9e57[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "8cafcc5f[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "IECompatData.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "main.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "SettingsCache.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "03cedd2d[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "craw_window.css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "a2f17337[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "a0d3923c[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "424a9e57[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "page_embed_script.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "5e0abf48[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "eventpage_bin_prod.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "1bf12095[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "page_embed_script.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "craw_background.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dbef2181[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "2743db28[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "main.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "0c3a2f0b[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "045d3532[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "69958a21[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dbef2181[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "a2f17337[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "2743db28[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "96c26e78[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "a0d3923c[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "eventpage_bin_prod.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "eventpage_bin_prod.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "3417f6c5[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "main.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "b8275b23[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "69958a21[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "a9486108724e44ae4e34492b400fcd5c.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "b8aa184e[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "eventpage_bin_prod.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "eventpage_bin_prod.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "b8aa184e[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "windows-systemtoast-securityandmaintenance_249_0.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "OldConvergedLogin_PCore[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "27a24753[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "craw_background.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "main.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "e3f307cb[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "FlightingLogging.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "43db4db3[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "windows-systemtoast-securityandmaintenance_244_0.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "10379681[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "0c3a2f0b[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "f60c0b47[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ConvergedLoginPaginatedStrings.EN[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "known_providers_download_v1[1].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "5e0abf48[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "e3f307cb[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "03cedd2d[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "known_providers_download_v1[1].xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ConvergedLoginPaginatedStrings.EN[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "windows-systemtoast-securityandmaintenance_249_0.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ConvergedLoginPaginatedStrings.EN[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "424a9e57[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "9db0f1a3[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "2743db28[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "main.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "SettingsCache.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "eventpage_bin_prod.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "b8275b23[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "b8aa184e[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "craw_window.css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OneDriveSmallTile.contrast-white_scale-400.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "3417f6c5[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "359d2aee[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "FlightingLogging.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "windows-systemtoast-securityandmaintenance_244_0.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "43db4db3[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "craw_background.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "craw_window.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "OldConvergedLogin_PCore[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "2743db28[2].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "9db0f1a3[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "48a99eae[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "b8275b23[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "b8aa184e[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "eventpage_bin_prod.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "69958a21[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ConvergedLoginPaginatedStrings.EN[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "craw_window.css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "craw_background.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "page_embed_script.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "43db4db3[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "69958a21[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "2743db28[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "craw_background.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "a0d3923c[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "3a8048a4[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "IECompatData.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "53c747e0[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "craw_window.css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "9db0f1a3[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "431acc73d0187c752f5885ebf2df90c0.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "96c26e78[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fd45bf1d[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "main.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "2743db28[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "craw_window.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "045d3532[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "a9486108724e44ae4e34492b400fcd5c.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "page_embed_script.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "424a9e57[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "3a8048a4[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "fd45bf1d[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "7d19123f[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "11ee0799[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "10379681[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "69958a21[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "48a99eae[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "48a99eae[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "f60c0b47[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "OldConvergedLogin_PCore[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "craw_window.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "main.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "eventpage_bin_prod.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "craw_background.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "9db0f1a3[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "3a8048a4[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "03cedd2d[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "8cafcc5f[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "3a8048a4[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "43db4db3[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "FlightingLogging.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "b8aa184e[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "known_providers_download_v1[1].xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "3a8048a4[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "8636b4dd[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "SettingsCache.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "27a24753[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "69958a21[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "IECompatData.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "8636b4dd[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "96c26e78[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "a0d3923c[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "b8275b23[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "craw_window.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "69958a21[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "03cedd2d[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "3417f6c5[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "10379681[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "main.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "b8275b23[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "b8aa184e[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "craw_background.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "a2f17337[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "181f4d7eabe2d441119af774407152dd.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "431acc73d0187c752f5885ebf2df90c0.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "OldConvergedLogin_PCore[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "10379681[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "69958a21[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "f60c0b47[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "96c26e78[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "f60c0b47[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "2743db28[2].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "48a99eae[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "9db0f1a3[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "2743db28[2].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "main.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "11ee0799[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "2743db28[2].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "craw_window.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "fd45bf1d[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ConvergedLoginPaginatedStrings.EN[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "3a8048a4[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "8636b4dd[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "53c747e0[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "FlightingLogging.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "27a24753[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "3a8048a4[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "7d19123f[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fd45bf1d[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "3a8048a4[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "11ee0799[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "3a8048a4[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "b8275b23[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "045d3532[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "craw_window.css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "359d2aee[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "359d2aee[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "b8aa184e[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ConvergedLoginPaginatedStrings.EN[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dbef2181[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "2743db28[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "e3f307cb[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "main.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "FlightingLogging.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "craw_window.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "craw_window.css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "3417f6c5[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "b8275b23[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "eventpage_bin_prod.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "craw_background.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "f60c0b47[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "craw_window.css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "181f4d7eabe2d441119af774407152dd.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "2743db28[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "69958a21[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "431acc73d0187c752f5885ebf2df90c0.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "53c747e0[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "windows-systemtoast-securityandmaintenance_244_0.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "craw_background.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "2743db28[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "known_providers_download_v1[1].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SettingsCache.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "69958a21[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "1bf12095[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "b8275b23[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "0c3a2f0b[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "b8aa184e[2].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "53c747e0[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "craw_window.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "main.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "main.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "11ee0799[1].css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "a2f17337[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "page_embed_script.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "main.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "e3f307cb[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "27a24753[1].js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "C:\\Windows\\SysWOW64\\oleaut32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\msvcp_win.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\SspiCli.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\RPCRT4.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\WS2_32.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\USER32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\combase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\win32u.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\windows.storage.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\propsys.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\OLEAUT32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\PROPSYS.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\iertutil.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\rsaenh.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\KERNELBASE.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\FLTLIB.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\Windows.StateRepositoryPS.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\apphelp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\IMM32.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\CRYPTSP.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\imm32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\kernel32.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\kernel.appcore.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\bcryptPrimitives.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\powrprof.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\bcrypt.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\msvcrt.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\CLDAPI.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\rsaenh.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wow64.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\bcrypt.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\iertutil.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\sechost.dll",
"module_tag": ""
},
{
"module_name": "unknown",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wow64log.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\apphelp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wow64cpu.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\edputil.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wow64win.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\clbcatq.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\UrlZonesSM_user",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\shlwapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\ucrtbase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\profapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\KERNEL32.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\cldapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\GDI32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\cryptsp.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\WININET.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\wininet.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\WinTypes.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\urlmon.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\en-US\\propsys.dll.mui",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\cfgmgr32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\edputil.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\uxtheme.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\shcore.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\SHELL32.DLL",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\urlmon.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\apppatch\\sysmain.sdb",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Registration\\R000000000013.clb",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\CRYPTBASE.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\gdi32full.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\ADVAPI32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\ole32.dll",
"module_tag": ""
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:168:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:64:WilError_01",
"status": "success or wait"
}
],
"process": {
"name": "rl_file.exe",
"parameters": "C:\\Users\\user\\Desktop\\rl_file.exe"
},
"process_actions": [
{
"action_type": "process_created",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
},
{
"action_type": "process_queried",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000323-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0000032A-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\rl_file.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AllFilesystemObjects",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{75847177-f077-4171-bd2c-a6bb2164fbd0}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE\\Diagnosis",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{1649D1CF-DEAF-4A68-ABE8-5C9F68572FD1}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\AppCompat",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1649d1cf-deaf-4a68-abe8-5c9f68572fd1}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\ZoneMap\\Ranges\\",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InProcServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Folder",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\feature_localmachine_lockdown",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InProcServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\internet explorer\\main",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\shell\\open",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\DebugInformation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000323-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Application",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000339-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{75847177-F077-4171-BD2C-A6BB2164FBD0}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\internet explorer\\main",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\rl_file.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0000032A-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000339-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc\\Extensions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\CurVer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile",
"status": "object name not found",
"value": ""
}
]
}
],
"classification": "MALICIOUS",
"configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11",
"dropped_files": [
{
"classification": "MALICIOUS",
"file_name": "Tox.exe",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"sample_size": 636416,
"sample_type": "PE/Exe",
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
{
"classification": "UNKNOWN",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
"md5": "949ba0554f8e29dc24f5ce71d9f40d3f",
"sample_size": 3448,
"sample_type": "Binary/None",
"sha1": "1c2e7072945f9d41022daac5cdd3e5c33389e071",
"sha256": "65523544b3e2f9f46be3b68953b5102d9ad460197df40a90c8b0786c0a31cae5"
},
{
"classification": "MALICIOUS",
"file_name": "8cafcc5f[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "db4573f2f3a6e88768f63363c607f1e8",
"sample_size": 125376,
"sample_type": "Binary/None",
"sha1": "fec7efbaf193949fde393c5c67afcc1258a2acd0",
"sha256": "c97ebcb9fbb1622f66accf54f49dca2280a5e5333768e06d4e519c7af7ae5ec1"
},
{
"classification": "UNKNOWN",
"file_name": "page_embed_script.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"md5": "78a8376cbfee1ce15bc796f1735cb7bf",
"sample_size": 288,
"sample_type": "Binary/None",
"sha1": "f08ec4eab6d493a6a6d16463453687398dcc5985",
"sha256": "f7eb7d4ef9e7c55af90438324800982a3a2a9f41f560392422506b27b5cae173"
},
{
"classification": "UNKNOWN",
"file_name": "a5ea21[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"md5": "07c6dbf463f0f2e51ca5f4e45ef48664",
"sample_size": 40,
"sample_type": "Binary/None",
"sha1": "50a848872bd0f812d8c6a5987a6a8866c2177ff0",
"sha256": "5ce56c888038a0426005eb80abe4155bbde043756b7cbbed11503039c2581217"
},
{
"classification": "UNKNOWN",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"md5": "eeaff059138cd55441bc34fdfc919ec0",
"sample_size": 3440,
"sample_type": "Binary/None",
"sha1": "e6d48862f83c7213a9cc13ba7ecc4781a7d82eed",
"sha256": "5dcae96033ba95485ad2c885d17fe6102c837397618c3182dbd73abeadc969f2"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "76f184bb00db4b20a96e9d563e2ff705",
"sample_size": 1432,
"sample_type": "Binary/None",
"sha1": "ebeea1be590a282f398e1392161c8de981c49dfe",
"sha256": "52ca52b2a99febe5da76237787d5b2b392c6d6de5a85a2200c68e9d7be276021"
},
{
"classification": "UNKNOWN",
"file_name": "craw_window.css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
"md5": "e62cde757b51b2e48c65bc9362839d03",
"sample_size": 1784,
"sample_type": "Binary/None",
"sha1": "ff5c6e346fe9b830f102f7e50074a150a7bf2f0d",
"sha256": "e9c67e89801811bf137e71a712399bd8cfa6ebe8f7597f472e923a2857a3f762"
},
{
"classification": "MALICIOUS",
"file_name": "1833c4e9.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "69243748084c8a26e494271ba83bf5a3",
"sample_size": 47424,
"sample_type": "Binary/None",
"sha1": "37684ede0d616ad8687de86213efdd4c6be81f66",
"sha256": "9e1b0b7121277ebc42f31661a477f709b64dd1d591398e6c2785db83ae7bedd6"
},
{
"classification": "MALICIOUS",
"file_name": "2ab80eb2.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "bbba22e6526ba13f686aafdb97a25bb6",
"sample_size": 30080,
"sample_type": "Binary/None",
"sha1": "9232a097b1754d9f2823c5cb75557497230e7c6d",
"sha256": "6d22a69fe61549203fc699a797effcea301d269239c666fb378468d6bdcb2cd5"
},
{
"classification": "MALICIOUS",
"file_name": "OldConvergedLogin_PCore[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"md5": "96727038666752f23f42dcb7b5f076f2",
"sample_size": 440736,
"sample_type": "Binary/None",
"sha1": "b10bc9db352525cc3e6532004b626a11550d1ef9",
"sha256": "b552a244537ad35398cb9b70c240ab777040e55f03d5c7a11914ed33955d65a1"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "96e93a1dfa1661f0a545102014e45bae",
"sample_size": 632,
"sample_type": "Binary/None",
"sha1": "77c3c7e12d723d0923b6e575c74da53db228541a",
"sha256": "39e47018eb2b323a5d6591812645072eb016aa8c94604ca6c578baa40e98d62b"
},
{
"classification": "UNKNOWN",
"file_name": "active-update.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",
"md5": "cef18d6fd2b9ea9da4de885ea1f501ea",
"sample_size": 1088,
"sample_type": "Binary/None",
"sha1": "d91fc1d1bfddf1eeed4a8c00e7d16733b5f49ffa",
"sha256": "403f3c0b05d07145b70657d819277672063a3740123463e714492232a874f94a"
},
{
"classification": "UNKNOWN",
"file_name": "c43bb7d1.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "22694bf7c107f414a88eef68a7287f04",
"sample_size": 3328,
"sample_type": "Binary/None",
"sha1": "7d019d40e477a9abe75cceee30eab76ee3c0d539",
"sha256": "4c748d62d99d39a92c08b94f53dc2394c6199736326b7ec0ef4d3667cad85fa3"
},
{
"classification": "UNKNOWN",
"file_name": "a2f17337[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"md5": "63265af0a660bb52c6a93ad52cdd5b15",
"sample_size": 368,
"sample_type": "Binary/None",
"sha1": "eff7a570dda957caca3a5bb5a12e04fd13d85262",
"sha256": "3ebb9cfae53cdbf4f1c4b2b69cd94159bae8facc8b0d67b5f78238a6441af3e3"
},
{
"classification": "UNKNOWN",
"file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"md5": "c61ae23f6d2810fe1aee411eac4769c8",
"sample_size": 1304,
"sample_type": "Binary/None",
"sha1": "d570ac147327fc99774190a1f61e22cd212f7f89",
"sha256": "c96e0eac6c7802b43071e217200b2f804db9638949eb6458dc2a7ec0dc5574d2"
},
{
"classification": "UNKNOWN",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"md5": "1a7aef1670a219808431da5e55e187e9",
"sample_size": 5024,
"sample_type": "Binary/None",
"sha1": "dbf8a14e21312e11c2c151c75d8c72ca55bad836",
"sha256": "af145c976b575c5349639b57d64d2fbe1245db1c46f29417aafb4cc1e9e9c96a"
},
{
"classification": "UNKNOWN",
"file_name": "msapplication.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
"md5": "c91f7e0d191fe1b31cd9e068caf34558",
"sample_size": 416,
"sample_type": "Binary/None",
"sha1": "600ebcf7d39a17de1e173d2d696e74043584f6a9",
"sha256": "b061e21a60c2b1f40d3685d5cc44c24caddb5b43fab12606c8131b0181b36df3"
},
{
"classification": "MALICIOUS",
"file_name": "dd_vcredistMSI7869.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "262f3902763b06ad02e57cd11166b352",
"sample_size": 424352,
"sample_type": "Binary/None",
"sha1": "d000b3c1925cb78f19a0e4f1cfd7f8ed13917a16",
"sha256": "9c4e62f086214923e23fcca47f67498f68df7c8f61ee541c45034259c4a123b3"
},
{
"classification": "MALICIOUS",
"file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"md5": "239e00d6977d179678075874598f377d",
"sample_size": 23112,
"sample_type": "Binary/None",
"sha1": "56ddee0650eb3250c090b5c1e377e59a19752db5",
"sha256": "89ce04019debb827fed2c4e800300304c3a078046689f2d915dc58aa5a032c6b"
},
{
"classification": "MALICIOUS",
"file_name": "1bf12095[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
"md5": "e91c28dc017f3297d168f49c5ad86749",
"sample_size": 217832,
"sample_type": "Binary/None",
"sha1": "be13adcea83feec2bda41e82c31afb9e5dbdaa78",
"sha256": "71d6d2beecda8079d82e0985a6458dc300138254a0e039972df1e6f482df07aa"
},
{
"classification": "UNKNOWN",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
"md5": "8e2f9ff3a6eb780f163d876a4493c2ee",
"sample_size": 6744,
"sample_type": "Binary/None",
"sha1": "45e7cbdbd57deda347f88b87ae02865b1b709199",
"sha256": "345f5f4d8fdb2c489874eb467df654ddc240ee13f55d1251c08d0b1814dab57b"
},
{
"classification": "UNKNOWN",
"file_name": "3a8048a4[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"md5": "3a68dfa10af07adeca23a58a30312d2f",
"sample_size": 6688,
"sample_type": "Binary/None",
"sha1": "f2bf3cff675dbe2c618f03bf6561b52ba8e1968d",
"sha256": "0374e29d2202e50454746618bb3ca5678b9742d34b97722962c367d508d2375d"
},
{
"classification": "MALICIOUS",
"file_name": "7d19123f[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "59851c448a4a073ff6fa9cd9d4d606a4",
"sample_size": 95448,
"sample_type": "Binary/None",
"sha1": "4a60246b7c24f52e14e9d98e4c43904fefc67b30",
"sha256": "47b636339d67d315a4d7f647204a630f44bbc4a5466f555b1d7f849d89d25796"
},
{
"classification": "UNKNOWN",
"file_name": "favicon[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"md5": "f3b1a72895a05384dd2bc527813651a7",
"sample_size": 40,
"sample_type": "MZ/DOS",
"sha1": "1cf20dc1ec4fbea198822ca79c32082f9b6e9986",
"sha256": "1438ab63e3516dbf7fb87eecda3b4cca0da0a7e18950304581cdb5e938bf2686"
},
{
"classification": "UNKNOWN",
"file_name": "705bcfd6.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "ba1a0ed090c1fcf508cf2b3872aa6989",
"sample_size": 6864,
"sample_type": "Binary/None",
"sha1": "230194fa9e048d4720287e6a2535259975dbfd08",
"sha256": "17740617b346d3e67312f2ba01a70a89b60cd8b8bb27ac8cd4d242d75198911d"
},
{
"classification": "MALICIOUS",
"file_name": "craw_window.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"md5": "981113ec7eb738152c4549dd770c7d06",
"sample_size": 265832,
"sample_type": "Binary/None",
"sha1": "c6223cb14c21eb7eaccbeca19e03b5007dbbe9f5",
"sha256": "e653477fdeec302de7254f9715a87105a4950d8ab62bec073db68bc91e7b9383"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "96a3d0ea1b838c7eae3a4795e2d3bb18",
"sample_size": 576,
"sample_type": "MZ/DOS",
"sha1": "ad1e61af95bad249c657df359d32c21b01100b7b",
"sha256": "5277db5d7835bb725801563ebbd675fbcc1d70729dd103437fde388dee8d8aa4"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "15ab653bc7720bb7ed0f19c8a26534c3",
"sample_size": 840,
"sample_type": "Binary/None",
"sha1": "c24d1ff9feb5398b0c1c9f793cd42bfdfc38e598",
"sha256": "14a6a1f10d9121e38507238e82f94c266c29789afddf71f0413d2979f52fb1b6"
},
{
"classification": "UNKNOWN",
"file_name": "favicon[3].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"md5": "0ee824fd13122ebd201d2ee9c3dbcfeb",
"sample_size": 40,
"sample_type": "Binary/None",
"sha1": "97ad6030b4773a8b7bfdcabaa71f6b73497df199",
"sha256": "626b1d6edfe07a7691432ed27aa144d27f9e4bef242ae75ed52239d0974cd390"
},
{
"classification": "UNKNOWN",
"file_name": "FlightingLogging.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
"md5": "41b3fa8d1ec44a5ef24c0ae580e475c5",
"sample_size": 592,
"sample_type": "Binary/None",
"sha1": "d5d22bb03085fe85f393782feec0450dcd2e764d",
"sha256": "16113f571340e94639ef90cf4aeb47321102345fdee45fd585826a7a9c4c7f40"
},
{
"classification": "MALICIOUS",
"file_name": "Converged_v21033[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"md5": "9780019e8eeece8eeef305a830d1ce27",
"sample_size": 95952,
"sample_type": "Binary/None",
"sha1": "f01a8d40a5bceed9f57bea23718256087a40186f",
"sha256": "fc46a655c45c7d81f52e3bc1a183bef99b188b90720629500fd3b6d3a7272fbc"
},
{
"classification": "UNKNOWN",
"file_name": "craw_window.css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
"md5": "55792199a2d034671f1c53d07259d903",
"sample_size": 1784,
"sample_type": "Binary/None",
"sha1": "bdd88f2ccc46c7cf28103bc890b5606f8ac3d213",
"sha256": "39d4f9c8dbe9e6937be3d89f4cef63812267e4637c11674f9080d7fba01d5600"
},
{
"classification": "MALICIOUS",
"file_name": "9db0f1a3[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "0238ef826a07fba232a1c2d2a85c925a",
"sample_size": 602776,
"sample_type": "Binary/None",
"sha1": "6483ff3e2772cdf76f2cd42ca6fbeceefef2cd11",
"sha256": "7d4e80b40e9d60cbf5eef552c67de1bfa7c92c9a79a3f90f363662fb6be4cb64"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "34f9effcf15b5d9024eac98c1949fc16",
"sample_size": 568,
"sample_type": "Binary/None",
"sha1": "7b02c7f4556225f372287618e3ff106c823b7a2e",
"sha256": "c5a5bb7fef76d5d08e3268e0b4878c2505ed0199b605534861a6515bf78a0f10"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "d75944f683f11b95b7bf4af112e27cb5",
"sample_size": 3576,
"sample_type": "Binary/None",
"sha1": "6dffe111ed011b6113032c777ffdf0c03716211f",
"sha256": "5bf86a0650586d243f02bd8e311b66b28c957a20f62cab327e30a7d7d4c26bec"
},
{
"classification": "UNKNOWN",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"md5": "c1219038364d783af4d36168b44564d4",
"sample_size": 4400,
"sample_type": "Binary/None",
"sha1": "80ec255a6f61d2e3537b7fbb14e17a7933f4a86d",
"sha256": "574484a87104a7e4cac31593eed5ede17b15ff6ab50577ee1ca4142a095d1f31"
},
{
"classification": "UNKNOWN",
"file_name": "aeb763fb.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "6eb6947ee33408d5304d723261fd84b5",
"sample_size": 11008,
"sample_type": "Binary/None",
"sha1": "b2b441f97062dffd2de4bebe6b916676e9dc887f",
"sha256": "b87ebaa2bd92d2eaf88fae26fc7afb602bf0d941b929c756e4bb8010ab376b55"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "5fcdbc5ff3d4a169869a0e05fbfff1db",
"sample_size": 3264,
"sample_type": "Binary/None",
"sha1": "72aef388bda0e55752c0bd12173c9ed7e53153e8",
"sha256": "870332619c3d0843cf701643f627c77c2da756b70eaee2aab791ce221c15eb16"
},
{
"classification": "UNKNOWN",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"md5": "935bf747c27c9076f53c9122bd89c396",
"sample_size": 200,
"sample_type": "Binary/None",
"sha1": "1ec0fc4890af3a14b5a82085e765f2065565a683",
"sha256": "247f6d66c9010bd9d40a35914fcf8280e4f5f8d2b022e42bd2bb80a19a32b447"
},
{
"classification": "MALICIOUS",
"file_name": "0c3a2f0b[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "e7aee7adafeb069be0f0eca63557d06b",
"sample_size": 17488,
"sample_type": "Binary/None",
"sha1": "5ac62172528b725e4f125e1ce9f6e5bb6cc14637",
"sha256": "0a66b70be34e9c9a91b6687586fbec04fba6502ba63b63eebfbf991713de15bc"
},
{
"classification": "UNKNOWN",
"file_name": "favicon[2].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"md5": "9fd12d1f546213fa9fb56d811fc6733b",
"sample_size": 40,
"sample_type": "Binary/None",
"sha1": "c8527ee841ae3ac9c87ab9ceb41595e85fc387c7",
"sha256": "d3de682693639cb4973d2c051f56f8e166eebf88650bd608046e400f2adce744"
},
{
"classification": "MALICIOUS",
"file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "f1b84725c606be70377ccdaafd8f9987",
"sample_size": 282672,
"sample_type": "MZ/DOS",
"sha1": "0d6a91a9336839e641e426cac352a163af2699d1",
"sha256": "1496a0d2ad712cc91ffe7a7676f77cbf1d7e563690b622b21e547050b24e8099"
},
{
"classification": "MALICIOUS",
"file_name": "craw_background.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"md5": "572611e65e675c06df25b8b9e9bc9972",
"sample_size": 544680,
"sample_type": "Binary/None",
"sha1": "8f41732d61c789d38efbf3625fe521e5a0698578",
"sha256": "bfaafb3d3a52260fdf08722d1200a664f317b6416ac9f3e27fc7e036b49eaa0d"
},
{
"classification": "MALICIOUS",
"file_name": "27a24753[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "ec9976585cd7a7004ab0c694c555645b",
"sample_size": 51128,
"sample_type": "MZ/DOS",
"sha1": "d573108be58563176f95737e773b43ffacfd608d",
"sha256": "85d9a94ab35fb1781a0e3ab7d7fa555dccf0cbcec83c2ba63cd38dbced51dafc"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "247d8435213797e046e04542a847086e",
"sample_size": 3264,
"sample_type": "Binary/None",
"sha1": "c469b0ac04db1e34bf8ee389ef116a32b35b424a",
"sha256": "b1b95a75abe1c41ec890e5e49e6bbb56eb3eec7f3515b1a623bff5a8cc7fc85c"
},
{
"classification": "MALICIOUS",
"file_name": "43db4db3[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "389f3114d26e841ff94c382d1ebd90d6",
"sample_size": 50056,
"sample_type": "Binary/None",
"sha1": "51c35183d8b8df135aaf0e7644ca295aec397e22",
"sha256": "2e943d6c7ca2822981c24f7fba74f9163ab946f78286643c41935d81ac69e88e"
},
{
"classification": "UNKNOWN",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"md5": "451196cd8196be321b42de5235a3ba4a",
"sample_size": 184,
"sample_type": "Binary/None",
"sha1": "0f1bf87249c279f1c0ebbbaf530c4418cb04e034",
"sha256": "d19297c9dc4ef556dc0154f45449bf2df31bf328728361992f92e6aba1119900"
},
{
"classification": "UNKNOWN",
"file_name": "8fce0f3.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "4e84a4dfbd89b3c7d95c7db50eaecf94",
"sample_size": 4304,
"sample_type": "Binary/None",
"sha1": "5009e1f3e850f11c6ed67ad5eef2b28ca2991035",
"sha256": "d353b9c16661e02a4ebcbff2b2ce0d2cad7a61b886c7120a3abba23315045c70"
},
{
"classification": "MALICIOUS",
"file_name": "dd_vcredistUI7855.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "afd55a4bb073b78b938caec26331328c",
"sample_size": 48776,
"sample_type": "Binary/None",
"sha1": "ce13f4a96e4ff0c8adf200d3daecbf89423f890c",
"sha256": "53eab4144250f1b4a5bdcdad2fa24a50ffcba91f7771fa5864103175cfb39357"
},
{
"classification": "UNKNOWN",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
"md5": "93d73ad36b24abc404ee16e856c98e0c",
"sample_size": 2048,
"sample_type": "Binary/None",
"sha1": "381ec2722edb4a96517b34fa027231c545b76600",
"sha256": "95856cc9e8f9e76dcf619432261836ee55070c3c85de2d91270e99da1466c06e"
},
{
"classification": "UNKNOWN",
"file_name": "dd_vcredistUI19D2.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "a8c35e68f70762fa6b68d862872fcbc9",
"sample_size": 16488,
"sample_type": "Binary/None",
"sha1": "d773ea536cbc14a839b897d0fd1ea2b6a05df2da",
"sha256": "7dfdda2fdb85b1d9c9ab41fe90ec288a322d4ab315e4bd6c1f9c0cd5eb54c769"
},
{
"classification": "UNKNOWN",
"file_name": "main.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
"md5": "8ad83bdb282a752774ce2c649f58c6b6",
"sample_size": 136,
"sample_type": "Binary/None",
"sha1": "29246027450a8321d6b58bf6dcf806908a6a248b",
"sha256": "b85080fb4d9e5b8e80ad84beb70575c86e561dffb7e3a1f5b8dd75aeffa5140c"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "4c9cf795c25f7d3ef2a0e16f14df0c4b",
"sample_size": 1536,
"sample_type": "Binary/None",
"sha1": "3b36a6166bb0229a2d724197f666709cfb388c3b",
"sha256": "9654f6e16e208fd22ee8cc7d3a79e95d00aa1d5715b424f1ddaf4e1101ea1d1d"
},
{
"classification": "MALICIOUS",
"file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"md5": "cd3bf48fe89eaab163521494811e8e3a",
"sample_size": 2152,
"sample_type": "Binary/None",
"sha1": "052dfddb6942c075ab580d9a4b4400fee705ec26",
"sha256": "32b00e3d2df12c68de72f21b0f12e1396123b185fa7650ac4ba3686377e4ec8f"
},
{
"classification": "MALICIOUS",
"file_name": "eventpage_bin_prod.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"md5": "5f05faaa8ca8b9f63d66686fa8f6a2d2",
"sample_size": 67840,
"sample_type": "Binary/None",
"sha1": "24cda9620a69dd3f2c8ddc8eda8cb6c25ba35527",
"sha256": "a22ab5067e71e8515ef53f213c18c8ea6fffdc40907f6ebaf3173f7eae62f0f0"
},
{
"classification": "UNKNOWN",
"file_name": "5fc0968a.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "5e518df1358f3c40a7b57580eb7257dd",
"sample_size": 4992,
"sample_type": "Binary/None",
"sha1": "ae37f94443a1e6712b253a2d703c988bb483fd0d",
"sha256": "9fb39f5b62b17fcde2062ba2376ef2da2ba374cdd45e2c00462255aec60d61af"
},
{
"classification": "MALICIOUS",
"file_name": "96c26e78[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "37114fef115cb2ed08cd0f9b345f1e32",
"sample_size": 43168,
"sample_type": "Binary/None",
"sha1": "bb819a6224ca85de5812f6ff927b7f130bc68d57",
"sha256": "a6a5d21058a3c3d597b79b9a73766613392fc89a7d4cf1b3bc00d0a20f9aa970"
},
{
"classification": "MALICIOUS",
"file_name": "f60c0b47[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "5a9c32cd6aa4a8059fe10b7eb2db952a",
"sample_size": 145336,
"sample_type": "Binary/None",
"sha1": "0d4b62a96c330b95c9f500aaec284fb16b058755",
"sha256": "532f10c33703d669cbbf121fa3df1ac171598462d5b2355587dc4fa4bb387b55"
},
{
"classification": "MALICIOUS",
"file_name": "dd_vcredistMSI19D2.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "046f80b68972d227bc9761cbb3b328af",
"sample_size": 594368,
"sample_type": "Binary/None",
"sha1": "5b4bb44e4fa62b70fb0a9ce1c7b3506c8a003dbf",
"sha256": "f2179daae61a0156c9b8660219fb79e937bacbb7f5b1804a439b9b0c3a63c24a"
},
{
"classification": "MALICIOUS",
"file_name": "dd_vcredistMSI7855.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "b79bfca58696d6c4e617f9f24188379e",
"sample_size": 437288,
"sample_type": "Binary/None",
"sha1": "845e71c1a5062801cc5251bdd4495c4cb2d41a87",
"sha256": "b997a76aa655b6522ff1552903852ba0f2a841bc437a1ac435040942692ad335"
},
{
"classification": "UNKNOWN",
"file_name": "results.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"md5": "2be26715fff522c284757591383563f5",
"sample_size": 408,
"sample_type": "Binary/None",
"sha1": "a5782d3406871597a93ca5db6e553f494a6ceb9f",
"sha256": "40f23832591bccdf371281ca477d0c8565f6936a3dba60f5a1480843cf0ae46c"
},
{
"classification": "UNKNOWN",
"file_name": "versionlist.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
"md5": "d092fa8ca010bb11e39acbd03e662757",
"sample_size": 15888,
"sample_type": "Binary/None",
"sha1": "063790bb844fea1d7df7fe3371dd48368a659201",
"sha256": "2944acc8a14a38b3b296b8c8b60aacf345791cd45ae53b113680cc14e0d0109c"
},
{
"classification": "MALICIOUS",
"file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"md5": "1e6bdf606f79b90d31db13b27ccb90a4",
"sample_size": 23280,
"sample_type": "Binary/None",
"sha1": "28a7c5940a6a9e4847bbc1e15044aad6939c3ca8",
"sha256": "cfc933e6a9a22b13be626c1b89817ae3902010056297fc98b426f620d6186d8d"
},
{
"classification": "UNKNOWN",
"file_name": "dd_vcredistUI1AE4.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "0fdf5855b9f6b532d2fbcf7d484661fb",
"sample_size": 17704,
"sample_type": "Binary/None",
"sha1": "9038a5bcd8cbb6e55608d8a3778aaf6c6b19bf53",
"sha256": "8c1a4f3fe574ad92a8403dd2377e5ad14f7e92e5b02193515a55186ad44d8d1d"
},
{
"classification": "UNKNOWN",
"file_name": "4254396c.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "16369b79366cb7d430fcc726c3453e68",
"sample_size": 7168,
"sample_type": "Binary/None",
"sha1": "d6f775178d4b9bbec785239b736812507aa5756c",
"sha256": "11cdcbad487130180708f1d7eec185abf32c7cf11c6f7682fb8303867ab04ad5"
},
{
"classification": "MALICIOUS",
"file_name": "craw_background.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
"md5": "59615a45baf4b6f17eb8becbb83180b7",
"sample_size": 1125672,
"sample_type": "Binary/None",
"sha1": "ea5320776b1d876fe06fbd613444b265269e9100",
"sha256": "34e01a6383ba30d207db4acd8460cc639c92d8d706db34bfc51d41a268d9366d"
},
{
"classification": "UNKNOWN",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
"md5": "7df0aefb5e3a9891d4d0324bb55160bf",
"sample_size": 600,
"sample_type": "Binary/None",
"sha1": "f192a94ad0f034a845cc70d0a0f9e9e6247d8cbb",
"sha256": "759ec4130d4e540008e6251e045f74045a9740f165550ea030f8dcb91f7c583d"
},
{
"classification": "UNKNOWN",
"file_name": "iecompatdata.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",
"md5": "e4f592dcc034071595e3f158a5eebb26",
"sample_size": 3088,
"sample_type": "Binary/None",
"sha1": "4a633bbbbcee2cfa86529b1579216edf84e4b90b",
"sha256": "849e396249ee666d9c6494c3a6d30eecb1bb5f6ffec21e9f247b7ced6d8ed8c6"
},
{
"classification": "MALICIOUS",
"file_name": "359d2aee[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "31110da299b757c6ec7830fa2c9b0bbb",
"sample_size": 45552,
"sample_type": "Binary/None",
"sha1": "e8044ce1811f2bd09ae762f7d430b07e6763bccb",
"sha256": "92d8aee5cb4ed2c4d656555b950f99da3e0dad58f8ec9b59ec8c8e45c3bb3268"
},
{
"classification": "UNKNOWN",
"file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
"md5": "f2acf779e0e88b1af4e4e0e260352215",
"sample_size": 6912,
"sample_type": "Binary/None",
"sha1": "6325305921a90fbbd03a4c5ec36dd2690b71c066",
"sha256": "a6a87c90f3c3d71fc92ae42aa8e0a698e5844e8dc8a7664f71c725de6149f75e"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "37fc5a635536e0154fd470188398495d",
"sample_size": 1816,
"sample_type": "Binary/None",
"sha1": "4e9032f05c6aa1f644505d52221fb03b5e170cbc",
"sha256": "bd0a110924f0dfafeddf9928cb597341c705de9d16241a009df812794c470cb9"
},
{
"classification": "MALICIOUS",
"file_name": "294af3d2.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "b302731aed58e4c0010e8eeaa9bb0526",
"sample_size": 28424,
"sample_type": "Binary/None",
"sha1": "91a96684fb2e6a595a65ff0c3dacd98e29b745fe",
"sha256": "dcc24bf4ca2d5b5b9b3759231d40acc398ae21b9e57a962d34adf27eac13273e"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "0b7dd69e946bf68b5973a2bae2bbb1ba",
"sample_size": 456,
"sample_type": "Binary/None",
"sha1": "54eb411141ee6e92d3b58356a0529d78b1037871",
"sha256": "2fce72876814d37c34f79ffac69af154a341805c6a9b2bcb7e27762fe17a17bd"
},
{
"classification": "MALICIOUS",
"file_name": "OldConvergedLogin_PCore[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
"md5": "f1c950df414b39a4234487ec4a049117",
"sample_size": 495688,
"sample_type": "Binary/None",
"sha1": "15e55a75ede32d5bcde9134ca91fe328d252afec",
"sha256": "3aceb6bd2c8923d9de905245b911809fbcffffec1057001d999d651f50150de1"
},
{
"classification": "UNKNOWN",
"file_name": "69958a21[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"md5": "4e7f63d8ea0e2874dc8ad0a92200bea6",
"sample_size": 19744,
"sample_type": "Binary/None",
"sha1": "c0c04507730528eb3f24f854cba1158190907515",
"sha256": "e1f9dd09dbb932d1fdf48b7127f0d41617478884b4b2c1535fd56d11b2564d94"
},
{
"classification": "MALICIOUS",
"file_name": "DefaultLayouts.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"md5": "4fdcf5ab2ab77b52ef1d78429f0b9680",
"sample_size": 117984,
"sample_type": "Binary/None",
"sha1": "21e58b701c576c50dc23b1ac32cc397b17a071e3",
"sha256": "74740695bfe7f01229b9cf0974c8befc0d57d4fb7b48c0dcadd895a95c4b670e"
},
{
"classification": "UNKNOWN",
"file_name": "b8aa184e[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"md5": "4812e4a1a8fb84956fd58127ed8656eb",
"sample_size": 8088,
"sample_type": "Binary/None",
"sha1": "b248228ff726952e4ed1dcb878a6b9ff9db2df87",
"sha256": "81a33ec80de85d61b11fe8bfdc6bfe8d0a8a4ac5e2397b77aca89f23b02be63c"
},
{
"classification": "UNKNOWN",
"file_name": "AudioDiagnostic.debugreport.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"md5": "a3118a7583c761552f8a572c9beb4020",
"sample_size": 1928,
"sample_type": "Binary/None",
"sha1": "e6bc3034f7ccc9d7945aa54cc2db8a8921b5b5fc",
"sha256": "8ae64eff7b15b210bf84e00dca58ae97d7ee89b989112d944fcfff9aa09a0c1d"
},
{
"classification": "MALICIOUS",
"file_name": "2743db28[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"md5": "677adc6c52f023021e74ca4668fa07dd",
"sample_size": 60608,
"sample_type": "Binary/None",
"sha1": "4f9fb27b3c52b87e94365f5080d951890784fa0d",
"sha256": "594047be386159fb08e3f5e14694b1fc43aaffddb87da7009f7bf459bf0a6327"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "77bd7d79a8085eb77940a02509ee42c2",
"sample_size": 640,
"sample_type": "Binary/None",
"sha1": "621608c0b7837ef66088cf257dabe63b5c7eb1dc",
"sha256": "a810391f3eda00f4c046dbc7935583c81058488a83b8b7f7d0a0141f2ef5dded"
},
{
"classification": "MALICIOUS",
"file_name": "69958a21[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"md5": "d650c03d787d50179ce996c40fbe51b6",
"sample_size": 19744,
"sample_type": "Binary/None",
"sha1": "3eaf0b29378ec1a3955524a179c5716189a5b684",
"sha256": "530b9bad325f95bd9fef6bbdd84f1d57ac7c3630c1d99c4a32cc7ca1c3f51d75"
},
{
"classification": "MALICIOUS",
"file_name": "dbef2181[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "4def1df093b64417f134feb8ed537632",
"sample_size": 202280,
"sample_type": "MZ/DOS",
"sha1": "22578a8f9dcbe963f9e917be803600157e63316d",
"sha256": "48d80ed7eab7ce55cc26b6656e85d2bf42df26c57436c37d451dfbb58edd91f5"
},
{
"classification": "UNKNOWN",
"file_name": "settings-tipset[2].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"md5": "5c7b93e262e1148a1610a460248282ac",
"sample_size": 13088,
"sample_type": "Binary/None",
"sha1": "6aa768dd4287cdc2acd709c84ac2358670867531",
"sha256": "ae7474ec4d1d223883075d9ba1ae5b61410a636607a20ac1a67e8a4835a68594"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "9c3769d42552d74cd9563e4397df953f",
"sample_size": 568,
"sample_type": "Binary/None",
"sha1": "79144194348d946c474a2a41bf0443d2271bd1b0",
"sha256": "c04607bf7a99b076554c90dbbd31211d917f917b07aa502602dc11dc304be426"
},
{
"classification": "UNKNOWN",
"file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
"md5": "042f3f7051400be6225403c38d5ca761",
"sample_size": 6912,
"sample_type": "Binary/None",
"sha1": "9eace6a447c9ccb26e04b6d891fe38b6ab65baa2",
"sha256": "44c145e6e295db5de7e8f32075efdf855cb6efb0eca6d846647ce81abea62dd0"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "a10124346cd37ab580fff5885cef7f64",
"sample_size": 1760,
"sample_type": "Binary/None",
"sha1": "19ccb040e728e8088d2a9f151efe2debc4266fc8",
"sha256": "c7e9e31f02efe55cc86a1ee337451fbac66ea9523083cecad9f86159fcaf4ae8"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "498426e565663659c128d8c54e567ad0",
"sample_size": 1032,
"sample_type": "Binary/None",
"sha1": "a0d8945bc01b472c2a30f99d6895b99c6b53bd56",
"sha256": "e7c1806d95847e9a7a6431919174a6d0e459b8254897eaece0f4ed806ceca2d7"
},
{
"classification": "MALICIOUS",
"file_name": "craw_window.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"md5": "7ea1fe84f8e7e1031eb4c5a0226ec129",
"sample_size": 261360,
"sample_type": "MZ/DOS",
"sha1": "15ee2e40ece2a798b1546d7ab1d8d663d7433cde",
"sha256": "ae808cfd2b4b72211081d61c51f7357ae48100c736245b4c6997f415c679576c"
},
{
"classification": "UNKNOWN",
"file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "7ef45d1855f09d9384592a98d9497d36",
"sample_size": 6872,
"sample_type": "Binary/None",
"sha1": "9cf7f8283d53fea7d6194bd7d419cc45cfe882ef",
"sha256": "7691ddc4b20872cc4fe578a3d2bd2bde762e25d28e31a113f8fdab300f7865ad"
},
{
"classification": "UNKNOWN",
"file_name": "favicon[2].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
"md5": "929e48893dc76ab164266341a0869742",
"sample_size": 40,
"sample_type": "Binary/None",
"sha1": "e4a741ad48ac4f02af884afcebd3337775adc003",
"sha256": "fc4628e372e5a9fcbcc6cde7ea5a93490defaacbed27b920fb3cfc1d3f15b413"
},
{
"classification": "UNKNOWN",
"file_name": "510dd5a4.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "f4c019ff11de2e2ecb6d2d7b61791295",
"sample_size": 4824,
"sample_type": "Binary/None",
"sha1": "e05386026212cb23df3048c5ca0f84b215f15eeb",
"sha256": "2b8d29e1b059318cae19e4673dc96740766aed3e527054d8f745c5a8a7b1345b"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "ba40cf8c5ea609d6922bdb1a2acaf162",
"sample_size": 888,
"sample_type": "Binary/None",
"sha1": "a8927145e363b241c40ea6a56923edf4d5afc0be",
"sha256": "7680aa3c3d5fc4844a42360608c1bfc1c3f308ce2b05056df863ab1d43ce4d34"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "fc1bc750e18d84dc0a7768e8c5e460f8",
"sample_size": 456,
"sample_type": "Binary/None",
"sha1": "c142ee490d65e9e5cbb3528011ebdeda4ddb6a99",
"sha256": "39f3d2243aa846422aba64d09d2cd892cd71640a683b416275138db9d249506f"
},
{
"classification": "MALICIOUS",
"file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"md5": "252bb7de542545dfb4cce9c798f26708",
"sample_size": 216,
"sample_type": "Binary/None",
"sha1": "18a852ac71eb44fae7f0cbc5df0c921f83c88eb7",
"sha256": "5143c004a913bc2ee5a5a47c7a9c2602c1591e61d6d2ad79149c1b96418d96c6"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "fdbe2f8e6bb0bc6f13e9ba7de127b938",
"sample_size": 840,
"sample_type": "Binary/None",
"sha1": "7f640b86ecb8b90ad8ccba86279709b10fadbd02",
"sha256": "fa1a99b5adadf817366970a495796083f891c8c75b68a91d2ade31471420473c"
},
{
"classification": "UNKNOWN",
"file_name": "11ee0799[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "11d24636f4f8690e8a4b21b8dc8b9263",
"sample_size": 6736,
"sample_type": "Binary/None",
"sha1": "2165c2bce110c048cd023d3ee5dbf7f2e2472015",
"sha256": "977165d2068a5e16ce2786a0df02926c2066afa78d82d020757c029a9942e408"
},
{
"classification": "MALICIOUS",
"file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"md5": "31aac22eff6e46771d211a5d49223d86",
"sample_size": 480,
"sample_type": "Binary/None",
"sha1": "b0c50ab7d36cd113fd6778e31a6caf66a341914f",
"sha256": "a44c985a385a38870430bb3a1acefa4c88fc0a0e347af70d2c44c0ebf793a9b7"
},
{
"classification": "UNKNOWN",
"file_name": "045d3532[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "80b95150365d9945113ae84132ca4656",
"sample_size": 6624,
"sample_type": "Binary/None",
"sha1": "cbbe8513449c0e6c99c83b5c48f7aa094cd4533b",
"sha256": "234180167dd909b27f14590c5b886395fbd94043123968350d2ecd18965e7e56"
},
{
"classification": "UNKNOWN",
"file_name": "ResultReport.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
"md5": "8ca04f866369ff8e654adba9a883bfaa",
"sample_size": 13240,
"sample_type": "Binary/None",
"sha1": "8ea767bdcbde3f642507d5b095b738f2000ec6f2",
"sha256": "320411c627b6769592dd16c3c5f50743a3e1d83de7b6d749678200ff8431f206"
},
{
"classification": "MALICIOUS",
"file_name": "8636b4dd[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "93146a2a52df6698a2a2affb6a68cce1",
"sample_size": 94864,
"sample_type": "Binary/None",
"sha1": "25a945fc24b40bdeecfb7b3637c604b755bf46f2",
"sha256": "c27953331b91537c59b3ac27df83b7725fe7cf0a80d427a34b9aec4e977bc840"
},
{
"classification": "MALICIOUS",
"file_name": "2743db28[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "06502812d1f19fbd8e89cb26df9cd202",
"sample_size": 60608,
"sample_type": "Binary/None",
"sha1": "60eb7b5e82a6ea51e7a093f6d688c70a1222bce1",
"sha256": "8d2e250d12981c3fdcec9588b811bbdd5975b75a9129f97eb7c0ba951c38929a"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "e8706bfdcb263e00a8e0e39a5c30138a",
"sample_size": 856,
"sample_type": "Binary/None",
"sha1": "e91983447c0b061c85155918a8bbbbc4b8987ee0",
"sha256": "acb3935d288b844ee7c369c33cdca40aa1f4fcdc5ea6e3515bb3bb7806d1b8b6"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "57dd04e6549c40d01e720bdabc1043f0",
"sample_size": 840,
"sample_type": "Binary/None",
"sha1": "3772e998860eaddd2d7deef800fabeb9e7c2fd05",
"sha256": "ddb99874f5f70307fcc29de98d91d7fd5007ae0ed236175ecf80a052c00dcc6a"
},
{
"classification": "MALICIOUS",
"file_name": "10379681[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "e07cf30bc6dcf8b3ca40b118ca1dfb13",
"sample_size": 186360,
"sample_type": "Binary/None",
"sha1": "452f6fd4b74073d44a21137f4bb8bef9647af4eb",
"sha256": "cda8f3e1341c03ed4b722b07352f338d5f1413a28880377e3f20d6d44e0a338f"
},
{
"classification": "UNKNOWN",
"file_name": "page_embed_script.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"md5": "a7436bf8f31a3eee05f1e31a7f91de97",
"sample_size": 272,
"sample_type": "Binary/None",
"sha1": "ed603dd763a7a54781635ac09c3442c64720df6d",
"sha256": "33f4d0b61f9e3e9db9a9b66af44bd6294bc9fcd09d2ba1cbaa38d0f9b2768f4d"
},
{
"classification": "UNKNOWN",
"file_name": "update100[1].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"md5": "055979ca19e35a07ff5368ed745a4b34",
"sample_size": 440,
"sample_type": "Binary/None",
"sha1": "90dcbf789fce28217831968fd6e660d33aa0a3b8",
"sha256": "bf0c22c59b3cde7b98b981a156d409ecde6a1ee16f2fb1b5c6072816155198b5"
},
{
"classification": "UNKNOWN",
"file_name": "b11b460a.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "4edb7f04e98a708a840903a468578e72",
"sample_size": 6696,
"sample_type": "Binary/None",
"sha1": "616ef5737391057802f647d711be1032e50dda86",
"sha256": "962078dc3a9344f67d20094030d41097e6fa6769fc16308c5a3d21e07fafb612"
},
{
"classification": "UNKNOWN",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
"md5": "3a65714dbdc3bf377717b92670488c04",
"sample_size": 4400,
"sample_type": "Binary/None",
"sha1": "557bcd5e61b743fe6364c37d0ec1e984baaa0005",
"sha256": "62da8741a0412f792d166c932818d8819c567c8655ac4cd6a4ee1bf757862719"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "7465b00a991482c48ab94a7d9b1a7f12",
"sample_size": 1032,
"sample_type": "Binary/None",
"sha1": "866d84683251060f63132a8b6f17c1b8963342b6",
"sha256": "d79e4ee7b51d36f426da2812764def96374d2a100e9e854001e4a5cb6e0621f9"
},
{
"classification": "MALICIOUS",
"file_name": "dd_vcredistUI7869.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "1b8e0116f32bfdb2677d3a4a706c42e1",
"sample_size": 48760,
"sample_type": "Binary/None",
"sha1": "1c12f99eb64bbaa35a7a7077d1e6f3416af1a6c7",
"sha256": "e4eea66b1a39ae947bcdbdf2ee70511f0c4c928939f6bea368b8b5bae6fb4857"
},
{
"classification": "UNKNOWN",
"file_name": "main.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"md5": "a17307f63fa8051f2410c364483a005c",
"sample_size": 136,
"sample_type": "Binary/None",
"sha1": "3ae5d8d7ebbd15d106e922cc24e24ceffb633bdc",
"sha256": "633d899390a88d215a707f9ac8d2f420bbbee9b42509085a67d2df2ca639521b"
},
{
"classification": "UNKNOWN",
"file_name": "favicon[1].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"md5": "151b9771e5c54de479ef601172d1cb8a",
"sample_size": 40,
"sample_type": "Binary/None",
"sha1": "f5ef9b6332f22e06cc92a66a3fe0556d852ecde3",
"sha256": "95ea22b51823ba7a0782b2d1621e52bc61ec59cd77c8520e7048f90021805fec"
},
{
"classification": "UNKNOWN",
"file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"md5": "47ee05edcd2985f2f9b37b46995e91f8",
"sample_size": 16832,
"sample_type": "Binary/None",
"sha1": "9c950970bbe53af6a2e4105509bf63f929004967",
"sha256": "54f1d70272f65be6f30475d09d0296118ac7535304b64be0fb8e56a8379d2262"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "a4cdfded9999609b13f567b9abdca09e",
"sample_size": 1432,
"sample_type": "Binary/None",
"sha1": "d39f80120e4b89d1ec8473b5c7c3691621f4c052",
"sha256": "5f88cd5e9a2da00c86dac5fe1e521f4d414b57141d512eaf158210d2b35a52d7"
},
{
"classification": "MALICIOUS",
"file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "12bc084aa65cea691856687bd24be209",
"sample_size": 267704,
"sample_type": "Binary/None",
"sha1": "82fdd277a9c934b54fb7ecd15d0690de230f1f21",
"sha256": "671e294fee1958b2e4a3488b7b23b48444b1a412d5b658612c107cd5d45ce44a"
},
{
"classification": "UNKNOWN",
"file_name": "brndlog.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"md5": "2dce03d6f12b9aa2ceced062fe2a4f4c",
"sample_size": 6616,
"sample_type": "Binary/None",
"sha1": "7e4878709b7399709794b5c1599be4b0b6b2aa58",
"sha256": "4ee13fc40d486d58ba4c1a822d7ca7ab7d9c8e71acce2545df3bba027f9d1e77"
},
{
"classification": "MALICIOUS",
"file_name": "dd_vcredistMSI1AE4.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "420cdaa2ff2acab7627fdc0301f16539",
"sample_size": 575880,
"sample_type": "Binary/None",
"sha1": "5ab1fe1328bf46a87082f9cf53376d203dc7cf82",
"sha256": "33294bd0818565341fafd9597df9798ce4ffbaab53ba8c8fa8c9a2037ab3a3da"
},
{
"classification": "UNKNOWN",
"file_name": "e3f307cb[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "4a8d7af27b5ba442db67c064f43038fb",
"sample_size": 18792,
"sample_type": "Binary/None",
"sha1": "ae857cd9c3fc36d3e5e33f39c8704e083cddc61b",
"sha256": "9d7a91015126bffc9539927c9d6db88cb10c1f39f95b2fa32b56ed3079c175b6"
},
{
"classification": "MALICIOUS",
"file_name": "a0d3923c[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "e0718a483e7d768283b0e0ac3640ceca",
"sample_size": 50056,
"sample_type": "Binary/None",
"sha1": "315dffff6bcbcf45afdd69db8fbfc7d9cb5699d7",
"sha256": "c9b3c9a43d035e4df20434b961be4e7145d707b4e74ab50ecad7dee2f51e5570"
},
{
"classification": "UNKNOWN",
"file_name": "48a99eae[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "12f9a9e22d69c62af264f3334cf3388d",
"sample_size": 15936,
"sample_type": "Binary/None",
"sha1": "3a706bd69071705a75b8cfe181338c0631754753",
"sha256": "e4ee33d6bf0e3c9f11e3c7f6c3d9e583a4c8a97197e22333360329d179ae9c5c"
},
{
"classification": "MALICIOUS",
"file_name": "53c747e0[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "80b14bb0b0f538dbd63f16d7d7a1e84a",
"sample_size": 121792,
"sample_type": "Binary/None",
"sha1": "b8c134781f78505e3cd9b6fe28102931454ff373",
"sha256": "919a3c467dace737d06216bfa6bd204ab3a579bf718b2715465957a041bddb63"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "042765ea2c848946cd6cf46805cf1910",
"sample_size": 888,
"sample_type": "Binary/None",
"sha1": "ccd2737dbd16a4b3b8169e603494573fff504615",
"sha256": "b8f6c6edc87ed84caaf7650de7ef8e48ce64be8b967821399f1c0df7151cdce0"
},
{
"classification": "UNKNOWN",
"file_name": "3a8048a4[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"md5": "7f580de257940186f6f546e58130b4da",
"sample_size": 6688,
"sample_type": "Binary/None",
"sha1": "079c8d881d119c48663fc40ec070318bdc4e91cb",
"sha256": "72bd6c36682e755ae05b71e1c0b728b0d402bdf177c0ba51fa797569106c7c60"
},
{
"classification": "UNKNOWN",
"file_name": "b8aa184e[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"md5": "fc99216ba55779d2f15cdd70889ecdb7",
"sample_size": 8088,
"sample_type": "Binary/None",
"sha1": "dab18bca7b7a0165ae3365257df5b04e65262236",
"sha256": "fe82e9550513e5b56f5d14df5b006e562fb93e82741864935c026d5ac7975b59"
},
{
"classification": "MALICIOUS",
"file_name": "5e0abf48[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "383cfd704983453395837c3260c47519",
"sample_size": 217520,
"sample_type": "Binary/None",
"sha1": "da1aa3240abebbee4867cb0847dd2effea029915",
"sha256": "0c88e173940e9d5fa0f6f4415b1e923bc3b64b6d2d99278546f4f200f54fe5aa"
},
{
"classification": "UNKNOWN",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
"md5": "91003e8dd47506884950c059dfe83305",
"sample_size": 5024,
"sample_type": "Binary/None",
"sha1": "10c5656ac1811c9f9799c3e048f9a5062436cca6",
"sha256": "7fde761cac5e8b747c2199fdc841b815a32de5721f642e113b5dd86b0fe4723f"
},
{
"classification": "MALICIOUS",
"file_name": "3417f6c5[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "23be67f65b755c61fbe4c4e42f608452",
"sample_size": 32048,
"sample_type": "Binary/None",
"sha1": "aa1f4f0156c2b7d19697c2c6f16bfab6dbd99948",
"sha256": "182c2f4432ecfb03b4e8e7c1f9e5fc3ddc4705771bfe38679187f93fb6720fe7"
},
{
"classification": "UNKNOWN",
"file_name": "da083887.jpg.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "0b72c7eb4b0328a4a14eb51f7f85aa11",
"sample_size": 3976,
"sample_type": "Binary/None",
"sha1": "96ad8b669212b2a7bef3b49ac1892f0490266642",
"sha256": "a723221ae2d3eace81b4f532dfcc7ae5a52c413cf6a82c570b64154459867f1a"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "b040472bfcdb96c5973f17c9023cdaa7",
"sample_size": 696,
"sample_type": "Binary/None",
"sha1": "4a3b9942545ba7c435b94714b68a3ed9d83891d6",
"sha256": "09cf28d3fe3c4d3205f57cb2734f2ae3a43428f61875214c0ae671e6110208fb"
},
{
"classification": "UNKNOWN",
"file_name": "b8275b23[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"md5": "493f912aca198b3228cb876eaef0b87a",
"sample_size": 1712,
"sample_type": "Binary/None",
"sha1": "d1d46bb41c8f30b9be2d0c0c634f374388c6a65b",
"sha256": "95e8834f479dff5f649296ee7e0e11ceef277fc9c94f2cc182ef0dbc14d4acde"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "c89b784ffd40a5407045b81e54d8b6de",
"sample_size": 1760,
"sample_type": "Binary/None",
"sha1": "fa48f21feb7586a360d049032e17b7b050203524",
"sha256": "3b0c4f178608e04b332a30bd401f2af380bb3bf681b8a47628fd16b8b73207e4"
},
{
"classification": "MALICIOUS",
"file_name": "IECompatData.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
"md5": "22268c9882f7870ebad2d81bcb969c24",
"sample_size": 65232,
"sample_type": "Binary/None",
"sha1": "9b4c7c64d3bddf13ffd9be53d146e06797848680",
"sha256": "a955326dfd0a10aacd446e0ac565536adcba79f81063f1b2eeffa6b112c7a8e1"
},
{
"classification": "UNKNOWN",
"file_name": "424a9e57[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "44bdb068c76b48be9b626fc8d53da937",
"sample_size": 1352,
"sample_type": "Binary/None",
"sha1": "950f55eff463bfdb2da622bdaa960fe507485056",
"sha256": "3a66f1f7f0c1385eaa499ca5b52287ba3ea87dda6ed61a4c39d131c694eabe26"
},
{
"classification": "MALICIOUS",
"file_name": "Converged_v21033[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
"md5": "c2fd0baa69cd8930cf3d0b508b73aeee",
"sample_size": 102048,
"sample_type": "Binary/None",
"sha1": "a037ea2f2863810aa232554518e7d223fe18adf8",
"sha256": "975be5b63f6876ca7d9489f58829d1e57c176e2b667d82ac20181e5f96e4d8a3"
},
{
"classification": "MALICIOUS",
"file_name": "SettingsCache.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
"md5": "74abce8048d0c92fb14b89ce0e236fd2",
"sample_size": 413096,
"sample_type": "Binary/None",
"sha1": "5ce40e038bfc7d963f00dce2401c3cb61999e64d",
"sha256": "2b84282fb5545fbdad7f6d875941dc2ef34fd9bc0d1d4992c8b0fc99c0e318a6"
},
{
"classification": "MALICIOUS",
"file_name": "eventpage_bin_prod.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
"md5": "313c37344f68927144dbce6909c9d666",
"sample_size": 63696,
"sample_type": "Binary/None",
"sha1": "630f25a0a9322df5fc5e472ee6deca68a923317a",
"sha256": "7d69397aca155491f922be30b0e4b45beecc6e702fc2166f53ab167d99f7114f"
},
{
"classification": "UNKNOWN",
"file_name": "chrome_shutdown_ms.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"md5": "df6fe268cad8f4939c32b06a0abe7f19",
"sample_size": 48,
"sample_type": "Binary/None",
"sha1": "9c36e34d37d519632dda3471cc95672155d88bc4",
"sha256": "db52e07dd8418f4416368c29dbf702d96787187dcc73936720b79f6c5a614918"
},
{
"classification": "UNKNOWN",
"file_name": "icon_16.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"md5": "1aec73c6d3ab5d31021b71fa49175742",
"sample_size": 200,
"sample_type": "Binary/None",
"sha1": "9c4dfd46c967b4d078096006ea7e3fcd1c6656a9",
"sha256": "06b7b84792faf07102d9301dac706b819229019cf4a404aab342ec6554ca7ab3"
},
{
"classification": "UNKNOWN",
"file_name": "main.js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"md5": "15a12b338ab8e37a70179ac0196005d6",
"sample_size": 128,
"sample_type": "Binary/None",
"sha1": "dd1ccc68a494c4efcfad248f602e595f0a62fd17",
"sha256": "e6ee456a7ecf12f8aad5371b510a52a6b00461f38f85bb99b25c92ae460d6152"
},
{
"classification": "UNKNOWN",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
"md5": "72b565d8e27c7f6e8f824edf4c2741b7",
"sample_size": 3256,
"sample_type": "Binary/None",
"sha1": "e8e5ad08fb7ff37f002f7f8da31dec14fd01c2f1",
"sha256": "41658e881219b8c18169a9519140dafaca62356a4c6aca5f5855abbadefb48ef"
},
{
"classification": "MALICIOUS",
"file_name": "known_providers_download_v1[1].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"md5": "3ad3468603637756e1ac2c6d534e52ed",
"sample_size": 90560,
"sample_type": "Binary/None",
"sha1": "e20cc6b3d65b5162274b74511b394d80bef4293c",
"sha256": "250e9ff13f1ffb7881393e1a9f2cd154e8b5291e6b1840f25e0f5f8c77a45461"
},
{
"classification": "UNKNOWN",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
"md5": "88cc0dec6b76bb2789778c36adc80fdf",
"sample_size": 6200,
"sample_type": "Binary/None",
"sha1": "83c83400a498e4eba5b2da21ec3b3508f3314410",
"sha256": "71569d1bdefecf24258f2ee116087530bb25222ded656de089bb517d7905c8b1"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "6e09d57e9030879e4aaa34910b36e340",
"sample_size": 704,
"sample_type": "Binary/None",
"sha1": "acbfaa3f2edca3de19b3dffd8e17ffc9c362193d",
"sha256": "23a76eaeb542e6e67693dbda0755d6d922b3f3ca7980b99c8f872de4f1997a8f"
},
{
"classification": "UNKNOWN",
"file_name": "favicon[3].png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
"md5": "d7bd02610fcc71c45f5e2ee00df76abb",
"sample_size": 40,
"sample_type": "Binary/None",
"sha1": "a12eb2e41914203b301fdf6d52b9b39ac30cbc74",
"sha256": "40ed7f02069b3d3870fe1278a38bc7a906885e8723add3edecec0e48f754cdac"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "6aae4a11bed8b5e51294257edbbd5a60",
"sample_size": 456,
"sample_type": "Binary/None",
"sha1": "64d5df6ff114e7341b5249b732ce50b75b5edf68",
"sha256": "8c68ef438206dfdddfd1b46bfc240bd7db14dc3ce9e35f26fa1976ef8408dce7"
},
{
"classification": "MALICIOUS",
"file_name": "69958a21[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"md5": "58a393fcb834452becebb25bf8f590e4",
"sample_size": 19744,
"sample_type": "Binary/None",
"sha1": "f505c74651244ee53c924bd0ee3679c85f30ec08",
"sha256": "8fdc3d08d1439d1e5f645a55f02fb04cf8316b4a2896fc660699e89f4584c4fe"
},
{
"classification": "MALICIOUS",
"file_name": "fd45bf1d[1].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "73f05774175a20c682c97aca14781fa5",
"sample_size": 20440,
"sample_type": "Binary/None",
"sha1": "3fbc2a901967b5b318cb2cf89fa8c0542972a4a5",
"sha256": "e32e6d608013aa31de3e787364ab62f572ca521d9568f4ecec913b5070f35983"
},
{
"classification": "UNKNOWN",
"file_name": "icon_128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
"md5": "93ac1853398516b8d864f29923f86db5",
"sample_size": 3416,
"sample_type": "Binary/None",
"sha1": "69e335e3d341d0f493dacf24523e58259543ee0d",
"sha256": "820609c73845d598617cbdb51c90d25a10b700c38eabdedf658b33680991d5f2"
},
{
"classification": "UNKNOWN",
"file_name": "a2f17337[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"md5": "852e6a5320cc53474a9c258f5a88f741",
"sample_size": 368,
"sample_type": "Binary/None",
"sha1": "0568c07b33ac6e7afccaf2574baf6963cc64e016",
"sha256": "d4572e3b98cec4a63eee74404f747dddcffd11a1742b73435b1d98d9156764a7"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "78264d49a16bd764070085d3c8ed7c55",
"sample_size": 912,
"sample_type": "Binary/None",
"sha1": "6120b002921d7bee8a3c6e4fb9f2f1afe6f2bd75",
"sha256": "097af61fcba9ea3a2faca29787af80f2cfd428f11d0449774635b2d0641429e2"
},
{
"classification": "MALICIOUS",
"file_name": "2743db28[2].css.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
"md5": "8444dc6cc0ed42c4f1c36c4258b50096",
"sample_size": 60608,
"sample_type": "Binary/None",
"sha1": "9cdfd384657bdbdc6558e11435175d6c224cbadf",
"sha256": "daca8e23a066ab3acfbffaf9843e5ce9ab84e81578b0c77c6869cbf1c34efba3"
},
{
"classification": "MALICIOUS",
"file_name": "03cedd2d[1].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
"md5": "7ea0bd08d8c028cc6cbb3df59d49dc86",
"sample_size": 41792,
"sample_type": "Binary/None",
"sha1": "796b3157b699d144715b3cf2f9b98c329720e1c6",
"sha256": "5b82f902396ae6c2466178f0308a4d0d3c0e895aa2e8637f2bb197f1b34f7904"
},
{
"classification": "MALICIOUS",
"file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
"md5": "3df1fafd008f58bd7cbce8c5ab84eb81",
"sample_size": 50328,
"sample_type": "Binary/None",
"sha1": "0163ac925a57abd5f687816498c6ca7fd319f1f7",
"sha256": "a1ec1ab23fa76fc0e047c066aae7747b2f9236e0efc18488a1baa18fde5c89a5"
},
{
"classification": "UNKNOWN",
"file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
"md5": "06986325a06d0b2a0c6c6786b0c3caf5",
"sample_size": 384,
"sample_type": "Binary/None",
"sha1": "80a78acb248504ceec7b7b91019b6dd75215e195",
"sha256": "356b96b572afbe40e91842210cf61717309208a9e168fac82a35e5849b7717ad"
},
{
"classification": "UNKNOWN",
"file_name": "b8275b23[2].js.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
"md5": "e32144c93f15d3cf960bbb70e53f2505",
"sample_size": 1712,
"sample_type": "Binary/None",
"sha1": "fb52d3516f5f27e6284e2669c88ba6a67070cc66",
"sha256": "0195455b13996e7b4e3fef659c6568f96157cd84a4b5cbfd4bab72d2f69e5b46"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "0111627d1aab907332da307cb4ac5ceb",
"sample_size": 632,
"sample_type": "Binary/None",
"sha1": "b57814bee6620538c64a6d80c74397883c1863a6",
"sha256": "16a4112aa612f8d72eb52c0795625404e3ebbefb6bd9dcf8248d0e296aba909c"
},
{
"classification": "UNKNOWN",
"file_name": "248aaea9.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
"md5": "76a333bdafc772b8da3cb292ff4103a1",
"sample_size": 9656,
"sample_type": "Binary/None",
"sha1": "bf1900d599c530742f0156ab21b7cc9d0fb492c0",
"sha256": "7fac5b99b80d77f55f936474fdb8e8ed63f1d3cc2ba04695893a6ead430f993e"
},
{
"classification": "UNKNOWN",
"file_name": "OneDriveMedTile.scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "1b90920f77e45538be049469419c1e1f",
"sample_size": 696,
"sample_type": "Binary/None",
"sha1": "74aad3ae8f55db81a493111561f308afa18e60b0",
"sha256": "c5bbde7ef7748193d6bdd93f9cb6e86a55a10b9ca2c48c4c61376e6d5ca9df03"
},
{
"classification": "UNKNOWN",
"file_name": "128.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
"md5": "913510d99a80b9d2103dc5ed77de9572",
"sample_size": 3952,
"sample_type": "Binary/None",
"sha1": "9cad1d7e6bccb750654e3cf1f380107069819cfd",
"sha256": "0d5832acad5a8b492e13167bf128826173624184a95053b8bdfd8735a3f743c4"
}
],
"md5": "d5720ea13de22edcbe76d20c7908c0bf",
"memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150641Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=ee5ea869e113ae10e0527e84622c7a2ec1c218ea425cdfa502b73231191550df",
"mitre_attack": {
"matrix_list": [
{
"name": "Enterprise",
"tactics": {
"tactic_list": [
{
"id": "TA0005",
"name": "Defense Evasion",
"techniques": {
"technique_list": [
{
"id": "T1055",
"name": "Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information"
},
{
"id": "T1036",
"name": "Masquerading"
},
{
"id": "T1027.002",
"name": "Software Packing"
}
]
}
},
{
"id": "TA0007",
"name": "Discovery",
"techniques": {
"technique_list": [
{
"id": "T1083",
"name": "File and Directory Discovery"
},
{
"id": "T1082",
"name": "System Information Discovery"
},
{
"id": "T1124",
"name": "System Time Discovery"
},
{
"id": "T1518.001",
"name": "Security Software Discovery"
}
]
}
},
{
"id": "TA0002",
"name": "Execution",
"techniques": {
"technique_list": []
}
},
{
"id": "TA0011",
"name": "Command and Control",
"techniques": {
"technique_list": [
{
"id": "T1573",
"name": "Encrypted Channel"
}
]
}
},
{
"id": "TA0010",
"name": "Exfiltration",
"techniques": {
"technique_list": []
}
},
{
"id": "TA0004",
"name": "Privilege Escalation",
"techniques": {
"technique_list": [
{
"id": "T1547.001",
"name": "Registry Run Keys / Startup Folder"
}
]
}
},
{
"id": "TA0003",
"name": "Persistence",
"techniques": {
"technique_list": [
{
"id": "T1176",
"name": "Browser Extensions"
}
]
}
},
{
"id": "TA0009",
"name": "Collection",
"techniques": {
"technique_list": [
{
"id": "T1185",
"name": "Man in the Browser"
},
{
"id": "T1560",
"name": "Archive Collected Data"
},
{
"id": "T1056",
"name": "Input Capture"
},
{
"id": "T1005",
"name": "Data from Local System"
}
]
}
},
{
"id": "TA0040",
"name": "Impact",
"techniques": {
"technique_list": []
}
},
{
"id": "TA0006",
"name": "Credential Access",
"techniques": {
"technique_list": [
{
"id": "T1003",
"name": "OS Credential Dumping"
}
]
}
}
]
}
}
]
},
"network": {
"url": [
{
"source": "memory",
"url": "http://127.0.0.1:90500123456789ABCDEF"
},
{
"source": "memory",
"url": "http://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip"
},
{
"source": "memory",
"url": "http://search.live.com/results.aspx?q="
},
{
"source": "memory",
"url": "http://gcc.gnu.org/bugs.html):"
},
{
"source": "memory",
"url": "http://curl.haxx.se/docs/http-cookies.html"
}
]
},
"optional_parameters": "internet_simulation=false",
"pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150640Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=2d949896392b6a7e6100b7e4528496dde102a782cae48e33434188ea087bf217",
"platform": "windows10",
"process_tree": [
{
"name": "rl_file.exe",
"parameters": "C:\\Users\\user\\Desktop\\rl_file.exe",
"parent_process_id": 3812,
"process_id": 3080
},
{
"name": "rl_file.exe",
"parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" ",
"parent_process_id": 3080,
"process_id": 3668
},
{
"name": "Tox.exe",
"parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" ",
"parent_process_id": 3812,
"process_id": 1568
}
],
"risk_score": 96,
"screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150641Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d815f79993cb3bd0939551ce8b200ef8b1ddd636564b999c9ded4c481f9c3b79",
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19",
"signatures": [
{
"description": "Reads ini files",
"risk_factor": 5,
"sig_id": 1257
},
{
"description": "Creates a start menu entry (Start Menu\\\\Programs\\\\Startup)",
"risk_factor": 7,
"sig_id": 1376
},
{
"description": "Disables application error messages (SetErrorMode)",
"risk_factor": 5,
"sig_id": 1397
},
{
"description": "Contains functionality to enumerate / list files inside a directory",
"risk_factor": 5,
"sig_id": 1088
},
{
"description": "Found inlined nop instructions (likely shell or obfuscated code)",
"risk_factor": 7,
"sig_id": 1537
},
{
"description": "Creates temporary files",
"risk_factor": 5,
"sig_id": 1276
},
{
"description": "Tries to harvest and steal browser information (history, passwords, etc)",
"risk_factor": 8,
"sig_id": 1272
},
{
"description": "Sample reads its own file content",
"risk_factor": 5,
"sig_id": 1571
},
{
"description": "URLs found in memory or binary data",
"risk_factor": 5,
"sig_id": 357
},
{
"description": "Uses an in-process (OLE) Automation server",
"risk_factor": 5,
"sig_id": 1458
},
{
"description": "Sample is packed with UPX",
"risk_factor": 5,
"sig_id": 1366
},
{
"description": "Creates a DirectInput object (often for capturing keystrokes)",
"risk_factor": 7,
"sig_id": 1339
},
{
"description": "Stores files to the Windows startup directory",
"risk_factor": 7,
"sig_id": 1352
},
{
"description": "Creates a process in suspended mode (likely to inject code)",
"risk_factor": 7,
"sig_id": 1790
},
{
"description": "Spawns processes",
"risk_factor": 5,
"sig_id": 1271
},
{
"description": "Creates mutexes",
"risk_factor": 5,
"sig_id": 1150
},
{
"description": "Detected crypto function",
"risk_factor": 7,
"sig_id": 1826
},
{
"description": "Sample is known by Antivirus (Virustotal or Metascan)",
"risk_factor": 5,
"sig_id": 1532
},
{
"description": "Contains functionality to register its own exception handler",
"risk_factor": 5,
"sig_id": 1094
},
{
"description": "Classification label",
"risk_factor": 5,
"sig_id": 420
},
{
"description": "Uses 32bit PE files",
"risk_factor": 7,
"sig_id": 621
},
{
"description": "Contains functionality to query local / system time",
"risk_factor": 5,
"sig_id": 1103
},
{
"description": "Multi AV Scanner detection for dropped file",
"risk_factor": 10,
"sig_id": 1524
},
{
"description": "Drops PE files",
"risk_factor": 7,
"sig_id": 1167
},
{
"description": "Multi AV Scanner detection for submitted file",
"risk_factor": 10,
"sig_id": 362
},
{
"description": "Contains functionality to query CPU information (cpuid)",
"risk_factor": 7,
"sig_id": 1326
},
{
"description": "Drops PE files to the startup folder (C:\\\\Documents and Settings\\\\All Users\\\\Start Menu\\\\Programs\\\\Startup)",
"risk_factor": 8,
"sig_id": 1378
},
{
"description": "Creates files inside the user directory",
"risk_factor": 5,
"sig_id": 1145
},
{
"description": "Reads software policies",
"risk_factor": 5,
"sig_id": 1460
},
{
"description": "Overwrites Mozilla Firefox settings",
"risk_factor": 8,
"sig_id": 1382
},
{
"description": "Installs a chrome extension",
"risk_factor": 7,
"sig_id": 1393
},
{
"description": "Writes many files with high entropy",
"risk_factor": 8,
"sig_id": 2072
}
],
"threat_names": [
{
"threat_name": "Unknown"
}
]
},
"requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271"
}
}
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-certificate-analytics#


Retrieve certificate analytics.

Base Command#

reversinglabs-titaniumcloud-certificate-analytics

Input#

Argument NameDescriptionRequired
certificate_thumbprintHash string.Required

Context Output#

PathTypeDescription
ReversingLabs.certificate_analyticsUnknown

Command example#

!reversinglabs-titaniumcloud-certificate-analytics certificate_thumbprint="86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"

Context Example#

{
"InfoFile": {
"EntryID": "7632@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "Certificate Analytics report file for thumbprint 86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A",
"Size": 11882,
"Type": "ASCII text, with very long lines"
},
"ReversingLabs": {
"certificate_analytics": {
"rl": {
"certificate_analytics": {
"certificate": {
"certificate_thumbprints": [
{
"name": "MD5",
"value": "76cc8c2a0859c683eb494eb4f161ed79"
},
{
"name": "SHA1",
"value": "03addd4d8bb9c4eb53a49d734a3fa622f35ac4f4"
},
{
"name": "SHA256",
"value": "86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"
}
],
"common_name": "OOO \"Industry\"",
"extensions": [
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "3A:32:1F:B5:2F:91:3A:5A:5F:2C:09:7B:74:6C:0C:95:0C:8B:A3:7E"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "Netscape Cert Type",
"value": "Object Signing"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.3.6.1.4.1.6449.1.2.1.3.2\n CPS: https://secure.comodo.net/CPS\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.comodoca.com/COMODOCodeSigningCA2.crl\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://crt.comodoca.com/COMODOCodeSigningCA2.crt\nOCSP - URI:http://ocsp.comodoca.com\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Alternative Name",
"value": "email:igorv@ooo-industry.ru"
}
],
"issuer": {
"certificate_thumbprints": [
{
"name": "MD5",
"value": "db84b1a0715cfd1e33d1935ddc9beb4e"
},
{
"name": "SHA1",
"value": "b64771392538d1eb7a9281998791c14afd0c5035"
},
{
"name": "SHA256",
"value": "8EF8F2565BE30E7CE7BA6302BB18B42A3ACD148A0DDB4779E4C03E862F39589B"
}
],
"common_name": "COMODO Code Signing CA 2",
"extensions": [
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE, pathlen:0"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: X509v3 Any Policy\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://crt.usertrust.com/UTNAddTrustObject_CA.crt\nOCSP - URI:http://ocsp.usertrust.com\n"
}
],
"issuer": {
"certificate_thumbprints": [
{
"name": "MD5",
"value": "ff5fbc4290fa389e798467ebd7ae940b"
},
{
"name": "SHA1",
"value": "8ad5c9987e6f190bd6f5416e2de44ccd641d8cda"
},
{
"name": "SHA256",
"value": "2CF1EC6AB594113BD538DF6D5C940E3319B424F8756D975888072C6AB558B771"
}
],
"common_name": "UTN-USERFirst-Object",
"extensions": [
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: X509v3 Any Policy\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.usertrust.com\n"
}
],
"issuer": "AddTrust External CA Root",
"serial_number": "421AF2940984191F520A4BC62426A74B",
"signature": "4D422FA6C18AEB07809058468CF81939662A3C5A2C6DCFD4D987558D790B12887B408FD5C7F84B8D551663ADB757DC3B2BBDD3C14F1E03874B449BE3E2404526F326492B6A84F1547AD442DAFCD36ABB667ECA9EEAE9BBDC07C7C3924E833C81499F92D53209EA492EA111719A36D2C54E68B6CB0E1B2516AF6CDE5D76D81F72B193268617DB18DEAF45E9DFFB98AF1418EDA45EF6899445F055044ADDFF27DD064A40F6B4BCF1E40F9902BBFD5D0E2E28C1BE3B5F1A3F971084BC163ED8A39C631D66CB5C5FDA3EF30F0A093522DBDBC03F00F9E60D5D67D1FDA01E032BD940F7BECC87665480A6A3B8F51962D5D226B19826EE9ACB44A7455A8195151AF551",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_from": "Jun 7 08:09:10 2005 GMT",
"valid_to": "May 30 10:48:38 2020 GMT",
"version": "2"
},
"serial_number": "10709D4FF55408D7306001D8EA9175BB",
"signature": "9589779368015E7CD92D3707905D5A425E0C64B436B50FF6ABD53927DE2246A4491C664B4619592E794903F69C92DF6D50355C0C912E600359D0F164F76909F67EFEEB34B36DB1BF669CA3BA3178B98735613D92311BEFF4E89ED6AC45FA0C363C8067BBBDEF2EC290E13D712F3BC1B0587E45C352710307F6F3394D8B36211B01DFD9DA5E2BEB0E97801E441C5088F5C612334AA84DA58D2F940C7BC6BF9A2CC332CDBD8C2726F0E13003500682BCF43BB3837506C6EFBAEED380F852C6ACCB79F2389E7BB09258429105C89621ADB94B16811469F137B0FE34F7DCB0DF97F543109B768FB465F5E89F13B71EAC6FC4698A5FBA3C617E5E498623132EAF1548",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_from": "Aug 24 00:00:00 2011 GMT",
"valid_to": "May 30 10:48:38 2020 GMT",
"version": "2"
},
"serial_number": "D139BDA20096871840DCE08E6A80B6F0",
"signature": "2F5083FC3924FBE3509C294E8DE25499D771A7A554DED358DC05629AFE99803F4BC8DCC436BF0C7CA97015BA2FFD80EFC4D0BDB6E39F375296ECDDCDE3CA0B5033C649B38ECF57761DA6DEA2868D0286EA481177EE6D0D0C1B7B041BB890ECD6CE1FF93EC608F06A4D53C17DCBA4EA5E8894ABADDCFD670B9C3E4E4F0870AC7BB619E3ECE42971FE8FF0AFDE6578892802FC6C9C96DFF767FE2F52EA197C58B5B86C76110CFA05EC019C6FC589B32284D54F4734A21313EDB3970B2820FB6D05EAA5228E7D5035B27AF3B14285225B71F6C3441E7E53631B8C9508F4006E1A464D6DB91E2E8CC7D3B336926812E5356BD8B8B839BFBC990C9A21B1AC17780C39",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_from": "Aug 2 00:00:00 2012 GMT",
"valid_to": "Aug 2 23:59:59 2015 GMT",
"version": "2"
},
"certificate_first_seen": "2012-09-13T08:57:00",
"classification": {
"status": "undefined"
},
"statistics": {
"known": 2,
"malicious": 6082,
"suspicious": 142,
"total": 6226,
"unknown": 0
}
},
"request": {
"response_format": "json",
"thumbprint": "86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"
}
}
}
}
}

Human Readable Output#

Full report is returned in a downloadable file

reversinglabs-titaniumcloud-yara-ruleset-actions#


Perform various YARA ruleset actions.

Base Command#

reversinglabs-titaniumcloud-yara-ruleset-actions

Input#

Argument NameDescriptionRequired
yara_actionYARA ruleset action. Possible values are: CREATE RULESET, DELETE RULESET, GET RULESET INFO, GET RULESET TEXT.Required
ruleset_nameName of the YARA ruleset.Required
ruleset_textText of the YARA ruleset.Optional
sample_availableReturn only samples that are available for download to the user. Must be boolean.Optional

Context Output#

PathTypeDescription
ReversingLabs.create_yara_rulesetUnknown
ReversingLabs.delete_yara_rulesetUnknown
ReversingLabs.get_yara_ruleset_infoUnknown
ReversingLabs.get_yara_ruleset_textUnknown

Command example#

!reversinglabs-titaniumcloud-yara-ruleset-actions ruleset_name=SuperHunt yara_action="GET RULESET INFO"

Context Example#

{
"ReversingLabs": {
"get_yara_ruleset_info": {
"approved": true,
"ruleset_name": "SuperHunt",
"valid": true
}
}
}

Human Readable Output#

{ "approved": true, "ruleset_name": "SuperHunt", "valid": true }

reversinglabs-titaniumcloud-yara-matches-feed#


Returns a recordset of YARA ruleset matches in the specified time range.

Base Command#

reversinglabs-titaniumcloud-yara-matches-feed

Input#

Argument NameDescriptionRequired
time_formatDefine the time format that is used. Possible values are: utc, timestamp.Required
time_valueTime value in the defined format.Required

Context Output#

PathTypeDescription
ReversingLabs.yara_matches_feedUnknown

Command example#

!reversinglabs-titaniumcloud-yara-matches-feed time_format=timestamp time_value=1686149726

Context Example#

{
"ReversingLabs": {
"yara_matches_feed": {
"rl": {
"feed": {
"entries": [
{
"file_size": 3276768,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2070668,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2103585,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6c9a7e771632738a4d86e8211be63306b3c31739",
"timestamp": 1686149729
},
{
"file_size": 3276768,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2070668,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2103585,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6c9a7e771632738a4d86e8211be63306b3c31739",
"timestamp": 1686149729
},
{
"file_size": 700972,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6427,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 327393,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9",
"timestamp": 1686149748
},
{
"file_size": 700972,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6427,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 327393,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9",
"timestamp": 1686149748
},
{
"file_size": 701035,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6427,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 327456,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "327da64e3c8bd70b5868a11b90345ffb83faf169",
"timestamp": 1686149771
},
{
"file_size": 701035,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6427,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 327456,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "327da64e3c8bd70b5868a11b90345ffb83faf169",
"timestamp": 1686149771
},
{
"file_size": 2495206,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 1508164,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "8b16533fe15079a2797c5edb655e7faa0136a2c3",
"timestamp": 1686149775
},
{
"file_size": 136068,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 90723,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 126493,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4b69b90535fffc35b944af09c4fecd1ea45bdf03",
"timestamp": 1686149791
},
{
"file_size": 136068,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 90723,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 126493,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4b69b90535fffc35b944af09c4fecd1ea45bdf03",
"timestamp": 1686149791
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "9833e067786155c711abd4748f0134dce2a50f70",
"timestamp": 1686149812
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "9833e067786155c711abd4748f0134dce2a50f70",
"timestamp": 1686149812
},
{
"file_size": 60165,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 53034,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 44244,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",
"timestamp": 1686149812
},
{
"file_size": 60165,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 53034,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 44244,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",
"timestamp": 1686149812
},
{
"file_size": 348160,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 37848,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "8a5f73ba3d164d764f3247e1a4d8910f1c82118e",
"timestamp": 1686149813
},
{
"file_size": 2032952,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1691838,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1680161,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3ef76796bc39440ff9e380ee0870e082a7d4d827",
"timestamp": 1686149813
},
{
"file_size": 2032952,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1691838,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1680161,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3ef76796bc39440ff9e380ee0870e082a7d4d827",
"timestamp": 1686149813
},
{
"file_size": 152263,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 108863,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 66000,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "672718e4181413228e56e9aca75af311e5113b34",
"timestamp": 1686149815
},
{
"file_size": 152263,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 108863,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 66000,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "672718e4181413228e56e9aca75af311e5113b34",
"timestamp": 1686149815
},
{
"file_size": 3594552,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2695368,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2746903,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3c1e2700b7b75d6f064f1a4cd92348cbbd12445e",
"timestamp": 1686149821
},
{
"file_size": 3594552,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2695368,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2746903,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3c1e2700b7b75d6f064f1a4cd92348cbbd12445e",
"timestamp": 1686149821
},
{
"file_size": 629694,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 195141,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 142128,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "689fa08d967cd23c51d86f5f31245b2c4b4cb8f4",
"timestamp": 1686149825
},
{
"file_size": 629694,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 195141,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 142128,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "689fa08d967cd23c51d86f5f31245b2c4b4cb8f4",
"timestamp": 1686149825
},
{
"file_size": 60165,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 53034,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 44244,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",
"timestamp": 1686149825
},
{
"file_size": 60165,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 53034,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 44244,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",
"timestamp": 1686149825
},
{
"file_size": 7876608,
"file_type": "ELF64 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4574372,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4638450,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "be246b1372fc383087a49f7b217d57f60a91282e",
"timestamp": 1686149830
},
{
"file_size": 7876608,
"file_type": "ELF64 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4574372,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4638450,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "be246b1372fc383087a49f7b217d57f60a91282e",
"timestamp": 1686149830
},
{
"file_size": 163095,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 92470,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 152391,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "38351d1f1fd246eed1a5319c70e6db239cf08961",
"timestamp": 1686149832
},
{
"file_size": 163095,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 92470,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 152391,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "38351d1f1fd246eed1a5319c70e6db239cf08961",
"timestamp": 1686149832
},
{
"file_size": 4435792,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 35519,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 251777,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",
"timestamp": 1686149840
},
{
"file_size": 4435792,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 35519,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 251777,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",
"timestamp": 1686149840
},
{
"file_size": 118346,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16163,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 93519,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "33b343dbf5e945badbde855fccd9d41cc6721b57",
"timestamp": 1686149841
},
{
"file_size": 118346,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16163,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 93519,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "33b343dbf5e945badbde855fccd9d41cc6721b57",
"timestamp": 1686149841
},
{
"file_size": 421625,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 254252,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 61027,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "97de77df7de1563a15054f68142f815b4df26ef8",
"timestamp": 1686149841
},
{
"file_size": 421625,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 254252,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 61027,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "97de77df7de1563a15054f68142f815b4df26ef8",
"timestamp": 1686149841
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6c4a87910eafb345ad3b07f13dced51376ccc93f",
"timestamp": 1686149842
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6c4a87910eafb345ad3b07f13dced51376ccc93f",
"timestamp": 1686149842
},
{
"file_size": 4091720,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1530891,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1420528,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "f0a94f8d3ba71b06bc7a463241233c2db1cf4a36",
"timestamp": 1686149842
},
{
"file_size": 4091720,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1530891,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1420528,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "f0a94f8d3ba71b06bc7a463241233c2db1cf4a36",
"timestamp": 1686149842
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5c880504fedd3ee67d06ecb36ef7247a6b26cd48",
"timestamp": 1686149844
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5c880504fedd3ee67d06ecb36ef7247a6b26cd48",
"timestamp": 1686149844
},
{
"file_size": 151754,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 108353,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 65464,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1a9bc0dd119fa6b5b15042468d54a26cccccbeaa",
"timestamp": 1686149844
},
{
"file_size": 151754,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 108353,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 65464,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1a9bc0dd119fa6b5b15042468d54a26cccccbeaa",
"timestamp": 1686149844
},
{
"file_size": 151042,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 107641,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 65289,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8",
"timestamp": 1686149844
},
{
"file_size": 151042,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 107641,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 65289,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8",
"timestamp": 1686149844
},
{
"file_size": 6321416,
"file_type": "ELF64 Little/SO",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 361578,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 283948,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7",
"timestamp": 1686149845
},
{
"file_size": 6321416,
"file_type": "ELF64 Little/SO",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 361578,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 283948,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7",
"timestamp": 1686149845
},
{
"file_size": 7876608,
"file_type": "ELF64 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4574372,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4638450,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "be246b1372fc383087a49f7b217d57f60a91282e",
"timestamp": 1686149847
},
{
"file_size": 7876608,
"file_type": "ELF64 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4574372,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4638450,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "be246b1372fc383087a49f7b217d57f60a91282e",
"timestamp": 1686149847
},
{
"file_size": 154712,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 111318,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68396,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "846e91cbdccfbacf3790aaaa5aad6357394ec328",
"timestamp": 1686149848
},
{
"file_size": 154712,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 111318,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68396,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "846e91cbdccfbacf3790aaaa5aad6357394ec328",
"timestamp": 1686149848
},
{
"file_size": 2037575,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 700877,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1730255,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "66ea67dd377be2868f91cada78056d679c37ad14",
"timestamp": 1686149849
},
{
"file_size": 2037575,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 700877,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1730255,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "66ea67dd377be2868f91cada78056d679c37ad14",
"timestamp": 1686149849
},
{
"file_size": 4435792,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 35519,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 251777,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",
"timestamp": 1686149849
},
{
"file_size": 4435792,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 35519,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 251777,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",
"timestamp": 1686149849
},
{
"file_size": 25735,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 369,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 19182,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2983e913f00f2919c3ef8af5984fc1d4165ef459",
"timestamp": 1686149851
},
{
"file_size": 25735,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 369,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 19182,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2983e913f00f2919c3ef8af5984fc1d4165ef459",
"timestamp": 1686149851
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "94d4edb7622aa1bc73976a43641f0f7aa673e515",
"timestamp": 1686149851
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "94d4edb7622aa1bc73976a43641f0f7aa673e515",
"timestamp": 1686149851
},
{
"file_size": 5899328,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3609590,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3648212,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1e005a0d0a4e445a22845e20f507c9986ab8c981",
"timestamp": 1686149855
},
{
"file_size": 5899328,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3609590,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3648212,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1e005a0d0a4e445a22845e20f507c9986ab8c981",
"timestamp": 1686149855
},
{
"file_size": 477009,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 117834,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 179800,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c4362fdfb7e929c0befe19e1fdbb503e340713ef",
"timestamp": 1686149858
},
{
"file_size": 477009,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 117834,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 179800,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c4362fdfb7e929c0befe19e1fdbb503e340713ef",
"timestamp": 1686149858
},
{
"file_size": 146948,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 103548,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 60815,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6aca08c08a657c545ca575cc33e124e0e38f8730",
"timestamp": 1686149865
},
{
"file_size": 146948,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 103548,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 60815,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6aca08c08a657c545ca575cc33e124e0e38f8730",
"timestamp": 1686149865
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "042e4cb27fc3d6fd7c73e3a217a872495a05c90a",
"timestamp": 1686149866
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "042e4cb27fc3d6fd7c73e3a217a872495a05c90a",
"timestamp": 1686149866
},
{
"file_size": 739873,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8970,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 195156,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2a8b44ff48c01cb281e6fc55079211d061ead5c5",
"timestamp": 1686149873
},
{
"file_size": 739873,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8970,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 195156,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2a8b44ff48c01cb281e6fc55079211d061ead5c5",
"timestamp": 1686149873
},
{
"file_size": 1001023,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12927,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 112532,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "f5d3401062623204bff214eef2887ca59171fc8d",
"timestamp": 1686149874
},
{
"file_size": 1001023,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12927,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 112532,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "f5d3401062623204bff214eef2887ca59171fc8d",
"timestamp": 1686149874
},
{
"file_size": 344860,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12762,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 227575,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0",
"timestamp": 1686149875
},
{
"file_size": 344860,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12762,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 227575,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0",
"timestamp": 1686149875
},
{
"file_size": 6738008,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2615445,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2651672,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3ac8e4d7748a9ca0affb66f81978d33e683c4814",
"timestamp": 1686149879
},
{
"file_size": 6738008,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2615445,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2651672,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3ac8e4d7748a9ca0affb66f81978d33e683c4814",
"timestamp": 1686149879
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "dc5645d2051ac4aac468e02b4ebf62628a73605f",
"timestamp": 1686149880
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "dc5645d2051ac4aac468e02b4ebf62628a73605f",
"timestamp": 1686149880
},
{
"file_size": 6343328,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4122595,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4778117,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2db6a690c35f5f29fc0986760df02acf70d67abf",
"timestamp": 1686149881
},
{
"file_size": 6343328,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4122595,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4778117,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2db6a690c35f5f29fc0986760df02acf70d67abf",
"timestamp": 1686149881
},
{
"file_size": 154231,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110832,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68406,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3af52ef8aff5735d794cb2611de951f786961c03",
"timestamp": 1686149900
},
{
"file_size": 154231,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110832,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68406,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3af52ef8aff5735d794cb2611de951f786961c03",
"timestamp": 1686149900
},
{
"file_size": 739903,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8970,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 195156,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e4965ce5cd511a3efd00a2caba635bfab3f4e805",
"timestamp": 1686149921
},
{
"file_size": 739903,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8970,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 195156,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e4965ce5cd511a3efd00a2caba635bfab3f4e805",
"timestamp": 1686149921
},
{
"file_size": 5685433,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 150959,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2075729,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6974c8390c179c1a4a9dca8947a1f2378852faad",
"timestamp": 1686149931
},
{
"file_size": 5685433,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 150959,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2075729,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6974c8390c179c1a4a9dca8947a1f2378852faad",
"timestamp": 1686149931
},
{
"file_size": 11163136,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9002020,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8469401,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "07a157e4e612f74d0b01b2844eca8afdc2a43955",
"timestamp": 1686149931
},
{
"file_size": 11163136,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9002020,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8469401,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "07a157e4e612f74d0b01b2844eca8afdc2a43955",
"timestamp": 1686149931
},
{
"file_size": 1408268,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8975,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 109800,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "440bb2c50ba55eebe34ef8a4e201a17144bd5bc2",
"timestamp": 1686149934
},
{
"file_size": 1408268,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8975,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 109800,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "440bb2c50ba55eebe34ef8a4e201a17144bd5bc2",
"timestamp": 1686149934
},
{
"file_size": 2397377,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 91153,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1061201,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6cea94c3692b8930e8a4991d94810f01dffafd47",
"timestamp": 1686149935
},
{
"file_size": 2397377,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 91153,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1061201,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6cea94c3692b8930e8a4991d94810f01dffafd47",
"timestamp": 1686149935
},
{
"file_size": 22505546,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4456790,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3991479,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8d8af50cf52f96e217de076f925b6bc41f8d0ec5",
"timestamp": 1686149935
},
{
"file_size": 22505546,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4456790,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3991479,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8d8af50cf52f96e217de076f925b6bc41f8d0ec5",
"timestamp": 1686149935
},
{
"file_size": 42817592,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 30365472,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 40659304,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb",
"timestamp": 1686149945
},
{
"file_size": 42817592,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 30365472,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 40659304,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb",
"timestamp": 1686149945
},
{
"file_size": 31211008,
"file_type": "PE+/Exe/QTinstaller",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16799441,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16899630,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8cd67cceebf916ebc1dfa0f3caac9941d2da7318",
"timestamp": 1686149953
},
{
"file_size": 31211008,
"file_type": "PE+/Exe/QTinstaller",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16799441,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16899630,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8cd67cceebf916ebc1dfa0f3caac9941d2da7318",
"timestamp": 1686149953
},
{
"file_size": 173951,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28226,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3981,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc",
"timestamp": 1686149961
},
{
"file_size": 173951,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28226,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3981,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc",
"timestamp": 1686149961
},
{
"file_size": 1001232,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12927,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 112532,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "81722e46258f2181c4488ed7e4e016465a054df5",
"timestamp": 1686149962
},
{
"file_size": 1001232,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12927,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 112532,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "81722e46258f2181c4488ed7e4e016465a054df5",
"timestamp": 1686149962
},
{
"file_size": 1408625,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8975,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 109800,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e497ae5b73b87142c68aa32ca6c8ddc0384a3279",
"timestamp": 1686149962
},
{
"file_size": 1408625,
"file_type": "Text/Go",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8975,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 109800,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e497ae5b73b87142c68aa32ca6c8ddc0384a3279",
"timestamp": 1686149962
},
{
"file_size": 3276768,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2070676,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2103601,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d6a75b67f5d2e46acd4429b58e972867e9cd5d3a",
"timestamp": 1686149979
},
{
"file_size": 3276768,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2070676,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2103601,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d6a75b67f5d2e46acd4429b58e972867e9cd5d3a",
"timestamp": 1686149979
},
{
"file_size": 91161,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28849,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50403,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "9dcc23c9b21440ad706a182c116309563cd3ffdd",
"timestamp": 1686149982
},
{
"file_size": 91161,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28849,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50403,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "9dcc23c9b21440ad706a182c116309563cd3ffdd",
"timestamp": 1686149982
},
{
"file_size": 10193920,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8189124,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8246307,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3d30c8a0198738772f116ae497f63a98e3860397",
"timestamp": 1686149986
},
{
"file_size": 10193920,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8189124,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8246307,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3d30c8a0198738772f116ae497f63a98e3860397",
"timestamp": 1686149986
},
{
"file_size": 10953728,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8832644,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8334233,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "688225294de1ce81a0b86856e9473a44d79cb2c7",
"timestamp": 1686149992
},
{
"file_size": 10953728,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8832644,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8334233,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "688225294de1ce81a0b86856e9473a44d79cb2c7",
"timestamp": 1686149992
},
{
"file_size": 13879776,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9063260,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8955389,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6b2579402e748c7ca1efe1f9bb1829b935e2e7a3",
"timestamp": 1686149994
},
{
"file_size": 13879776,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9063260,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8955389,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6b2579402e748c7ca1efe1f9bb1829b935e2e7a3",
"timestamp": 1686149994
},
{
"file_size": 24079793,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18057198,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8412693,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1f43bab8c6957fa362fb90c9729c1916eab2bcd0",
"timestamp": 1686150002
},
{
"file_size": 24079793,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18057198,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8412693,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1f43bab8c6957fa362fb90c9729c1916eab2bcd0",
"timestamp": 1686150002
},
{
"file_size": 6474752,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2533793,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2591846,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4cde41ec566dfd3b8bc329e318c4f17e2b4f4829",
"timestamp": 1686150005
},
{
"file_size": 6474752,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2533793,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2591846,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4cde41ec566dfd3b8bc329e318c4f17e2b4f4829",
"timestamp": 1686150005
},
{
"file_size": 932698,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 326870,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 54869,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2cbeabd2324a2a2d98c144c6d884e587223e2ec6",
"timestamp": 1686150015
},
{
"file_size": 932698,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 326870,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 54869,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2cbeabd2324a2a2d98c144c6d884e587223e2ec6",
"timestamp": 1686150015
},
{
"file_size": 72837,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 19785,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 43263,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c7d16b5e7cf3bfff42d2247043551c4175d61d20",
"timestamp": 1686150016
},
{
"file_size": 72837,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 19785,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 43263,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c7d16b5e7cf3bfff42d2247043551c4175d61d20",
"timestamp": 1686150016
},
{
"file_size": 36540577,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3889929,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16366923,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a805ed283e310974d552b3b322b4f18891255757",
"timestamp": 1686150017
},
{
"file_size": 36540577,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3889929,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16366923,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a805ed283e310974d552b3b322b4f18891255757",
"timestamp": 1686150017
},
{
"file_size": 5047332,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 13808,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3313365,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "546ddfb350387e7df8ca8266f8b2b038c7eef2d3",
"timestamp": 1686150017
},
{
"file_size": 5047332,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 13808,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3313365,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "546ddfb350387e7df8ca8266f8b2b038c7eef2d3",
"timestamp": 1686150017
},
{
"file_size": 24901120,
"file_type": "PE+/Exe/QTinstaller",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 14371897,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14466070,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "fd39aae727a929c51b958ee707c238bfb473ad15",
"timestamp": 1686150022
},
{
"file_size": 24901120,
"file_type": "PE+/Exe/QTinstaller",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 14371897,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14466070,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "fd39aae727a929c51b958ee707c238bfb473ad15",
"timestamp": 1686150022
},
{
"file_size": 34397761,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6212556,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12877011,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1b67acf2821d6fef6927fc280bc43d62c10f3453",
"timestamp": 1686150023
},
{
"file_size": 34397761,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6212556,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12877011,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1b67acf2821d6fef6927fc280bc43d62c10f3453",
"timestamp": 1686150023
},
{
"file_size": 15989124,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 12610545,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "fbeba4bc92ad9ef8a63969244cefd0a89a82faca",
"timestamp": 1686150024
},
{
"file_size": 30287982,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26848016,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 26812902,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6b0fbcfd179386a5843a327f505fc9792d0ceb73",
"timestamp": 1686150026
},
{
"file_size": 30287982,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26848016,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 26812902,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6b0fbcfd179386a5843a327f505fc9792d0ceb73",
"timestamp": 1686150026
},
{
"file_size": 9734975,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3297128,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3361389,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8710a30f251eb354a10b9b3ded8f39dcb2511270",
"timestamp": 1686150030
},
{
"file_size": 9734975,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3297128,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3361389,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8710a30f251eb354a10b9b3ded8f39dcb2511270",
"timestamp": 1686150030
},
{
"file_size": 36550757,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3894018,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16377103,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2d01a780e7061977aa595ed1ab064a64ca72673f",
"timestamp": 1686150034
},
{
"file_size": 36550757,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3894018,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16377103,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2d01a780e7061977aa595ed1ab064a64ca72673f",
"timestamp": 1686150034
},
{
"file_size": 30241965,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1270683,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 19094887,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e73e925688406110576d482b6349f6b4abf6e791",
"timestamp": 1686150034
},
{
"file_size": 30241965,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1270683,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 19094887,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e73e925688406110576d482b6349f6b4abf6e791",
"timestamp": 1686150034
},
{
"file_size": 1159176,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 917880,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1076516,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "75de010f85713ee4d027ad3b425d8810b83e26c5",
"timestamp": 1686150036
},
{
"file_size": 1159176,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 917880,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1076516,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "75de010f85713ee4d027ad3b425d8810b83e26c5",
"timestamp": 1686150036
},
{
"file_size": 932902,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 216644,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 656004,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "69d5e05c0d3120adbf821c2c81745278e84af7bb",
"timestamp": 1686150036
},
{
"file_size": 932902,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 216644,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 656004,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "69d5e05c0d3120adbf821c2c81745278e84af7bb",
"timestamp": 1686150036
},
{
"file_size": 9079296,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6536009,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6512841,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d8abe35af92e46e46ba9279fe6026b44680e4c24",
"timestamp": 1686150040
},
{
"file_size": 9079296,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6536009,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6512841,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d8abe35af92e46e46ba9279fe6026b44680e4c24",
"timestamp": 1686150040
},
{
"file_size": 36641188,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3930181,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16467533,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "013bd97c6dedc7caabd9b4a867374ae3b0ac264c",
"timestamp": 1686150043
},
{
"file_size": 36641188,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3930181,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16467533,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "013bd97c6dedc7caabd9b4a867374ae3b0ac264c",
"timestamp": 1686150043
},
{
"file_size": 34865877,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 13375873,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 34219704,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3aa2b177f8a825c6b13e4599eb6958557835926a",
"timestamp": 1686150046
},
{
"file_size": 34865877,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 13375873,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 34219704,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3aa2b177f8a825c6b13e4599eb6958557835926a",
"timestamp": 1686150046
},
{
"file_size": 57024799,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11320886,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48226201,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b",
"timestamp": 1686150048
},
{
"file_size": 57024799,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11320886,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48226201,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b",
"timestamp": 1686150048
},
{
"file_size": 348160,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 37848,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "68000a66e0df17b4742280453a78dbd56240d1ee",
"timestamp": 1686150052
},
{
"file_size": 2395811,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 90869,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1060182,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7",
"timestamp": 1686150054
},
{
"file_size": 2395811,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 90869,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1060182,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7",
"timestamp": 1686150054
},
{
"file_size": 36590144,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3909772,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16416489,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4cdaa1a635a89f003730568320dd1843b0b4eb9b",
"timestamp": 1686150060
},
{
"file_size": 36590144,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3909772,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16416489,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4cdaa1a635a89f003730568320dd1843b0b4eb9b",
"timestamp": 1686150060
},
{
"file_size": 36515211,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3879798,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16341556,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3354aa087f5e69e2514eb45f86481e3b48dd8c71",
"timestamp": 1686150061
},
{
"file_size": 36515211,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3879798,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16341556,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3354aa087f5e69e2514eb45f86481e3b48dd8c71",
"timestamp": 1686150061
},
{
"file_size": 33694294,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 23513731,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 24426219,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b530c39a703be42f39ea9b0871269121fde6889f",
"timestamp": 1686150062
},
{
"file_size": 33694294,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 23513731,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 24426219,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b530c39a703be42f39ea9b0871269121fde6889f",
"timestamp": 1686150062
},
{
"file_size": 36537740,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3888816,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16364086,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "33fb0fe07bf41fecddca87af88764a6133dadd47",
"timestamp": 1686150065
},
{
"file_size": 36537740,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3888816,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16364086,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "33fb0fe07bf41fecddca87af88764a6133dadd47",
"timestamp": 1686150065
},
{
"file_size": 36770403,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3981874,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16596748,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "fff92cc57a76f6fd2fb1a9f83323935488263d20",
"timestamp": 1686150067
},
{
"file_size": 36770403,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3981874,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16596748,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "fff92cc57a76f6fd2fb1a9f83323935488263d20",
"timestamp": 1686150067
},
{
"file_size": 58043690,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11416838,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11383531,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc",
"timestamp": 1686150088
},
{
"file_size": 58043690,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11416838,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11383531,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc",
"timestamp": 1686150088
},
{
"file_size": 43296371,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2845294,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 36059397,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "82b57851ed6f20a92ee947f7475ba2f1483fbe40",
"timestamp": 1686150095
},
{
"file_size": 43296371,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2845294,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 36059397,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "82b57851ed6f20a92ee947f7475ba2f1483fbe40",
"timestamp": 1686150095
},
{
"file_size": 928842,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 50772,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 106169,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce",
"timestamp": 1686150097
},
{
"file_size": 928842,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 50772,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 106169,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce",
"timestamp": 1686150097
},
{
"file_size": 932389,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 331131,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50692,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3857f93365c892ca7633a9c53730d6bc1d831a0f",
"timestamp": 1686150102
},
{
"file_size": 932389,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 331131,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50692,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3857f93365c892ca7633a9c53730d6bc1d831a0f",
"timestamp": 1686150102
},
{
"file_size": 928275,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 323826,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51157,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5c92ee4a922e8257741a8147f427470ec1fb2cc7",
"timestamp": 1686150102
},
{
"file_size": 928275,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 323826,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51157,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5c92ee4a922e8257741a8147f427470ec1fb2cc7",
"timestamp": 1686150102
},
{
"file_size": 932276,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 124645,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 684889,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "65dd53f03df7c7fc23c681906bc82faef89b6229",
"timestamp": 1686150102
},
{
"file_size": 932276,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 124645,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 684889,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "65dd53f03df7c7fc23c681906bc82faef89b6229",
"timestamp": 1686150102
},
{
"file_size": 36531162,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3886168,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16357507,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4a50c617873f2fe6d95c80c122ed16c47a1418e1",
"timestamp": 1686150102
},
{
"file_size": 36531162,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3886168,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16357507,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4a50c617873f2fe6d95c80c122ed16c47a1418e1",
"timestamp": 1686150102
},
{
"file_size": 931071,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 52176,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 610004,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5f98263a56a793c9a5b1eb4137b241b3f2b3a92f",
"timestamp": 1686150103
},
{
"file_size": 931071,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 52176,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 610004,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5f98263a56a793c9a5b1eb4137b241b3f2b3a92f",
"timestamp": 1686150103
},
{
"file_size": 7549400,
"file_type": "ELF32 Little/SO",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 313894,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 370505,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "33c1abb22a7c450ec7a56d86ed55f2309033a1ad",
"timestamp": 1686150103
},
{
"file_size": 7549400,
"file_type": "ELF32 Little/SO",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 313894,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 370505,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "33c1abb22a7c450ec7a56d86ed55f2309033a1ad",
"timestamp": 1686150103
},
{
"file_size": 1331824,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 913341,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 824258,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "0a67ebac16528d81e4d4a57c24f5ec98bffe78ba",
"timestamp": 1686150104
},
{
"file_size": 1331824,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 913341,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 824258,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "0a67ebac16528d81e4d4a57c24f5ec98bffe78ba",
"timestamp": 1686150104
},
{
"file_size": 968667,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 134578,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 495188,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "388a688ff5360dc566ae1e02c5744423b1474a8c",
"timestamp": 1686150104
},
{
"file_size": 968667,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 134578,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 495188,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "388a688ff5360dc566ae1e02c5744423b1474a8c",
"timestamp": 1686150104
},
{
"file_size": 931717,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 423260,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51749,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3ea76a30076f6773a77a0d38cb4329bb87ccdca6",
"timestamp": 1686150105
},
{
"file_size": 931717,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 423260,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51749,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3ea76a30076f6773a77a0d38cb4329bb87ccdca6",
"timestamp": 1686150105
},
{
"file_size": 8185728,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6588985,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7149558,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "f9042e40b9e538738ff824c1ab905857b9cdc83d",
"timestamp": 1686150106
},
{
"file_size": 8185728,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6588985,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7149558,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "f9042e40b9e538738ff824c1ab905857b9cdc83d",
"timestamp": 1686150106
},
{
"file_size": 930985,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 322357,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50952,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6beac76e3513c3e844b4a273ee08a7489a850526",
"timestamp": 1686150106
},
{
"file_size": 930985,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 322357,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50952,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6beac76e3513c3e844b4a273ee08a7489a850526",
"timestamp": 1686150106
},
{
"file_size": 926603,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47177,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 694431,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c8cef867ea206871eb64383f00f2fabaadb7c276",
"timestamp": 1686150109
},
{
"file_size": 926603,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47177,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 694431,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c8cef867ea206871eb64383f00f2fabaadb7c276",
"timestamp": 1686150109
},
{
"file_size": 935797,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 138034,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 342929,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "73dafc4fdeb216048d15665f036646f99af73913",
"timestamp": 1686150109
},
{
"file_size": 935797,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 138034,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 342929,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "73dafc4fdeb216048d15665f036646f99af73913",
"timestamp": 1686150109
},
{
"file_size": 931560,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 51372,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 609695,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "0123930e0a777ee12c0a73cf035b5bd7f779ec85",
"timestamp": 1686150109
},
{
"file_size": 931560,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 51372,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 609695,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "0123930e0a777ee12c0a73cf035b5bd7f779ec85",
"timestamp": 1686150109
},
{
"file_size": 935998,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 338376,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 59214,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4",
"timestamp": 1686150110
},
{
"file_size": 935998,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 338376,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 59214,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4",
"timestamp": 1686150110
},
{
"file_size": 933412,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 43451,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 185008,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "101516f0f938f540ac87d4f88875c39c267ea29e",
"timestamp": 1686150112
},
{
"file_size": 933412,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 43451,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 185008,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "101516f0f938f540ac87d4f88875c39c267ea29e",
"timestamp": 1686150112
},
{
"file_size": 6701832,
"file_type": "PE+/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1775780,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2815992,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d194592f1c5946d2d49bc657e9924290ce2e2d2e",
"timestamp": 1686150114
},
{
"file_size": 6701832,
"file_type": "PE+/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1775780,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2815992,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d194592f1c5946d2d49bc657e9924290ce2e2d2e",
"timestamp": 1686150114
},
{
"file_size": 3276768,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2070676,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2103601,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "afa59c4de068f13d617a8090c55f7d0b645d9782",
"timestamp": 1686150114
},
{
"file_size": 3276768,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2070676,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2103601,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "afa59c4de068f13d617a8090c55f7d0b645d9782",
"timestamp": 1686150114
},
{
"file_size": 173795,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28070,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3981,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "bd0f7e58c1600c5a717fcf060c6c260d9d865d22",
"timestamp": 1686150115
},
{
"file_size": 173795,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28070,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3981,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "bd0f7e58c1600c5a717fcf060c6c260d9d865d22",
"timestamp": 1686150115
},
{
"file_size": 931770,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 118609,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 175602,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d85fbe69e08f57750f22ef20ad20e3bb08fb53df",
"timestamp": 1686150115
},
{
"file_size": 931770,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 118609,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 175602,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d85fbe69e08f57750f22ef20ad20e3bb08fb53df",
"timestamp": 1686150115
},
{
"file_size": 929834,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 55696,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 651831,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b4c897b4aaa258b27ee0ff7edf553735481f565d",
"timestamp": 1686150116
},
{
"file_size": 929834,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 55696,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 651831,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b4c897b4aaa258b27ee0ff7edf553735481f565d",
"timestamp": 1686150116
},
{
"file_size": 23668351,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 774742,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23214826,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4af3d5aee88996ec6952ea9e598b434ee4dc0c28",
"timestamp": 1686150119
},
{
"file_size": 23668351,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 774742,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23214826,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4af3d5aee88996ec6952ea9e598b434ee4dc0c28",
"timestamp": 1686150119
},
{
"file_size": 9095348,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2065896,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1838594,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c8e8441cdad2974770adb2fd9091f4f590188968",
"timestamp": 1686150123
},
{
"file_size": 9095348,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2065896,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1838594,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c8e8441cdad2974770adb2fd9091f4f590188968",
"timestamp": 1686150123
},
{
"file_size": 930687,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 118136,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 180327,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "961e3cd96bfa7943f71109d0c235fd8b38376f60",
"timestamp": 1686150124
},
{
"file_size": 930687,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 118136,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 180327,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "961e3cd96bfa7943f71109d0c235fd8b38376f60",
"timestamp": 1686150124
},
{
"file_size": 931377,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 401046,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 129705,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "0bb2964f5efb578d0ecc0cf06417d686dde59f77",
"timestamp": 1686150125
},
{
"file_size": 931377,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 401046,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 129705,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "0bb2964f5efb578d0ecc0cf06417d686dde59f77",
"timestamp": 1686150125
},
{
"file_size": 927231,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 57153,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 688672,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0",
"timestamp": 1686150125
},
{
"file_size": 927231,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 57153,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 688672,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0",
"timestamp": 1686150125
},
{
"file_size": 3331072,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2187152,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2194102,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "089a0358b27ea0c5d92c823b63add32457501a5e",
"timestamp": 1686150126
},
{
"file_size": 3331072,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2187152,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2194102,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "089a0358b27ea0c5d92c823b63add32457501a5e",
"timestamp": 1686150126
},
{
"file_size": 8126464,
"file_type": "ELF64 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3474544,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3515704,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "20a165c1eb816ff4ad7d55d49e70a41c1198ead8",
"timestamp": 1686150128
},
{
"file_size": 8126464,
"file_type": "ELF64 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3474544,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3515704,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "20a165c1eb816ff4ad7d55d49e70a41c1198ead8",
"timestamp": 1686150128
},
{
"file_size": 36633572,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3927134,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16459918,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "583d27662efc73f5f42eb81609770e692e9a65ed",
"timestamp": 1686150129
},
{
"file_size": 36633572,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3927134,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16459918,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "583d27662efc73f5f42eb81609770e692e9a65ed",
"timestamp": 1686150129
},
{
"file_size": 34389577,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6210700,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12869171,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce",
"timestamp": 1686150135
},
{
"file_size": 34389577,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6210700,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12869171,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce",
"timestamp": 1686150135
},
{
"file_size": 935988,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 331334,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 52342,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2129c563cfbfbab0111c73f31184e0bf4b1bc3a6",
"timestamp": 1686150139
},
{
"file_size": 935988,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 331334,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 52342,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2129c563cfbfbab0111c73f31184e0bf4b1bc3a6",
"timestamp": 1686150139
},
{
"file_size": 930473,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 338428,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 59098,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "787d91817a5dd4cf63d0454eb240052aa9687619",
"timestamp": 1686150140
},
{
"file_size": 930473,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 338428,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 59098,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "787d91817a5dd4cf63d0454eb240052aa9687619",
"timestamp": 1686150140
},
{
"file_size": 12013103,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 9115816,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "6a335f4e638e564f836057fe6e0e2af05ec33da8",
"timestamp": 1686150140
},
{
"file_size": 6699288,
"file_type": "PE+/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1775780,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2815385,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed",
"timestamp": 1686150143
},
{
"file_size": 6699288,
"file_type": "PE+/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1775780,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2815385,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed",
"timestamp": 1686150143
},
{
"file_size": 929276,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47016,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 403386,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "9454c50693d7b390806ced4ef36b9b857b8629fa",
"timestamp": 1686150149
},
{
"file_size": 929276,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47016,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 403386,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "9454c50693d7b390806ced4ef36b9b857b8629fa",
"timestamp": 1686150149
},
{
"file_size": 930806,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 46563,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 184147,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "274b00db13eebcd6082de509d400fe5251a98f03",
"timestamp": 1686150149
},
{
"file_size": 930806,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 46563,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 184147,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "274b00db13eebcd6082de509d400fe5251a98f03",
"timestamp": 1686150149
},
{
"file_size": 61184217,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 45211537,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 58260786,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d9db0d9b40773587e3f3504ee62dd13f356e2042",
"timestamp": 1686150152
},
{
"file_size": 61184217,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 45211537,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 58260786,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d9db0d9b40773587e3f3504ee62dd13f356e2042",
"timestamp": 1686150152
},
{
"file_size": 73081759,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12895085,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 30003463,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "824ad09d431328843657589c773b0b69b87fe04e",
"timestamp": 1686150157
},
{
"file_size": 73081759,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12895085,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 30003463,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "824ad09d431328843657589c773b0b69b87fe04e",
"timestamp": 1686150157
},
{
"file_size": 10032511,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1605113,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7068039,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5ba002fd1aa0d945d508de71864be5fbee45f4fb",
"timestamp": 1686150162
},
{
"file_size": 10032511,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1605113,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7068039,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5ba002fd1aa0d945d508de71864be5fbee45f4fb",
"timestamp": 1686150162
},
{
"file_size": 931686,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 48187,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 409598,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e5842bab24fad9c4287acfed037aab491c47df01",
"timestamp": 1686150163
},
{
"file_size": 931686,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 48187,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 409598,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e5842bab24fad9c4287acfed037aab491c47df01",
"timestamp": 1686150163
},
{
"file_size": 26278447,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 23857885,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23869615,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "290617954cdec1062ac608739fe91ff59390d697",
"timestamp": 1686150167
},
{
"file_size": 26278447,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 23857885,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23869615,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "290617954cdec1062ac608739fe91ff59390d697",
"timestamp": 1686150167
},
{
"file_size": 34389577,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6210892,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12869363,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6da793ceb98fba2eca7bf612512c1f19acd4169a",
"timestamp": 1686150172
},
{
"file_size": 34389577,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6210892,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12869363,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "6da793ceb98fba2eca7bf612512c1f19acd4169a",
"timestamp": 1686150172
},
{
"file_size": 8946132,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3674270,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3441202,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "90edd03ca6404f5463883a9636f3c0f9898e07bd",
"timestamp": 1686150179
},
{
"file_size": 8946132,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3674270,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3441202,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "90edd03ca6404f5463883a9636f3c0f9898e07bd",
"timestamp": 1686150179
},
{
"file_size": 9193604,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1891954,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3260593,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990",
"timestamp": 1686150180
},
{
"file_size": 9193604,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1891954,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3260593,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990",
"timestamp": 1686150180
},
{
"file_size": 12764160,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8980721,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12260413,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "7b6aa3b5779ec0d82fee559fc4d63ad480d51081",
"timestamp": 1686150184
},
{
"file_size": 12764160,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8980721,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12260413,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "7b6aa3b5779ec0d82fee559fc4d63ad480d51081",
"timestamp": 1686150184
},
{
"file_size": 3310440,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1999564,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 785846,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1f432e629ddc3a46933533ecbb34fea9957e75fb",
"timestamp": 1686150210
},
{
"file_size": 3310440,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1999564,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 785846,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1f432e629ddc3a46933533ecbb34fea9957e75fb",
"timestamp": 1686150210
},
{
"file_size": 9573220,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6332741,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7759019,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e65b15c85ad58e8c03d631bc18c60cb8158f284e",
"timestamp": 1686150242
},
{
"file_size": 9573220,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6332741,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7759019,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e65b15c85ad58e8c03d631bc18c60cb8158f284e",
"timestamp": 1686150242
},
{
"file_size": 930740,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47540,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 610524,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b873436ccab36552c99f8fe7061bdbe272d3ce8f",
"timestamp": 1686150266
},
{
"file_size": 930740,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47540,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 610524,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b873436ccab36552c99f8fe7061bdbe272d3ce8f",
"timestamp": 1686150266
},
{
"file_size": 348160,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 37848,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "d69278c938ecff91cb1de3e41eb4ad2ada3d7fd7",
"timestamp": 1686150275
},
{
"file_size": 348160,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 37848,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "9e0b73ab7dd3c5393d59f189f72d86969fe810e6",
"timestamp": 1686150278
},
{
"file_size": 96404,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 34942,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23974,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "40ae8ce4fd7be204b022a24d145bc76724f29a25",
"timestamp": 1686150284
},
{
"file_size": 96404,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 34942,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23974,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "40ae8ce4fd7be204b022a24d145bc76724f29a25",
"timestamp": 1686150284
},
{
"file_size": 491771,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31265,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 449442,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "311b155865c0b0031906cc3cb642c1451c728b49",
"timestamp": 1686150285
},
{
"file_size": 491771,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31265,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 449442,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "311b155865c0b0031906cc3cb642c1451c728b49",
"timestamp": 1686150285
},
{
"file_size": 15222705,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3256698,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10462094,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8077d9e9178106ee04bb064f0c4836609b2651a3",
"timestamp": 1686150286
},
{
"file_size": 15222705,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3256698,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10462094,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8077d9e9178106ee04bb064f0c4836609b2651a3",
"timestamp": 1686150286
},
{
"file_size": 30296948,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26842835,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 26807721,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "083b1295e2caf60b6a41f01b6f87667b98430091",
"timestamp": 1686150290
},
{
"file_size": 30296948,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26842835,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 26807721,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "083b1295e2caf60b6a41f01b6f87667b98430091",
"timestamp": 1686150290
},
{
"file_size": 6537308,
"file_type": "PE/Exe/Py2ExeInstaller",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5693089,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2822995,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1",
"timestamp": 1686150294
},
{
"file_size": 6537308,
"file_type": "PE/Exe/Py2ExeInstaller",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5693089,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2822995,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1",
"timestamp": 1686150294
},
{
"file_size": 7247380,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4008699,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4004292,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "dc5923d8b5caae31db125694e113c3838d645180",
"timestamp": 1686150295
},
{
"file_size": 7247380,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4008699,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4004292,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "dc5923d8b5caae31db125694e113c3838d645180",
"timestamp": 1686150295
},
{
"file_size": 4502016,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3630751,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3591330,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "0577c58640804c401b437230cced87df2345e29c",
"timestamp": 1686150298
},
{
"file_size": 4502016,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3630751,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3591330,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "0577c58640804c401b437230cced87df2345e29c",
"timestamp": 1686150298
},
{
"file_size": 12545978,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10606314,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2930691,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a74dd66fb887d1af674a86bf6a29b7689e13bcfe",
"timestamp": 1686150302
},
{
"file_size": 12545978,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10606314,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2930691,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a74dd66fb887d1af674a86bf6a29b7689e13bcfe",
"timestamp": 1686150302
},
{
"file_size": 21330944,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 15508458,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14984430,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d7d92eeac776fff79b8bb27ae022acb7b2a72d46",
"timestamp": 1686150317
},
{
"file_size": 21330944,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 15508458,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14984430,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d7d92eeac776fff79b8bb27ae022acb7b2a72d46",
"timestamp": 1686150317
},
{
"file_size": 931771,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 414713,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 57019,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8cb8155899b4297fa0a00e46789aadf71b9ebae0",
"timestamp": 1686150327
},
{
"file_size": 931771,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 414713,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 57019,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8cb8155899b4297fa0a00e46789aadf71b9ebae0",
"timestamp": 1686150327
},
{
"file_size": 468938,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 20060,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 207216,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "7f8905edbfd2e186ed2a4752c8be165a486871c0",
"timestamp": 1686150330
},
{
"file_size": 468938,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 20060,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 207216,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "7f8905edbfd2e186ed2a4752c8be165a486871c0",
"timestamp": 1686150330
},
{
"file_size": 3557888,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 509291,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 495464,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28",
"timestamp": 1686150332
},
{
"file_size": 3557888,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 509291,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 495464,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28",
"timestamp": 1686150332
},
{
"file_size": 7852544,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6486978,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6455842,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4a080485c96493bd3debfad49a284a34760e9b70",
"timestamp": 1686150343
},
{
"file_size": 7852544,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6486978,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6455842,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4a080485c96493bd3debfad49a284a34760e9b70",
"timestamp": 1686150343
},
{
"file_size": 15735,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11559,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9762,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "aa7abe3707df21fd8e0aab4609e413c9e9395efe",
"timestamp": 1686150351
},
{
"file_size": 15735,
"file_type": "Text/TypeScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11559,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9762,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "aa7abe3707df21fd8e0aab4609e413c9e9395efe",
"timestamp": 1686150351
},
{
"file_size": 931613,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 123803,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 294152,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4",
"timestamp": 1686150352
},
{
"file_size": 931613,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 123803,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 294152,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4",
"timestamp": 1686150352
},
{
"file_size": 948192,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 612819,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 588226,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a6d3081cbeb195d1edfc1099435bf0f9afaf711a",
"timestamp": 1686150354
},
{
"file_size": 948192,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 612819,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 588226,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a6d3081cbeb195d1edfc1099435bf0f9afaf711a",
"timestamp": 1686150354
},
{
"file_size": 5127484,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 13808,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3313365,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ab46a7097d5e33fcc3eefcb097cf651d4b79327e",
"timestamp": 1686150356
},
{
"file_size": 5127484,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 13808,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3313365,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ab46a7097d5e33fcc3eefcb097cf651d4b79327e",
"timestamp": 1686150356
},
{
"file_size": 25453056,
"file_type": "PE+/Exe/QTinstaller",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 15179465,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 15285982,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ade4a102d363465fc686f2205ccc541641212b76",
"timestamp": 1686150357
},
{
"file_size": 25453056,
"file_type": "PE+/Exe/QTinstaller",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 15179465,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 15285982,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ade4a102d363465fc686f2205ccc541641212b76",
"timestamp": 1686150357
},
{
"file_size": 43717981,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 22952660,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 21572538,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "730b962ad50fa2261e7cc4cda3cd478e29433cb6",
"timestamp": 1686150363
},
{
"file_size": 43717981,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 22952660,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 21572538,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "730b962ad50fa2261e7cc4cda3cd478e29433cb6",
"timestamp": 1686150363
},
{
"file_size": 10340152,
"file_type": "PE/.Net Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 615180,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "2715497b02f441d8f7fd55bcbc73e2dc912c284f",
"timestamp": 1686150364
},
{
"file_size": 25406657,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5367098,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5417667,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "cec13f5281df131634a68b0f404360f783f557ec",
"timestamp": 1686150371
},
{
"file_size": 25406657,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5367098,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5417667,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "cec13f5281df131634a68b0f404360f783f557ec",
"timestamp": 1686150371
},
{
"file_size": 931361,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 46225,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 192292,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5c4e9cc203c98e89a989478efaca334e8779af81",
"timestamp": 1686150371
},
{
"file_size": 931361,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 46225,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 192292,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "5c4e9cc203c98e89a989478efaca334e8779af81",
"timestamp": 1686150371
},
{
"file_size": 23095627,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 369170,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 21391369,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "06f8373056da04c985cd04b94e51ec666612d2cd",
"timestamp": 1686150371
},
{
"file_size": 23095627,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 369170,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 21391369,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "06f8373056da04c985cd04b94e51ec666612d2cd",
"timestamp": 1686150371
},
{
"file_size": 348160,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 37848,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "147ae394a900a5d3d735e77dfd86ce49a0991862",
"timestamp": 1686150374
},
{
"file_size": 20372117,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 7242654,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "4f66b0d78adce76fe167fea619b1130503438559",
"timestamp": 1686150375
},
{
"file_size": 20280576,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8292185,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8209778,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8db22983306a388d96017ffdb3ab1e00d7ebb43c",
"timestamp": 1686150377
},
{
"file_size": 20280576,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8292185,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8209778,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8db22983306a388d96017ffdb3ab1e00d7ebb43c",
"timestamp": 1686150377
},
{
"file_size": 10182656,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3152562,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3805148,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "59f6e8d7adc5364174e1ae0f192ad10d2f9d0117",
"timestamp": 1686150379
},
{
"file_size": 10182656,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3152562,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3805148,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "59f6e8d7adc5364174e1ae0f192ad10d2f9d0117",
"timestamp": 1686150379
},
{
"file_size": 930152,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 412452,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 62429,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "112c3ef4d7d4fee90f4367199ad90568e963cf66",
"timestamp": 1686150382
},
{
"file_size": 930152,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 412452,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 62429,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "112c3ef4d7d4fee90f4367199ad90568e963cf66",
"timestamp": 1686150382
},
{
"file_size": 8814592,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4011313,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4713025,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "775b98352e38f238b29f95040424f6c1ac503e8f",
"timestamp": 1686150386
},
{
"file_size": 8814592,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4011313,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4713025,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "775b98352e38f238b29f95040424f6c1ac503e8f",
"timestamp": 1686150386
},
{
"file_size": 3282432,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 1698382,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": true,
"sha1": "89c5c42946f23ab8da17d62395ec0801fc1ff93f",
"timestamp": 1686150394
},
{
"file_size": 6444832,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4974746,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5726860,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "dd3646cd6dab41f30705c102b56e633b952bb475",
"timestamp": 1686150397
},
{
"file_size": 6444832,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4974746,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5726860,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "dd3646cd6dab41f30705c102b56e633b952bb475",
"timestamp": 1686150397
},
{
"file_size": 6474752,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2533783,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2591836,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "696ff8fef64c56e79ea3da6812c7a2edafdc029d",
"timestamp": 1686150401
},
{
"file_size": 6474752,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2533783,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2591836,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "696ff8fef64c56e79ea3da6812c7a2edafdc029d",
"timestamp": 1686150401
},
{
"file_size": 86433,
"file_type": "Binary/None",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28868,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50260,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "7195310aa4920e2cb39ddc26b248143499d3b126",
"timestamp": 1686150413
},
{
"file_size": 86433,
"file_type": "Binary/None",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28868,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50260,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "7195310aa4920e2cb39ddc26b248143499d3b126",
"timestamp": 1686150413
},
{
"file_size": 3267040,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2062484,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2095349,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16",
"timestamp": 1686150421
},
{
"file_size": 3267040,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2062484,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2095349,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16",
"timestamp": 1686150421
},
{
"file_size": 47601,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25695,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 33096,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3175ad779cc055b571f0fd1acbd8cc9bfe520280",
"timestamp": 1686150431
},
{
"file_size": 47601,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25695,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 33096,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "3175ad779cc055b571f0fd1acbd8cc9bfe520280",
"timestamp": 1686150431
},
{
"file_size": 154756,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 111362,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68396,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "220680831449b8f6588a9cce44741fab554a7ba7",
"timestamp": 1686150441
},
{
"file_size": 154756,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 111362,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68396,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "220680831449b8f6588a9cce44741fab554a7ba7",
"timestamp": 1686150441
},
{
"file_size": 151462,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 108062,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 65135,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1878b427f101a316442c57209fa17cbe6a1ca0fe",
"timestamp": 1686150448
},
{
"file_size": 151462,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 108062,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 65135,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "1878b427f101a316442c57209fa17cbe6a1ca0fe",
"timestamp": 1686150448
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a9627215cb7c1b43c9f5f594a82a2c1559857d7b",
"timestamp": 1686150449
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a9627215cb7c1b43c9f5f594a82a2c1559857d7b",
"timestamp": 1686150449
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2d0ed62c390430662fc33d8f57b4eb121139ca54",
"timestamp": 1686150449
},
{
"file_size": 89327,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 18110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7042,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "2d0ed62c390430662fc33d8f57b4eb121139ca54",
"timestamp": 1686150449
},
{
"file_size": 159341,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 115940,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 73406,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a554594c774d4b5d41f7a5234e2905e14b034987",
"timestamp": 1686150450
},
{
"file_size": 159341,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 115940,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 73406,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a554594c774d4b5d41f7a5234e2905e14b034987",
"timestamp": 1686150450
},
{
"file_size": 126381,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 70625,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 53368,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "505c406d7ea1a2f47312b0966be841028ae919e7",
"timestamp": 1686150450
},
{
"file_size": 126381,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 70625,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 53368,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "505c406d7ea1a2f47312b0966be841028ae919e7",
"timestamp": 1686150450
},
{
"file_size": 14417,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11214,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12222,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "60281e56f446d4a3656a25658ffcbd74f12c5bf4",
"timestamp": 1686150454
},
{
"file_size": 14417,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11214,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12222,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "60281e56f446d4a3656a25658ffcbd74f12c5bf4",
"timestamp": 1686150454
},
{
"file_size": 154369,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110973,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68402,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c099dd547b58e74ed8d9c2c6d579ab8e41269500",
"timestamp": 1686150455
},
{
"file_size": 154369,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110973,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68402,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "c099dd547b58e74ed8d9c2c6d579ab8e41269500",
"timestamp": 1686150455
},
{
"file_size": 155384,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 111984,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68667,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4",
"timestamp": 1686150457
},
{
"file_size": 155384,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 111984,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68667,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4",
"timestamp": 1686150457
},
{
"file_size": 154219,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110825,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68400,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "995fd53ad16804fccf466264417695e6b0ab6e20",
"timestamp": 1686150463
},
{
"file_size": 154219,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110825,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68400,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "995fd53ad16804fccf466264417695e6b0ab6e20",
"timestamp": 1686150463
},
{
"file_size": 381079,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 176266,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 345615,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "593b0f2c47aa6bd73428f10ea0360725faf06c42",
"timestamp": 1686150465
},
{
"file_size": 381079,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 176266,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 345615,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "593b0f2c47aa6bd73428f10ea0360725faf06c42",
"timestamp": 1686150465
},
{
"file_size": 163098,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 92473,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 152394,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "942e2fb470bd4008055a8bce6749e9bbccb75ea1",
"timestamp": 1686150468
},
{
"file_size": 163098,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 92473,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 152394,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "942e2fb470bd4008055a8bce6749e9bbccb75ea1",
"timestamp": 1686150468
},
{
"file_size": 13861856,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9049728,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8942045,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "59dafd4d926ab9a9c34899540af51135fe4bd8da",
"timestamp": 1686150470
},
{
"file_size": 13861856,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9049728,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8942045,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "59dafd4d926ab9a9c34899540af51135fe4bd8da",
"timestamp": 1686150470
},
{
"file_size": 164398,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3527,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 58716,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d968e98107f741326dca87d26537cc180932e35f",
"timestamp": 1686150471
},
{
"file_size": 164398,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3527,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 58716,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d968e98107f741326dca87d26537cc180932e35f",
"timestamp": 1686150471
},
{
"file_size": 1747296,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1673385,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1497969,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "99917368bb78857bf2f837dce851312a70b9ada7",
"timestamp": 1686150471
},
{
"file_size": 1747296,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1673385,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1497969,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "99917368bb78857bf2f837dce851312a70b9ada7",
"timestamp": 1686150471
},
{
"file_size": 11576577,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10342763,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10354427,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "dff8243d0b4a32e46a8ac8021d97b0aad21830a4",
"timestamp": 1686150472
},
{
"file_size": 11576577,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10342763,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10354427,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "dff8243d0b4a32e46a8ac8021d97b0aad21830a4",
"timestamp": 1686150472
},
{
"file_size": 154378,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110980,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68404,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ea9236fdef65fc30c10218b2140d0942adc1f22b",
"timestamp": 1686150472
},
{
"file_size": 154378,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110980,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68404,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ea9236fdef65fc30c10218b2140d0942adc1f22b",
"timestamp": 1686150472
},
{
"file_size": 39268559,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 64836,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 605486,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "54edf295efcf05160d27fb6834a3caf9f2209ba7",
"timestamp": 1686150475
},
{
"file_size": 39268559,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 64836,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 605486,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "54edf295efcf05160d27fb6834a3caf9f2209ba7",
"timestamp": 1686150475
},
{
"file_size": 444715,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 15462,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 193293,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "55fc77d16e940a3be013328da7d777f419def447",
"timestamp": 1686150476
},
{
"file_size": 444715,
"file_type": "Text/JavaScript",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 15462,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 193293,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "55fc77d16e940a3be013328da7d777f419def447",
"timestamp": 1686150476
},
{
"file_size": 146027,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 102626,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 60254,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "969c08328198fbb0749411234c6a00b0ce5a003d",
"timestamp": 1686150478
},
{
"file_size": 146027,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 102626,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 60254,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "969c08328198fbb0749411234c6a00b0ce5a003d",
"timestamp": 1686150478
},
{
"file_size": 154393,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110997,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68402,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0",
"timestamp": 1686150478
},
{
"file_size": 154393,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 110997,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 68402,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0",
"timestamp": 1686150478
},
{
"file_size": 407815,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 133036,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 80620,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e35210e1fd190655438816adbb94a276948585d1",
"timestamp": 1686150478
},
{
"file_size": 407815,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 133036,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 80620,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e35210e1fd190655438816adbb94a276948585d1",
"timestamp": 1686150478
},
{
"file_size": 20620343,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 33910,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 196832,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a2acda4f1d103c3935fecaceb702793840da5de2",
"timestamp": 1686150481
},
{
"file_size": 20620343,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 33910,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 196832,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a2acda4f1d103c3935fecaceb702793840da5de2",
"timestamp": 1686150481
},
{
"file_size": 6009840,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4616975,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4984614,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "58d3d4e8011ca5aa7a827bdb32984b46691cb5a9",
"timestamp": 1686150481
},
{
"file_size": 6009840,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4616975,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4984614,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "58d3d4e8011ca5aa7a827bdb32984b46691cb5a9",
"timestamp": 1686150481
},
{
"file_size": 20632380,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16365,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 208986,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d2778f896a3ff2d865af50cbcd529dafcf714393",
"timestamp": 1686150482
},
{
"file_size": 20632380,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16365,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 208986,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "d2778f896a3ff2d865af50cbcd529dafcf714393",
"timestamp": 1686150482
},
{
"file_size": 273248,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 251,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4940,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "34578885caf1a2e0b48b46d4e70eb01445acc5f0",
"timestamp": 1686150482
},
{
"file_size": 273248,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 251,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4940,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "34578885caf1a2e0b48b46d4e70eb01445acc5f0",
"timestamp": 1686150482
},
{
"file_size": 344762,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12762,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 227460,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b6caa5f15f08024eda95d3eb61de207ea1db5ca7",
"timestamp": 1686150483
},
{
"file_size": 344762,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12762,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 227460,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "b6caa5f15f08024eda95d3eb61de207ea1db5ca7",
"timestamp": 1686150483
},
{
"file_size": 273249,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 251,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4940,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ddff15d4914ff06b55fbac496362aaae7a2d3c9b",
"timestamp": 1686150484
},
{
"file_size": 273249,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 251,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4940,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "ddff15d4914ff06b55fbac496362aaae7a2d3c9b",
"timestamp": 1686150484
},
{
"file_size": 456700,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 430650,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 214898,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a3342c659d56113fcf63287f1f2b51015a32a9fe",
"timestamp": 1686150491
},
{
"file_size": 456700,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 430650,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 214898,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "a3342c659d56113fcf63287f1f2b51015a32a9fe",
"timestamp": 1686150491
},
{
"file_size": 20655221,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7544,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 19076,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e1a3dcfe7846ac93feb3b6c0d368c619551e2060",
"timestamp": 1686150496
},
{
"file_size": 20655221,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7544,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 19076,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "e1a3dcfe7846ac93feb3b6c0d368c619551e2060",
"timestamp": 1686150496
},
{
"file_size": 1808816,
"file_type": "PE/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 201237,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 166562,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8cee4323aa88793881d1e9753476ffd85e9909d2",
"timestamp": 1686150498
},
{
"file_size": 1808816,
"file_type": "PE/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 201237,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 166562,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": true,
"sha1": "8cee4323aa88793881d1e9753476ffd85e9909d2",
"timestamp": 1686150498
},
{
"file_size": 17414211,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1697169,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 341432,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "86323712891af72832dd179625c1c9e5f47ef5dc",
"timestamp": 1686149728
},
{
"file_size": 17414211,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1697169,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 341432,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "86323712891af72832dd179625c1c9e5f47ef5dc",
"timestamp": 1686149728
},
{
"file_size": 97050,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27202,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48756,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4b894706af749cdad62ced56233c32dc85274212",
"timestamp": 1686149728
},
{
"file_size": 97050,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27202,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48756,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4b894706af749cdad62ced56233c32dc85274212",
"timestamp": 1686149728
},
{
"file_size": 735478,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 555378,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 733133,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2d4d4a0e0efea6efab5dff40951a996b10fe594c",
"timestamp": 1686149732
},
{
"file_size": 735478,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 555378,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 733133,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2d4d4a0e0efea6efab5dff40951a996b10fe594c",
"timestamp": 1686149732
},
{
"file_size": 609570,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 53613,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8513,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8",
"timestamp": 1686149732
},
{
"file_size": 609570,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 53613,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8513,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8",
"timestamp": 1686149732
},
{
"file_size": 8295796,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3332145,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1798128,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "eb37a450426a73adc228c0b7af6b389fc7bdf56e",
"timestamp": 1686149737
},
{
"file_size": 8295796,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3332145,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1798128,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "eb37a450426a73adc228c0b7af6b389fc7bdf56e",
"timestamp": 1686149737
},
{
"file_size": 13028229,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29013,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 650100,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c38171b6039aed6b7b759e296ace24dc7d025b83",
"timestamp": 1686149738
},
{
"file_size": 13028229,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29013,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 650100,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c38171b6039aed6b7b759e296ace24dc7d025b83",
"timestamp": 1686149738
},
{
"file_size": 7240420,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4735924,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4985544,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "06b99fba88558d39bdb6dbb429327e38bd1a00a6",
"timestamp": 1686149740
},
{
"file_size": 7240420,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4735924,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4985544,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "06b99fba88558d39bdb6dbb429327e38bd1a00a6",
"timestamp": 1686149740
},
{
"file_size": 9198608,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6192194,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6196270,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d537cc50888e2276c7faf74e30d23c170738198a",
"timestamp": 1686149744
},
{
"file_size": 9198608,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6192194,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6196270,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d537cc50888e2276c7faf74e30d23c170738198a",
"timestamp": 1686149744
},
{
"file_size": 26307192,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3868176,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3642636,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0503efcbe5861c3e0d079f9becb3485452b97235",
"timestamp": 1686149749
},
{
"file_size": 26307192,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3868176,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3642636,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0503efcbe5861c3e0d079f9becb3485452b97235",
"timestamp": 1686149749
},
{
"file_size": 108432,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 45813,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17730,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76",
"timestamp": 1686149755
},
{
"file_size": 108432,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 45813,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17730,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76",
"timestamp": 1686149755
},
{
"file_size": 22828,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8423,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11498,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "51b0ba00682591290f80e5855f1a4db9998acf09",
"timestamp": 1686149756
},
{
"file_size": 22828,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8423,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11498,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "51b0ba00682591290f80e5855f1a4db9998acf09",
"timestamp": 1686149756
},
{
"file_size": 22894,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8489,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11564,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0c6f35b25d6e074fab3199944f85df197e063162",
"timestamp": 1686149766
},
{
"file_size": 22894,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8489,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11564,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0c6f35b25d6e074fab3199944f85df197e063162",
"timestamp": 1686149766
},
{
"file_size": 735481,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 555379,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 733136,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87",
"timestamp": 1686149767
},
{
"file_size": 735481,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 555379,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 733136,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87",
"timestamp": 1686149767
},
{
"file_size": 69910542,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 432346,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 401816,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c10dd19fb20e99ac5e03cc854fcb07f3a4689626",
"timestamp": 1686149774
},
{
"file_size": 69910542,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 432346,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 401816,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c10dd19fb20e99ac5e03cc854fcb07f3a4689626",
"timestamp": 1686149774
},
{
"file_size": 78078,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27427,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48075,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6b23dddf010be66788315ffbd673a8786e216cca",
"timestamp": 1686149779
},
{
"file_size": 78078,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27427,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48075,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6b23dddf010be66788315ffbd673a8786e216cca",
"timestamp": 1686149779
},
{
"file_size": 55035681,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6445000,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5864743,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a20295d2941d01ad89f148221bfeeb4a7ae91c8a",
"timestamp": 1686149785
},
{
"file_size": 55035681,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6445000,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5864743,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a20295d2941d01ad89f148221bfeeb4a7ae91c8a",
"timestamp": 1686149785
},
{
"file_size": 72160935,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25254788,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 62943840,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9",
"timestamp": 1686149790
},
{
"file_size": 72160935,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 64192330,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9",
"timestamp": 1686149790
},
{
"file_size": 72160935,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25254788,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 62943840,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9",
"timestamp": 1686149790
},
{
"file_size": 5053848,
"file_type": "PE/Exe/UPX",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 4631537,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "9d94d6d2c676ea1391707da336b08adb51a7602e",
"timestamp": 1686149811
},
{
"file_size": 48064504,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 14832618,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6254126,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "949abf3b22fde0d82aabde30b447202a85a22976",
"timestamp": 1686149814
},
{
"file_size": 48064504,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 14832618,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6254126,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "949abf3b22fde0d82aabde30b447202a85a22976",
"timestamp": 1686149814
},
{
"file_size": 17363501,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 276134,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4050570,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ea2a042555d2ed5031699ab262dd36ee11140a47",
"timestamp": 1686149826
},
{
"file_size": 17363501,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 276134,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4050570,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ea2a042555d2ed5031699ab262dd36ee11140a47",
"timestamp": 1686149826
},
{
"file_size": 1097787,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1026714,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1022464,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8347104bb4f67e9f6a009dddab7d9ba64c1f1f34",
"timestamp": 1686149827
},
{
"file_size": 1097787,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1026714,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1022464,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8347104bb4f67e9f6a009dddab7d9ba64c1f1f34",
"timestamp": 1686149827
},
{
"file_size": 9109956,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6903276,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7053407,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "68272eebbf35852ead3ca57e4d4057c1aca9e87f",
"timestamp": 1686149828
},
{
"file_size": 9109956,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6903276,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7053407,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "68272eebbf35852ead3ca57e4d4057c1aca9e87f",
"timestamp": 1686149828
},
{
"file_size": 129965,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28324,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49213,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8862e555dfb36ef346c9ab015e9cdc042742f905",
"timestamp": 1686149830
},
{
"file_size": 129965,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28324,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49213,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8862e555dfb36ef346c9ab015e9cdc042742f905",
"timestamp": 1686149830
},
{
"file_size": 3401029,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 546852,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12694,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4edebb0ccaf461b657eefd6de9daa819718702c5",
"timestamp": 1686149831
},
{
"file_size": 3401029,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 546852,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12694,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4edebb0ccaf461b657eefd6de9daa819718702c5",
"timestamp": 1686149831
},
{
"file_size": 12211580,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1831826,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1825431,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bce246203d8df748692e5d67f7b43779ca18fcb8",
"timestamp": 1686149833
},
{
"file_size": 12211580,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1831826,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1825431,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bce246203d8df748692e5d67f7b43779ca18fcb8",
"timestamp": 1686149833
},
{
"file_size": 130472,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31577,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 53131,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bb95e8d71ced34ca09a220bcd4740c05bb5beaae",
"timestamp": 1686149835
},
{
"file_size": 130472,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31577,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 53131,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bb95e8d71ced34ca09a220bcd4740c05bb5beaae",
"timestamp": 1686149835
},
{
"file_size": 21856,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10251,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 20432,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "49e3e9c608998a84c76dea1d14979748fa303108",
"timestamp": 1686149836
},
{
"file_size": 21856,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10251,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 20432,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "49e3e9c608998a84c76dea1d14979748fa303108",
"timestamp": 1686149836
},
{
"file_size": 8761628,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5623501,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5729635,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "638ee91a8195f803fb856b9cc58ec90b4e302d2d",
"timestamp": 1686149838
},
{
"file_size": 8761628,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5623501,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5729635,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "638ee91a8195f803fb856b9cc58ec90b4e302d2d",
"timestamp": 1686149838
},
{
"file_size": 80384,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3832,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4633,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d71c31ff1506662b75a69ab2f4c470acd4a608c6",
"timestamp": 1686149840
},
{
"file_size": 80384,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3832,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4633,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d71c31ff1506662b75a69ab2f4c470acd4a608c6",
"timestamp": 1686149840
},
{
"file_size": 2696810,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47000,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11164,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2bb02417e2229ec6c67723720e8c047473bac428",
"timestamp": 1686149843
},
{
"file_size": 2696810,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47000,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11164,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2bb02417e2229ec6c67723720e8c047473bac428",
"timestamp": 1686149843
},
{
"file_size": 291468,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 30654,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 206411,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "861df3d24be5051f03b772a3614ece4f38c9453f",
"timestamp": 1686149843
},
{
"file_size": 291468,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 30654,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 206411,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "861df3d24be5051f03b772a3614ece4f38c9453f",
"timestamp": 1686149843
},
{
"file_size": 9605652,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6219463,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7291032,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "dbb08be91da3fbb62d3a940f50ee262b8ee64a00",
"timestamp": 1686149843
},
{
"file_size": 9605652,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6219463,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7291032,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "dbb08be91da3fbb62d3a940f50ee262b8ee64a00",
"timestamp": 1686149843
},
{
"file_size": 7851776,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5738916,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5715983,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "44ecf0599917582d655aebecad3bff20428a95d5",
"timestamp": 1686149844
},
{
"file_size": 7851776,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5738916,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5715983,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "44ecf0599917582d655aebecad3bff20428a95d5",
"timestamp": 1686149844
},
{
"file_size": 134280,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31122,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 52676,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7b954a9a584dfea3b50aa0d266ece12edd920de3",
"timestamp": 1686149844
},
{
"file_size": 134280,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31122,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 52676,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7b954a9a584dfea3b50aa0d266ece12edd920de3",
"timestamp": 1686149844
},
{
"file_size": 1566720,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47648,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48358,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9ae122565cefb2d077ffd8015b2080dbcd66210a",
"timestamp": 1686149846
},
{
"file_size": 1566720,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 47648,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48358,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9ae122565cefb2d077ffd8015b2080dbcd66210a",
"timestamp": 1686149846
},
{
"file_size": 1826525,
"file_type": "PE/Exe/PECompact",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 61949,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1772779,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "00d16698e37238fa735a1f1728bcbd5a43247e80",
"timestamp": 1686149846
},
{
"file_size": 1826525,
"file_type": "PE/Exe/PECompact",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 61949,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1772779,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "00d16698e37238fa735a1f1728bcbd5a43247e80",
"timestamp": 1686149846
},
{
"file_size": 31410,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29004,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17271,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d11b319f05e4ca0f27820748b503a59f24beb00d",
"timestamp": 1686149846
},
{
"file_size": 31410,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29004,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17271,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d11b319f05e4ca0f27820748b503a59f24beb00d",
"timestamp": 1686149846
},
{
"file_size": 81478,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31946,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 38816,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af",
"timestamp": 1686149850
},
{
"file_size": 81478,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31946,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 38816,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af",
"timestamp": 1686149850
},
{
"file_size": 718416,
"file_type": "Document/None/PDF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 20006,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 140853,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "84c987347c558fb79e603b4ce107e727b35d2ce0",
"timestamp": 1686149850
},
{
"file_size": 718416,
"file_type": "Document/None/PDF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 20006,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 140853,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "84c987347c558fb79e603b4ce107e727b35d2ce0",
"timestamp": 1686149850
},
{
"file_size": 7765124,
"file_type": "Binary/None/TNEF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1806802,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17011,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1898cb0bd9636e2770bef781e64c14ea930737d9",
"timestamp": 1686149851
},
{
"file_size": 7765124,
"file_type": "Binary/None/TNEF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1806802,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17011,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1898cb0bd9636e2770bef781e64c14ea930737d9",
"timestamp": 1686149851
},
{
"file_size": 7445844,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5463059,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5443224,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8397215a4ef8f0278ca94ac55bcfb7d951eb5991",
"timestamp": 1686149852
},
{
"file_size": 7445844,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5463059,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5443224,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8397215a4ef8f0278ca94ac55bcfb7d951eb5991",
"timestamp": 1686149852
},
{
"file_size": 58880,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3006,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5184,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5e3ce373290c3ff3a161f20ce507f566ec02ef37",
"timestamp": 1686149853
},
{
"file_size": 58880,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3006,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5184,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5e3ce373290c3ff3a161f20ce507f566ec02ef37",
"timestamp": 1686149853
},
{
"file_size": 34304,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16023,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 18191,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6419bbc857dfc05244305301ce04fd3101dfbc4e",
"timestamp": 1686149856
},
{
"file_size": 34304,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16023,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 18191,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6419bbc857dfc05244305301ce04fd3101dfbc4e",
"timestamp": 1686149856
},
{
"file_size": 13647,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5929,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7760,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f498fa63f00a6c5d563c78597b1e603f00c292ba",
"timestamp": 1686149856
},
{
"file_size": 13647,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5929,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7760,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f498fa63f00a6c5d563c78597b1e603f00c292ba",
"timestamp": 1686149856
},
{
"file_size": 10867247,
"file_type": "Document/None/PDF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 615042,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2517009,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "80ac906fe3153d272625e4cfd0e953d01dabc718",
"timestamp": 1686149858
},
{
"file_size": 10867247,
"file_type": "Document/None/PDF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 615042,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2517009,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "80ac906fe3153d272625e4cfd0e953d01dabc718",
"timestamp": 1686149858
},
{
"file_size": 10866832,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2275907,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2454431,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6d61d48bbadf3a5eaeec617653c64493c03abc48",
"timestamp": 1686149861
},
{
"file_size": 10866832,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2275907,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2454431,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6d61d48bbadf3a5eaeec617653c64493c03abc48",
"timestamp": 1686149861
},
{
"file_size": 5101876,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 2341502,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "e846d1ab898e95541e6682720022dfb7433b42a1",
"timestamp": 1686149862
},
{
"file_size": 1200556,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 908895,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1200168,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a7c06c5ff0f929a52d7d9e88315d9dd6109a7939",
"timestamp": 1686149867
},
{
"file_size": 1200556,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 908895,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1200168,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a7c06c5ff0f929a52d7d9e88315d9dd6109a7939",
"timestamp": 1686149867
},
{
"file_size": 94208,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 52375,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 54543,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7",
"timestamp": 1686149871
},
{
"file_size": 94208,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 52375,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 54543,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7",
"timestamp": 1686149871
},
{
"file_size": 4403680,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1070028,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1569453,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "388bf96870666f99c68015c72e470b96afe330b6",
"timestamp": 1686149876
},
{
"file_size": 4403680,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1070028,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1569453,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "388bf96870666f99c68015c72e470b96afe330b6",
"timestamp": 1686149876
},
{
"file_size": 124306,
"file_type": "Document/None/RTF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 56115,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 55176,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0c88ebb87d1db36ec61990b11b9046d8bfc84249",
"timestamp": 1686149876
},
{
"file_size": 124306,
"file_type": "Document/None/RTF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 56115,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 55176,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0c88ebb87d1db36ec61990b11b9046d8bfc84249",
"timestamp": 1686149876
},
{
"file_size": 7532560,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5242377,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6199698,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b",
"timestamp": 1686149880
},
{
"file_size": 7532560,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5242377,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6199698,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b",
"timestamp": 1686149880
},
{
"file_size": 89227939,
"file_type": "PE+/Exe/SetupFactory",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 3721968,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "14f646a4c56d4a6908589ff38cfbc8904fef7ffd",
"timestamp": 1686149881
},
{
"file_size": 23765288,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 23568888,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12392190,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7",
"timestamp": 1686149882
},
{
"file_size": 23765288,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 12386158,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7",
"timestamp": 1686149882
},
{
"file_size": 23765288,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 23568888,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12392190,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7",
"timestamp": 1686149882
},
{
"file_size": 83456,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3807,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4722,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "08d52dd79c4506e569f6b44dd040c7666e1c990a",
"timestamp": 1686149884
},
{
"file_size": 83456,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3807,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4722,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "08d52dd79c4506e569f6b44dd040c7666e1c990a",
"timestamp": 1686149884
},
{
"file_size": 18747429,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1790351,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 434614,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9315db8fd8e974ed3f32fed4af2a87950051db31",
"timestamp": 1686149884
},
{
"file_size": 18747429,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1790351,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 434614,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9315db8fd8e974ed3f32fed4af2a87950051db31",
"timestamp": 1686149884
},
{
"file_size": 7971248,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6010248,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5922837,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7c0467942d6e3a17cb46f80485735703971be951",
"timestamp": 1686149899
},
{
"file_size": 7971248,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6010248,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5922837,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7c0467942d6e3a17cb46f80485735703971be951",
"timestamp": 1686149899
},
{
"file_size": 8746736,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6663701,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6518302,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c3905032ee58bd7252bfea670af4fae789ee65bc",
"timestamp": 1686149904
},
{
"file_size": 8746736,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6663701,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6518302,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c3905032ee58bd7252bfea670af4fae789ee65bc",
"timestamp": 1686149904
},
{
"file_size": 29495534,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7777152,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14315453,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5448598e37f1525d59dbde93ed3226c699591660",
"timestamp": 1686149907
},
{
"file_size": 29495534,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 23706990,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "5448598e37f1525d59dbde93ed3226c699591660",
"timestamp": 1686149907
},
{
"file_size": 29495534,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7777152,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14315453,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5448598e37f1525d59dbde93ed3226c699591660",
"timestamp": 1686149907
},
{
"file_size": 20208408,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8042295,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9983725,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1274f648fbf7ec60f349f91426520d5fed741a75",
"timestamp": 1686149911
},
{
"file_size": 20208408,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8042295,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9983725,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1274f648fbf7ec60f349f91426520d5fed741a75",
"timestamp": 1686149911
},
{
"file_size": 9360804,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6623554,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6393329,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a32a21cc68347f914640067d66a8eb9f3d718f97",
"timestamp": 1686149912
},
{
"file_size": 9360804,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6623554,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6393329,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a32a21cc68347f914640067d66a8eb9f3d718f97",
"timestamp": 1686149912
},
{
"file_size": 22696990,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 273776,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2310626,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2ee61b0db428bd1943c0a3a23fa9657bdbae4525",
"timestamp": 1686149917
},
{
"file_size": 22696990,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 273776,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2310626,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2ee61b0db428bd1943c0a3a23fa9657bdbae4525",
"timestamp": 1686149917
},
{
"file_size": 45056,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26775,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7215,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4a2a97a3ccc4f69e4369540afa9621517b61a70d",
"timestamp": 1686149924
},
{
"file_size": 45056,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26775,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7215,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4a2a97a3ccc4f69e4369540afa9621517b61a70d",
"timestamp": 1686149924
},
{
"file_size": 8178116,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5952245,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6078981,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6187f8a655a0c8d63f7c0d0159ec48faf3926397",
"timestamp": 1686149926
},
{
"file_size": 8178116,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5952245,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6078981,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6187f8a655a0c8d63f7c0d0159ec48faf3926397",
"timestamp": 1686149926
},
{
"file_size": 118949,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27159,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48713,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "010536c2287998f486647077d5f5f4cb14216f21",
"timestamp": 1686149928
},
{
"file_size": 118949,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27159,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48713,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "010536c2287998f486647077d5f5f4cb14216f21",
"timestamp": 1686149928
},
{
"file_size": 4397292,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1070008,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1563324,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "28104c2b1121a331071889a8285f18e4e5fa857e",
"timestamp": 1686149932
},
{
"file_size": 4397292,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1070008,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1563324,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "28104c2b1121a331071889a8285f18e4e5fa857e",
"timestamp": 1686149932
},
{
"file_size": 1126838,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 67755,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 301561,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",
"timestamp": 1686149932
},
{
"file_size": 1126838,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 67755,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 301561,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",
"timestamp": 1686149932
},
{
"file_size": 5742,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1420,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1478,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "784251aee0035f509d9a59f46a7854e3156eb1e8",
"timestamp": 1686149932
},
{
"file_size": 5742,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1420,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1478,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "784251aee0035f509d9a59f46a7854e3156eb1e8",
"timestamp": 1686149932
},
{
"file_size": 8342696,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5758241,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6719849,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1a5599d9ac6637d73e45a008eb13963a43a42de5",
"timestamp": 1686149933
},
{
"file_size": 8342696,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5758241,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6719849,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1a5599d9ac6637d73e45a008eb13963a43a42de5",
"timestamp": 1686149933
},
{
"file_size": 10935924,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7358335,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7658163,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ad38d8e905018d8214d3d086a5314bc8baf530f0",
"timestamp": 1686149935
},
{
"file_size": 10935924,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7358335,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7658163,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ad38d8e905018d8214d3d086a5314bc8baf530f0",
"timestamp": 1686149935
},
{
"file_size": 9367552,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3032179,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 699012,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd",
"timestamp": 1686149936
},
{
"file_size": 9367552,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3032179,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 699012,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd",
"timestamp": 1686149936
},
{
"file_size": 5615616,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 684425,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1855040,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "27177a9974cf5e51e406dfc565abec4323a7f460",
"timestamp": 1686149938
},
{
"file_size": 5615616,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 684425,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1855040,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "27177a9974cf5e51e406dfc565abec4323a7f460",
"timestamp": 1686149938
},
{
"file_size": 12587776,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1885979,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1879584,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "61f1d317d4b637547328d7bbd8db162332ffca96",
"timestamp": 1686149941
},
{
"file_size": 12587776,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1885979,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1879584,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "61f1d317d4b637547328d7bbd8db162332ffca96",
"timestamp": 1686149941
},
{
"file_size": 15528080,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7666937,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9603001,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "90006a605fefb15ef0e3ee3a7913e4e3085aa910",
"timestamp": 1686149943
},
{
"file_size": 15528080,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7666937,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9603001,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "90006a605fefb15ef0e3ee3a7913e4e3085aa910",
"timestamp": 1686149943
},
{
"file_size": 61198027,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3493267,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 59650081,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "81fdd91f2f3ad757beaa4e99d1e696fe216572a7",
"timestamp": 1686149946
},
{
"file_size": 61198027,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3493267,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 59650081,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "81fdd91f2f3ad757beaa4e99d1e696fe216572a7",
"timestamp": 1686149946
},
{
"file_size": 92550,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29380,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50934,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "11e37775d188125698553bb54b92212db30c9868",
"timestamp": 1686149952
},
{
"file_size": 92550,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29380,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50934,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "11e37775d188125698553bb54b92212db30c9868",
"timestamp": 1686149952
},
{
"file_size": 15909007,
"file_type": "PE+/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1572203,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4403826,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3044d17533125b0e81479c13a3938c5f680945dd",
"timestamp": 1686149952
},
{
"file_size": 15909007,
"file_type": "PE+/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1572203,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4403826,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3044d17533125b0e81479c13a3938c5f680945dd",
"timestamp": 1686149952
},
{
"file_size": 7030588,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4138419,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3925485,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3e781f619085938c400ef62d124e1c160d8e606d",
"timestamp": 1686149953
},
{
"file_size": 7030588,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4138419,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3925485,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3e781f619085938c400ef62d124e1c160d8e606d",
"timestamp": 1686149953
},
{
"file_size": 7891860,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5936181,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6065613,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9672712486f68f6ef3fa5ea1051a488652768782",
"timestamp": 1686149956
},
{
"file_size": 7891860,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5936181,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6065613,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9672712486f68f6ef3fa5ea1051a488652768782",
"timestamp": 1686149956
},
{
"file_size": 1126838,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 67755,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 301561,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",
"timestamp": 1686149974
},
{
"file_size": 1126838,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 67755,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 301561,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",
"timestamp": 1686149974
},
{
"file_size": 58853069,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 453396,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 422866,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7f61bf37ba7a45b4d9686384db4cccec61f67c47",
"timestamp": 1686149975
},
{
"file_size": 58853069,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 453396,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 422866,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7f61bf37ba7a45b4d9686384db4cccec61f67c47",
"timestamp": 1686149975
},
{
"file_size": 80896,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3807,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4617,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6fc8b4b91789e00438dc40c306b51a4cb607eb8d",
"timestamp": 1686149975
},
{
"file_size": 80896,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3807,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4617,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6fc8b4b91789e00438dc40c306b51a4cb607eb8d",
"timestamp": 1686149975
},
{
"file_size": 4090442,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2966063,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3005572,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a9102e50f879a876bcde1a65ed9e66061345af38",
"timestamp": 1686149977
},
{
"file_size": 4090442,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2966063,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3005572,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a9102e50f879a876bcde1a65ed9e66061345af38",
"timestamp": 1686149977
},
{
"file_size": 11287504,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9611205,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9336911,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "855439438fa49547ac12bdf953b32f72c719b2c9",
"timestamp": 1686149980
},
{
"file_size": 11287504,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9611205,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9336911,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "855439438fa49547ac12bdf953b32f72c719b2c9",
"timestamp": 1686149980
},
{
"file_size": 51580195,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 192859,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1055775,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "aa57da659dd7d00cce7d1435bfc8459087f51b6f",
"timestamp": 1686149983
},
{
"file_size": 51580195,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 192859,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1055775,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "aa57da659dd7d00cce7d1435bfc8459087f51b6f",
"timestamp": 1686149983
},
{
"file_size": 52603562,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5081683,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48790340,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7b645c555f2208a68b7d6aff201736b6e111d3cc",
"timestamp": 1686149989
},
{
"file_size": 52603562,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5081683,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48790340,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7b645c555f2208a68b7d6aff201736b6e111d3cc",
"timestamp": 1686149989
},
{
"file_size": 12364752,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10579965,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10306863,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6c745b37d30bdc06e8ace8b4189538403c4d5c8a",
"timestamp": 1686149991
},
{
"file_size": 12364752,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10579965,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10306863,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6c745b37d30bdc06e8ace8b4189538403c4d5c8a",
"timestamp": 1686149991
},
{
"file_size": 113599,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28965,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50276,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c797c0ed6564a46ae0ac9973f2b97411dbac4754",
"timestamp": 1686149993
},
{
"file_size": 113599,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28965,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50276,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c797c0ed6564a46ae0ac9973f2b97411dbac4754",
"timestamp": 1686149993
},
{
"file_size": 8720028,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6232135,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6035292,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a12a22c2b0ecdbeb2f98a592328068591520225e",
"timestamp": 1686149993
},
{
"file_size": 8720028,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6232135,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6035292,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a12a22c2b0ecdbeb2f98a592328068591520225e",
"timestamp": 1686149993
},
{
"file_size": 11722184,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10006757,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9731199,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d824b4da35e0527c04c91b45111790421e0df9c3",
"timestamp": 1686149993
},
{
"file_size": 11722184,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10006757,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9731199,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d824b4da35e0527c04c91b45111790421e0df9c3",
"timestamp": 1686149993
},
{
"file_size": 1647430,
"file_type": "Document/None/RTF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1504890,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1514081,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d416c83fd8bc78cc77ef30a8e5543b59f8b58f90",
"timestamp": 1686150001
},
{
"file_size": 1647430,
"file_type": "Document/None/RTF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1504890,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1514081,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d416c83fd8bc78cc77ef30a8e5543b59f8b58f90",
"timestamp": 1686150001
},
{
"file_size": 8185068,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1729023,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1836665,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a470d52b3da243f0a6e4f29990910c15fe877260",
"timestamp": 1686150003
},
{
"file_size": 8185068,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1729023,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1836665,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a470d52b3da243f0a6e4f29990910c15fe877260",
"timestamp": 1686150003
},
{
"file_size": 9058488,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2024065,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2076599,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "28cb515f6029996c620d90852ac18089b1ded110",
"timestamp": 1686150004
},
{
"file_size": 9058488,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2024065,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2076599,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "28cb515f6029996c620d90852ac18089b1ded110",
"timestamp": 1686150004
},
{
"file_size": 6957242,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1535249,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2867970,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "936ed9f8b5e106db89d568cdd6cf0d3768e35e8a",
"timestamp": 1686150005
},
{
"file_size": 6957242,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1535249,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2867970,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "936ed9f8b5e106db89d568cdd6cf0d3768e35e8a",
"timestamp": 1686150005
},
{
"file_size": 11402192,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9748709,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9479007,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "67bf7558493de43e5248d5c3fb0eff9ebe15e025",
"timestamp": 1686150005
},
{
"file_size": 11402192,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9748709,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9479007,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "67bf7558493de43e5248d5c3fb0eff9ebe15e025",
"timestamp": 1686150005
},
{
"file_size": 3560827,
"file_type": "ELF64 Little/SO",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 134236,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3282561,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "09a2f81add6a24707bf53b87fc35649648d83d84",
"timestamp": 1686150008
},
{
"file_size": 3560827,
"file_type": "ELF64 Little/SO",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 134236,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3282561,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "09a2f81add6a24707bf53b87fc35649648d83d84",
"timestamp": 1686150008
},
{
"file_size": 24621335,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1120542,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1090012,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "42b2ae12dea46ea047d05762919e9b4bfe5ef788",
"timestamp": 1686150010
},
{
"file_size": 24621335,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1120542,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1090012,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "42b2ae12dea46ea047d05762919e9b4bfe5ef788",
"timestamp": 1686150010
},
{
"file_size": 27294631,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2867337,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5192795,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fadcba6ae6a7d80804672d39716caf6d6b236548",
"timestamp": 1686150010
},
{
"file_size": 27294631,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2867337,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5192795,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fadcba6ae6a7d80804672d39716caf6d6b236548",
"timestamp": 1686150010
},
{
"file_size": 563708,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 71256,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13295,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ec4ae655adbbb3805d80b71db833024062f40a30",
"timestamp": 1686150022
},
{
"file_size": 563708,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 71256,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13295,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ec4ae655adbbb3805d80b71db833024062f40a30",
"timestamp": 1686150022
},
{
"file_size": 23674771,
"file_type": "PE/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1113582,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 898210,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c3b9b20d2b059c554bfedcf02f7e20a78ea0b634",
"timestamp": 1686150029
},
{
"file_size": 23674771,
"file_type": "PE/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1113582,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 898210,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c3b9b20d2b059c554bfedcf02f7e20a78ea0b634",
"timestamp": 1686150029
},
{
"file_size": 8696352,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6448188,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5556020,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8c6478d4da8936bbd1c41d55d627e5947f350a3c",
"timestamp": 1686150030
},
{
"file_size": 8696352,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6448188,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5556020,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8c6478d4da8936bbd1c41d55d627e5947f350a3c",
"timestamp": 1686150030
},
{
"file_size": 89737,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27489,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49043,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ea0cd712f5841da8a42c88b5531580a67a46606d",
"timestamp": 1686150040
},
{
"file_size": 89737,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27489,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49043,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ea0cd712f5841da8a42c88b5531580a67a46606d",
"timestamp": 1686150040
},
{
"file_size": 7919852,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5071035,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5906334,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "639f26fcdf4cf23f537da436e579d7642bb88a34",
"timestamp": 1686150042
},
{
"file_size": 7919852,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5071035,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5906334,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "639f26fcdf4cf23f537da436e579d7642bb88a34",
"timestamp": 1686150042
},
{
"file_size": 4740152,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3564800,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3647079,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0e2b28a93eb1a6028a450f2d0fb17b8a4142c838",
"timestamp": 1686150044
},
{
"file_size": 4740152,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3564800,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3647079,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0e2b28a93eb1a6028a450f2d0fb17b8a4142c838",
"timestamp": 1686150044
},
{
"file_size": 8722544,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6754191,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7446396,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "11da04c21b47ff12ad322a6b23556b240c57e132",
"timestamp": 1686150045
},
{
"file_size": 8722544,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6754191,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7446396,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "11da04c21b47ff12ad322a6b23556b240c57e132",
"timestamp": 1686150045
},
{
"file_size": 3826214,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 68922,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3251864,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "57e01329fd57cdf43d48e6126dcb04a9a649f486",
"timestamp": 1686150045
},
{
"file_size": 3826214,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 68922,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3251864,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "57e01329fd57cdf43d48e6126dcb04a9a649f486",
"timestamp": 1686150045
},
{
"file_size": 90401,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 30206,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51760,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "eb539586df1f83a1ad6a46578ae93af47d28e583",
"timestamp": 1686150050
},
{
"file_size": 90401,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 30206,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51760,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "eb539586df1f83a1ad6a46578ae93af47d28e583",
"timestamp": 1686150050
},
{
"file_size": 5196432,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1774761,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1594184,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0dfbab7b39fe2df27cc3c450a33703e862548e7c",
"timestamp": 1686150050
},
{
"file_size": 5196432,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1774761,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1594184,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0dfbab7b39fe2df27cc3c450a33703e862548e7c",
"timestamp": 1686150050
},
{
"file_size": 88693,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25563,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 47117,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4f0abfde4499ca4265efaa76240165eeec26ae9c",
"timestamp": 1686150055
},
{
"file_size": 88693,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25563,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 47117,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4f0abfde4499ca4265efaa76240165eeec26ae9c",
"timestamp": 1686150055
},
{
"file_size": 3114071,
"file_type": "ELF32 Little/SO",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 104418,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2618650,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e99fb966b75da3eb02a16fcac3b36c3a9194b857",
"timestamp": 1686150056
},
{
"file_size": 3114071,
"file_type": "ELF32 Little/SO",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 104418,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2618650,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e99fb966b75da3eb02a16fcac3b36c3a9194b857",
"timestamp": 1686150056
},
{
"file_size": 28120902,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 22260169,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 27281148,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0ac06711934890049220bec85d224ca6a69a4abf",
"timestamp": 1686150060
},
{
"file_size": 28120902,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 22260169,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 27281148,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0ac06711934890049220bec85d224ca6a69a4abf",
"timestamp": 1686150060
},
{
"file_size": 28328686,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6610304,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13148605,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9",
"timestamp": 1686150077
},
{
"file_size": 28328686,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6610304,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13148605,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9",
"timestamp": 1686150077
},
{
"file_size": 28328686,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 22540142,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9",
"timestamp": 1686150077
},
{
"file_size": 18271076,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 273776,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4064513,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8efe34081ab998e156e537df4da387b0a4bd7f08",
"timestamp": 1686150078
},
{
"file_size": 18271076,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 273776,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4064513,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8efe34081ab998e156e537df4da387b0a4bd7f08",
"timestamp": 1686150078
},
{
"file_size": 28018926,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6300544,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12838845,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116",
"timestamp": 1686150083
},
{
"file_size": 28018926,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 22230382,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116",
"timestamp": 1686150083
},
{
"file_size": 28018926,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6300544,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12838845,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116",
"timestamp": 1686150083
},
{
"file_size": 27306734,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5588352,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12126653,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "32c438b9048acb085fda9bd828fe370804e83b5c",
"timestamp": 1686150084
},
{
"file_size": 27306734,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5588352,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12126653,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "32c438b9048acb085fda9bd828fe370804e83b5c",
"timestamp": 1686150084
},
{
"file_size": 27306734,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 21518190,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "32c438b9048acb085fda9bd828fe370804e83b5c",
"timestamp": 1686150084
},
{
"file_size": 81650,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16951,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 39263,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "37b6ec97243b59e031215a7c79c76bd535c94a11",
"timestamp": 1686150090
},
{
"file_size": 81650,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 16951,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 39263,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "37b6ec97243b59e031215a7c79c76bd535c94a11",
"timestamp": 1686150090
},
{
"file_size": 181777,
"file_type": "Document/None/PDF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9977,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8279,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8e5698b6c99e84ef251da396e57801eea4d4a7e0",
"timestamp": 1686150096
},
{
"file_size": 181777,
"file_type": "Document/None/PDF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9977,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8279,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8e5698b6c99e84ef251da396e57801eea4d4a7e0",
"timestamp": 1686150096
},
{
"file_size": 271360,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 119107,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 118595,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2b1c1ebb77a69accf7ade4a6656a229a8236da23",
"timestamp": 1686150101
},
{
"file_size": 271360,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 119107,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 118595,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2b1c1ebb77a69accf7ade4a6656a229a8236da23",
"timestamp": 1686150101
},
{
"file_size": 583414,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 304758,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 30495,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c90a2097bb3ef3b7782b569aad3a7a402c40ece6",
"timestamp": 1686150102
},
{
"file_size": 583414,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 304758,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 30495,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c90a2097bb3ef3b7782b569aad3a7a402c40ece6",
"timestamp": 1686150102
},
{
"file_size": 5011956,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3830891,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4122073,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bceeab17f46e635c4d2d8e83ba98fc53d3b94409",
"timestamp": 1686150104
},
{
"file_size": 5011956,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3830891,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4122073,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bceeab17f46e635c4d2d8e83ba98fc53d3b94409",
"timestamp": 1686150104
},
{
"file_size": 22521,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 17697,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 22133,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7370d7caf811dc3fb9b8ded4fb3a23d36997253d",
"timestamp": 1686150104
},
{
"file_size": 22521,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 17697,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 22133,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7370d7caf811dc3fb9b8ded4fb3a23d36997253d",
"timestamp": 1686150104
},
{
"file_size": 7701312,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5240872,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6126943,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "af1458eda29940c81e42bf6a11d689b9363a575b",
"timestamp": 1686150107
},
{
"file_size": 7701312,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5240872,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6126943,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "af1458eda29940c81e42bf6a11d689b9363a575b",
"timestamp": 1686150107
},
{
"file_size": 8298484,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1572183,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2680377,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "99047e1bf6e16b647f124db80faf90d91947643e",
"timestamp": 1686150109
},
{
"file_size": 8298484,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1572183,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2680377,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "99047e1bf6e16b647f124db80faf90d91947643e",
"timestamp": 1686150109
},
{
"file_size": 105267,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 849,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 30630,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "891e13aa1d764808d787be69ae3e8188345891ed",
"timestamp": 1686150115
},
{
"file_size": 105267,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 849,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 30630,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "891e13aa1d764808d787be69ae3e8188345891ed",
"timestamp": 1686150115
},
{
"file_size": 6390588,
"file_type": "PE+/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3498419,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3285485,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "732c2810e0cecccdfbcf3a052753060d8158643d",
"timestamp": 1686150119
},
{
"file_size": 6390588,
"file_type": "PE+/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3498419,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3285485,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "732c2810e0cecccdfbcf3a052753060d8158643d",
"timestamp": 1686150119
},
{
"file_size": 102498470,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26303220,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 15358931,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "89f539a36777589582b45b5ab3f1c4b8c392a519",
"timestamp": 1686150124
},
{
"file_size": 102498470,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26303220,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 15358931,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "89f539a36777589582b45b5ab3f1c4b8c392a519",
"timestamp": 1686150124
},
{
"file_size": 223744,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 21284,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 15037,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d",
"timestamp": 1686150124
},
{
"file_size": 223744,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 21284,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 15037,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d",
"timestamp": 1686150124
},
{
"file_size": 34840,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1586,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 20241,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "247dda310be523a670399ce08ac7576eeffceba9",
"timestamp": 1686150127
},
{
"file_size": 34840,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1586,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 20241,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "247dda310be523a670399ce08ac7576eeffceba9",
"timestamp": 1686150127
},
{
"file_size": 97689,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 34565,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 56119,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ce2fbbb268352f30e63708658a895b55d5994a21",
"timestamp": 1686150127
},
{
"file_size": 97689,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 34565,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 56119,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ce2fbbb268352f30e63708658a895b55d5994a21",
"timestamp": 1686150127
},
{
"file_size": 608019,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 120997,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 179775,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5",
"timestamp": 1686150128
},
{
"file_size": 608019,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 120997,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 179775,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5",
"timestamp": 1686150128
},
{
"file_size": 7109996,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5978050,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4853648,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2a354db1cbe01973b6ea523d0842327ddafc17b8",
"timestamp": 1686150129
},
{
"file_size": 7109996,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5978050,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4853648,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2a354db1cbe01973b6ea523d0842327ddafc17b8",
"timestamp": 1686150129
},
{
"file_size": 11060751,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 208731,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4067711,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d328639db252e6882cde55b4d96fb6c6917ce647",
"timestamp": 1686150135
},
{
"file_size": 11060751,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 208731,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4067711,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d328639db252e6882cde55b4d96fb6c6917ce647",
"timestamp": 1686150135
},
{
"file_size": 102034,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31083,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 52637,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9d13375b63610249a16e7eec10b2be064c7097f7",
"timestamp": 1686150136
},
{
"file_size": 102034,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31083,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 52637,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9d13375b63610249a16e7eec10b2be064c7097f7",
"timestamp": 1686150136
},
{
"file_size": 24915182,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 19126638,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2",
"timestamp": 1686150137
},
{
"file_size": 24915182,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3196800,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9735101,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2",
"timestamp": 1686150137
},
{
"file_size": 24915182,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3196800,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9735101,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2",
"timestamp": 1686150137
},
{
"file_size": 26192622,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 20404078,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb",
"timestamp": 1686150137
},
{
"file_size": 26192622,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4474240,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11012541,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb",
"timestamp": 1686150137
},
{
"file_size": 26192622,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4474240,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11012541,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb",
"timestamp": 1686150137
},
{
"file_size": 26345710,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 20557166,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "d6d554d74fdfd98418b8fa34338056708291599e",
"timestamp": 1686150137
},
{
"file_size": 26345710,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4627328,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11165629,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d6d554d74fdfd98418b8fa34338056708291599e",
"timestamp": 1686150137
},
{
"file_size": 26345710,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4627328,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11165629,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d6d554d74fdfd98418b8fa34338056708291599e",
"timestamp": 1686150137
},
{
"file_size": 25406702,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3688320,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10226621,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f",
"timestamp": 1686150137
},
{
"file_size": 25406702,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3688320,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10226621,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f",
"timestamp": 1686150137
},
{
"file_size": 25406702,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 19618158,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f",
"timestamp": 1686150137
},
{
"file_size": 25241838,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 19453294,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443",
"timestamp": 1686150138
},
{
"file_size": 25241838,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3523456,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10061757,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443",
"timestamp": 1686150138
},
{
"file_size": 25241838,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3523456,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10061757,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443",
"timestamp": 1686150138
},
{
"file_size": 27273966,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 21485422,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0",
"timestamp": 1686150138
},
{
"file_size": 27273966,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5555584,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12093885,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0",
"timestamp": 1686150138
},
{
"file_size": 27273966,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5555584,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12093885,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0",
"timestamp": 1686150138
},
{
"file_size": 26257134,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4538752,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11077053,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bbda585b97e741d2fb638684255a0c49daafadac",
"timestamp": 1686150138
},
{
"file_size": 26257134,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 20468590,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "bbda585b97e741d2fb638684255a0c49daafadac",
"timestamp": 1686150138
},
{
"file_size": 26257134,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4538752,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11077053,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bbda585b97e741d2fb638684255a0c49daafadac",
"timestamp": 1686150138
},
{
"file_size": 4620288,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2649834,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2685878,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "102d0b298f078b7d115083307e4ca0ed1bcbd134",
"timestamp": 1686150138
},
{
"file_size": 4620288,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2649834,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2685878,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "102d0b298f078b7d115083307e4ca0ed1bcbd134",
"timestamp": 1686150138
},
{
"file_size": 489616,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 38581,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 22168,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "32de67e7b17be1d18964e2086362b34f3c7b3575",
"timestamp": 1686150138
},
{
"file_size": 489616,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 38581,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 22168,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "32de67e7b17be1d18964e2086362b34f3c7b3575",
"timestamp": 1686150138
},
{
"file_size": 33862,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26439,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23818,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "40caa9fe8fa64c0f9ba67298941a34d042cff179",
"timestamp": 1686150138
},
{
"file_size": 33862,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26439,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23818,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "40caa9fe8fa64c0f9ba67298941a34d042cff179",
"timestamp": 1686150138
},
{
"file_size": 85008,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27891,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49445,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "37c285df8d320279049afa0c23fa334a3bbeda77",
"timestamp": 1686150139
},
{
"file_size": 85008,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27891,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49445,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "37c285df8d320279049afa0c23fa334a3bbeda77",
"timestamp": 1686150139
},
{
"file_size": 27974382,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 22185838,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457",
"timestamp": 1686150139
},
{
"file_size": 27974382,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6256000,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12794301,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457",
"timestamp": 1686150139
},
{
"file_size": 27974382,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6256000,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12794301,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457",
"timestamp": 1686150139
},
{
"file_size": 28105966,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6387584,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12925885,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003",
"timestamp": 1686150139
},
{
"file_size": 28105966,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 22317422,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003",
"timestamp": 1686150139
},
{
"file_size": 28105966,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6387584,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12925885,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003",
"timestamp": 1686150139
},
{
"file_size": 29250286,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7531904,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14070205,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec",
"timestamp": 1686150140
},
{
"file_size": 29250286,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7531904,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14070205,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec",
"timestamp": 1686150140
},
{
"file_size": 29250286,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 23461742,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec",
"timestamp": 1686150140
},
{
"file_size": 58288120,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 41036824,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23548621,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c9812fa79f7c7d3a61f8ed156a3f9047aba84256",
"timestamp": 1686150140
},
{
"file_size": 58288120,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 41036824,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 23548621,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c9812fa79f7c7d3a61f8ed156a3f9047aba84256",
"timestamp": 1686150140
},
{
"file_size": 27151086,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5432704,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11971005,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0",
"timestamp": 1686150140
},
{
"file_size": 27151086,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5432704,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11971005,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0",
"timestamp": 1686150140
},
{
"file_size": 27151086,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 21362542,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0",
"timestamp": 1686150140
},
{
"file_size": 25467630,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3749248,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10287549,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "54553aa667794ecaf466add2eb68115e655bb142",
"timestamp": 1686150142
},
{
"file_size": 25467630,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3749248,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10287549,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "54553aa667794ecaf466add2eb68115e655bb142",
"timestamp": 1686150142
},
{
"file_size": 25467630,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 19679086,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "54553aa667794ecaf466add2eb68115e655bb142",
"timestamp": 1686150142
},
{
"file_size": 24958190,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3239808,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9778109,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe",
"timestamp": 1686150142
},
{
"file_size": 24958190,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 19169646,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe",
"timestamp": 1686150142
},
{
"file_size": 24958190,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3239808,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9778109,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe",
"timestamp": 1686150142
},
{
"file_size": 22632960,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12832781,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17325113,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d9470e93a7f0471df16a93a2df001e35f383b358",
"timestamp": 1686150143
},
{
"file_size": 22632960,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12832781,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17325113,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d9470e93a7f0471df16a93a2df001e35f383b358",
"timestamp": 1686150143
},
{
"file_size": 28521710,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6803328,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13341629,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff",
"timestamp": 1686150146
},
{
"file_size": 28521710,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 22733166,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff",
"timestamp": 1686150146
},
{
"file_size": 28521710,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6803328,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13341629,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff",
"timestamp": 1686150146
},
{
"file_size": 28730094,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7011712,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13550013,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "722d9445761cedf9cf95b00a27484c98b198a087",
"timestamp": 1686150147
},
{
"file_size": 28730094,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 22941550,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "722d9445761cedf9cf95b00a27484c98b198a087",
"timestamp": 1686150147
},
{
"file_size": 28730094,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7011712,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13550013,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "722d9445761cedf9cf95b00a27484c98b198a087",
"timestamp": 1686150147
},
{
"file_size": 19508784,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 14359504,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16198715,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",
"timestamp": 1686150151
},
{
"file_size": 19508784,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 14359504,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16198715,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",
"timestamp": 1686150151
},
{
"file_size": 134656,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4983,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3404,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44",
"timestamp": 1686150153
},
{
"file_size": 134656,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4983,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3404,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44",
"timestamp": 1686150153
},
{
"file_size": 123956,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 35591,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 57145,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4151684c657f55df0fbcf6f23e4ff59a3d434933",
"timestamp": 1686150154
},
{
"file_size": 123956,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 35591,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 57145,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4151684c657f55df0fbcf6f23e4ff59a3d434933",
"timestamp": 1686150154
},
{
"file_size": 89099,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27245,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48799,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6",
"timestamp": 1686150158
},
{
"file_size": 89099,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27245,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48799,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6",
"timestamp": 1686150158
},
{
"file_size": 526968,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 46,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 656,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9a1f873e7ca75688bb3ecf3538c673994ea8f06e",
"timestamp": 1686150159
},
{
"file_size": 526968,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 46,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 656,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9a1f873e7ca75688bb3ecf3538c673994ea8f06e",
"timestamp": 1686150159
},
{
"file_size": 3652720,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1101203,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1128397,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "946bccb4633670592563b838e8905d87d32006c9",
"timestamp": 1686150162
},
{
"file_size": 3652720,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1101203,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1128397,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "946bccb4633670592563b838e8905d87d32006c9",
"timestamp": 1686150162
},
{
"file_size": 9176564,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6268070,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7592405,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "30a5cb71610bf97bb780db06d1c3a685558cef60",
"timestamp": 1686150163
},
{
"file_size": 9176564,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6268070,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7592405,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "30a5cb71610bf97bb780db06d1c3a685558cef60",
"timestamp": 1686150163
},
{
"file_size": 6925744,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4923140,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4887861,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c552441469a45b5342205401366537d43dfbf1c3",
"timestamp": 1686150164
},
{
"file_size": 6925744,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4923140,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4887861,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c552441469a45b5342205401366537d43dfbf1c3",
"timestamp": 1686150164
},
{
"file_size": 7991496,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2569503,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3902224,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9f236dccf15907ee09d04f6c8a451bd42b1d4e2d",
"timestamp": 1686150165
},
{
"file_size": 7991496,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2569503,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3902224,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9f236dccf15907ee09d04f6c8a451bd42b1d4e2d",
"timestamp": 1686150165
},
{
"file_size": 5979364,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4057685,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4165750,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "967fcbf4e10d26548398eec462c166d1df722266",
"timestamp": 1686150165
},
{
"file_size": 5979364,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4057685,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4165750,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "967fcbf4e10d26548398eec462c166d1df722266",
"timestamp": 1686150165
},
{
"file_size": 9728028,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6334598,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6463104,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5d2ee739905d5f78b6e31684f3bb92423647692b",
"timestamp": 1686150166
},
{
"file_size": 9728028,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6334598,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6463104,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5d2ee739905d5f78b6e31684f3bb92423647692b",
"timestamp": 1686150166
},
{
"file_size": 8267816,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5914695,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5870746,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bb7e753018fc4b3c1fdc780a364df59d2e566e67",
"timestamp": 1686150167
},
{
"file_size": 8267816,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5914695,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5870746,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bb7e753018fc4b3c1fdc780a364df59d2e566e67",
"timestamp": 1686150167
},
{
"file_size": 6904424,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4921711,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5569145,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "750679ecdaac688baa60e32674e510f60cac2ba1",
"timestamp": 1686150167
},
{
"file_size": 6904424,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4921711,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5569145,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "750679ecdaac688baa60e32674e510f60cac2ba1",
"timestamp": 1686150167
},
{
"file_size": 8668000,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5790672,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5929530,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8d17ecf99008a1800aa77b798c53f75f34db635f",
"timestamp": 1686150167
},
{
"file_size": 8668000,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5790672,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5929530,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8d17ecf99008a1800aa77b798c53f75f34db635f",
"timestamp": 1686150167
},
{
"file_size": 8020420,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1730444,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1955210,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "098c13f1d5cc4b6038d67874cd2340c470047bde",
"timestamp": 1686150168
},
{
"file_size": 8020420,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1730444,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1955210,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "098c13f1d5cc4b6038d67874cd2340c470047bde",
"timestamp": 1686150168
},
{
"file_size": 9653972,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1796540,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1636817,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "683b6403118d4a672e2f31efef768346320c5d5d",
"timestamp": 1686150169
},
{
"file_size": 9653972,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1796540,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1636817,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "683b6403118d4a672e2f31efef768346320c5d5d",
"timestamp": 1686150169
},
{
"file_size": 5534364,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4320126,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4305821,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2627f11c33033737de957cf52cc29297d0810371",
"timestamp": 1686150169
},
{
"file_size": 5534364,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4320126,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4305821,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2627f11c33033737de957cf52cc29297d0810371",
"timestamp": 1686150169
},
{
"file_size": 10148688,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1961186,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2836228,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9834a9b1ff7edf23552ac4e15464a50ced1f90fa",
"timestamp": 1686150170
},
{
"file_size": 10148688,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1961186,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2836228,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9834a9b1ff7edf23552ac4e15464a50ced1f90fa",
"timestamp": 1686150170
},
{
"file_size": 8828660,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6406510,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6382932,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "48bd69a510ba602c73863ad2afb6b1455e858335",
"timestamp": 1686150170
},
{
"file_size": 8828660,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6406510,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6382932,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "48bd69a510ba602c73863ad2afb6b1455e858335",
"timestamp": 1686150170
},
{
"file_size": 6136097,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 3709386,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "5bc8ccc3bfd1b1c9bb5c14f442c70a32efa61a71",
"timestamp": 1686150172
},
{
"file_size": 19905987,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2216386,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1636129,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09",
"timestamp": 1686150174
},
{
"file_size": 19905987,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2216386,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1636129,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09",
"timestamp": 1686150174
},
{
"file_size": 1215488,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 576416,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "059403186f3a5d4832bd7bf3e137ab532076c37c",
"timestamp": 1686150175
},
{
"file_size": 62215476,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25262900,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 53345796,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "af6b75fe56e8568402c36c11a851c31519729d09",
"timestamp": 1686150176
},
{
"file_size": 62215476,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25262900,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 53345796,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "af6b75fe56e8568402c36c11a851c31519729d09",
"timestamp": 1686150176
},
{
"file_size": 62215476,
"file_type": "Binary/Archive/ZIP",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 53626293,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "af6b75fe56e8568402c36c11a851c31519729d09",
"timestamp": 1686150176
},
{
"file_size": 8790228,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5984952,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7594298,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "791352f0f97961d04505e72dbbc4c90521823212",
"timestamp": 1686150176
},
{
"file_size": 8790228,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5984952,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7594298,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "791352f0f97961d04505e72dbbc4c90521823212",
"timestamp": 1686150176
},
{
"file_size": 3970896,
"file_type": "PE/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1384326,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3217764,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "739c8e7a85bf46ced7d5926d46f5327b03c13e39",
"timestamp": 1686150177
},
{
"file_size": 3970896,
"file_type": "PE/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1384326,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3217764,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "739c8e7a85bf46ced7d5926d46f5327b03c13e39",
"timestamp": 1686150177
},
{
"file_size": 370759,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 120638,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "d15409e85cbcd767078d35da6402415a8786b261",
"timestamp": 1686150178
},
{
"file_size": 19508784,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 14359504,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16198715,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",
"timestamp": 1686150178
},
{
"file_size": 19508784,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 14359504,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16198715,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",
"timestamp": 1686150178
},
{
"file_size": 9376260,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6790310,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7997401,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "69b79a4acbecc8d616965ccde616fbed0bce6bb6",
"timestamp": 1686150180
},
{
"file_size": 9376260,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6790310,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7997401,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "69b79a4acbecc8d616965ccde616fbed0bce6bb6",
"timestamp": 1686150180
},
{
"file_size": 25092884,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3544155,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3318615,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0061d1045777f0d4ffa785a37224981e663cadef",
"timestamp": 1686150187
},
{
"file_size": 25092884,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3544155,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3318615,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0061d1045777f0d4ffa785a37224981e663cadef",
"timestamp": 1686150187
},
{
"file_size": 29217518,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 23428974,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0",
"timestamp": 1686150197
},
{
"file_size": 29217518,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7499136,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14037437,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0",
"timestamp": 1686150197
},
{
"file_size": 29217518,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7499136,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14037437,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0",
"timestamp": 1686150197
},
{
"file_size": 29422318,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7703936,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14242237,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594",
"timestamp": 1686150197
},
{
"file_size": 29422318,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 23633774,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594",
"timestamp": 1686150197
},
{
"file_size": 29422318,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7703936,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14242237,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594",
"timestamp": 1686150197
},
{
"file_size": 25040110,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3321728,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9860029,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229",
"timestamp": 1686150199
},
{
"file_size": 25040110,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 19251566,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229",
"timestamp": 1686150199
},
{
"file_size": 25040110,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3321728,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 9860029,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229",
"timestamp": 1686150199
},
{
"file_size": 28910318,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7191936,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13730237,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64",
"timestamp": 1686150200
},
{
"file_size": 28910318,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7191936,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 13730237,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64",
"timestamp": 1686150200
},
{
"file_size": 28910318,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 23121774,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64",
"timestamp": 1686150200
},
{
"file_size": 32130008,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 977110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 761738,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5",
"timestamp": 1686150201
},
{
"file_size": 32130008,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 977110,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 761738,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5",
"timestamp": 1686150201
},
{
"file_size": 66892302,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3139247,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2558990,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5e440414494a26e2ee213b9b681d867ad39b9f80",
"timestamp": 1686150214
},
{
"file_size": 66892302,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3139247,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2558990,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5e440414494a26e2ee213b9b681d867ad39b9f80",
"timestamp": 1686150214
},
{
"file_size": 166833664,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 143364306,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 146750644,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6adeec98314a2649c39350736d889cd272a391b8",
"timestamp": 1686150221
},
{
"file_size": 166833664,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 143364306,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 146750644,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6adeec98314a2649c39350736d889cd272a391b8",
"timestamp": 1686150221
},
{
"file_size": 138356736,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 113475200,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 116917070,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "eb3c36c843befc50091898fb978f83d45d32e422",
"timestamp": 1686150228
},
{
"file_size": 138356736,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 113475200,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 116917070,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "eb3c36c843befc50091898fb978f83d45d32e422",
"timestamp": 1686150228
},
{
"file_size": 93670,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28715,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50269,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c3a0a929800a0ebe66ac85e6667c6644e872b09d",
"timestamp": 1686150231
},
{
"file_size": 93670,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28715,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 50269,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c3a0a929800a0ebe66ac85e6667c6644e872b09d",
"timestamp": 1686150231
},
{
"file_size": 8553924,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5876359,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6986177,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a3b265af2589cf44aecb2049803a5a4ff84bb202",
"timestamp": 1686150232
},
{
"file_size": 8553924,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5876359,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6986177,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a3b265af2589cf44aecb2049803a5a4ff84bb202",
"timestamp": 1686150232
},
{
"file_size": 88241,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27207,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48761,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c2643a9a4997e6e3e51685cab2f9c6fd4abc7611",
"timestamp": 1686150237
},
{
"file_size": 88241,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27207,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48761,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c2643a9a4997e6e3e51685cab2f9c6fd4abc7611",
"timestamp": 1686150237
},
{
"file_size": 9414708,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6335661,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6370528,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7d304cf9efb664f2ccd968904d504ed8c576e654",
"timestamp": 1686150239
},
{
"file_size": 9414708,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6335661,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6370528,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7d304cf9efb664f2ccd968904d504ed8c576e654",
"timestamp": 1686150239
},
{
"file_size": 10379992,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6814165,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8323239,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0",
"timestamp": 1686150241
},
{
"file_size": 10379992,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6814165,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8323239,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0",
"timestamp": 1686150241
},
{
"file_size": 5250,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2325,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4097,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "630991c60909126d75f94b113fd177180f6712ea",
"timestamp": 1686150245
},
{
"file_size": 5250,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2325,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4097,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "630991c60909126d75f94b113fd177180f6712ea",
"timestamp": 1686150245
},
{
"file_size": 82432,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3828,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4798,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "797c389bd066a4a04c2bce344cb60123443ec81e",
"timestamp": 1686150247
},
{
"file_size": 82432,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3828,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4798,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "797c389bd066a4a04c2bce344cb60123443ec81e",
"timestamp": 1686150247
},
{
"file_size": 111806,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29792,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51346,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8ad9ad7f0468ebd22e0d9e8384c4a107857333a5",
"timestamp": 1686150247
},
{
"file_size": 111806,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29792,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51346,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8ad9ad7f0468ebd22e0d9e8384c4a107857333a5",
"timestamp": 1686150247
},
{
"file_size": 27570,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 15335,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 19448,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1bfc6472d02cab3b91ce506a17d9cad64804871c",
"timestamp": 1686150248
},
{
"file_size": 27570,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 15335,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 19448,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1bfc6472d02cab3b91ce506a17d9cad64804871c",
"timestamp": 1686150248
},
{
"file_size": 450048,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 288291,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 221176,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "111bcee00d7c3d6df8c1420ee0de782eb1937133",
"timestamp": 1686150248
},
{
"file_size": 450048,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 288291,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 221176,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "111bcee00d7c3d6df8c1420ee0de782eb1937133",
"timestamp": 1686150248
},
{
"file_size": 2600888,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2163112,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2014788,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7e32d3bc9afd569852093401de5c4bb5f44b76ff",
"timestamp": 1686150249
},
{
"file_size": 2600888,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2163112,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2014788,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7e32d3bc9afd569852093401de5c4bb5f44b76ff",
"timestamp": 1686150249
},
{
"file_size": 175221,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 35882,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 57436,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "423a146bc73d434a9f39de260f567dd8d0258d47",
"timestamp": 1686150250
},
{
"file_size": 175221,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 35882,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 57436,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "423a146bc73d434a9f39de260f567dd8d0258d47",
"timestamp": 1686150250
},
{
"file_size": 8509312,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6222960,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6167524,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "19b22d0a540bac402aa018c7df49bd97bf02f44a",
"timestamp": 1686150251
},
{
"file_size": 8509312,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6222960,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6167524,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "19b22d0a540bac402aa018c7df49bd97bf02f44a",
"timestamp": 1686150251
},
{
"file_size": 80864416,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2597762,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2017505,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e8a00ce275d0d66559cadb01b10a0ae2d441c60d",
"timestamp": 1686150258
},
{
"file_size": 80864416,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2597762,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2017505,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e8a00ce275d0d66559cadb01b10a0ae2d441c60d",
"timestamp": 1686150258
},
{
"file_size": 20964640,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7215661,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11972784,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e8aeecd01fdf0e1521090598c2180f5cb575f6e6",
"timestamp": 1686150261
},
{
"file_size": 20964640,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7215661,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11972784,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e8aeecd01fdf0e1521090598c2180f5cb575f6e6",
"timestamp": 1686150261
},
{
"file_size": 275456,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5162,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6481,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec",
"timestamp": 1686150261
},
{
"file_size": 275456,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5162,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6481,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec",
"timestamp": 1686150261
},
{
"file_size": 87323,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27477,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49031,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "19f3b61586f5cb7808ed718fae3b99408fcde7b8",
"timestamp": 1686150263
},
{
"file_size": 87323,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27477,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49031,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "19f3b61586f5cb7808ed718fae3b99408fcde7b8",
"timestamp": 1686150263
},
{
"file_size": 12437976,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10483381,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10170287,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bd599890f96bfd2cb617bc1155bd15fc40a084ed",
"timestamp": 1686150266
},
{
"file_size": 12437976,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 10483381,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10170287,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "bd599890f96bfd2cb617bc1155bd15fc40a084ed",
"timestamp": 1686150266
},
{
"file_size": 10148938,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 864896,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14986,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0233a0fec543e6232060515a2e26cc58c2a75623",
"timestamp": 1686150268
},
{
"file_size": 10148938,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 864896,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 14986,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0233a0fec543e6232060515a2e26cc58c2a75623",
"timestamp": 1686150268
},
{
"file_size": 9892620,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6562492,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7558230,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a",
"timestamp": 1686150270
},
{
"file_size": 9892620,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6562492,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 7558230,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a",
"timestamp": 1686150270
},
{
"file_size": 9560808,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6901970,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6907982,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fbcc73b821ae5184783a597050d8ebd62835bfc9",
"timestamp": 1686150270
},
{
"file_size": 9560808,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6901970,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6907982,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fbcc73b821ae5184783a597050d8ebd62835bfc9",
"timestamp": 1686150270
},
{
"file_size": 18831446,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 265862,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12964500,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "25e03817dafe65daaa426190b00318324d21cf71",
"timestamp": 1686150270
},
{
"file_size": 18831446,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 265862,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12964500,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "25e03817dafe65daaa426190b00318324d21cf71",
"timestamp": 1686150270
},
{
"file_size": 8165976,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3933805,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4859118,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f4678063bfee99893461cd18f9ec4556382d102f",
"timestamp": 1686150272
},
{
"file_size": 8165976,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3933805,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4859118,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f4678063bfee99893461cd18f9ec4556382d102f",
"timestamp": 1686150272
},
{
"file_size": 101077,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27765,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49319,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "62ea9191258518515b4be63a7c69a39b918bd28a",
"timestamp": 1686150272
},
{
"file_size": 101077,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27765,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49319,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "62ea9191258518515b4be63a7c69a39b918bd28a",
"timestamp": 1686150272
},
{
"file_size": 8092688,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1464386,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2192617,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e1e78ef90f835f32fb9bd89fc074c22f7748f3e3",
"timestamp": 1686150273
},
{
"file_size": 8092688,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1464386,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2192617,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e1e78ef90f835f32fb9bd89fc074c22f7748f3e3",
"timestamp": 1686150273
},
{
"file_size": 9136128,
"file_type": "PE/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3935869,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3109983,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "48672736929745d0f2716882ccdb099501cb6b1e",
"timestamp": 1686150274
},
{
"file_size": 9136128,
"file_type": "PE/.Net Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3935869,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3109983,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "48672736929745d0f2716882ccdb099501cb6b1e",
"timestamp": 1686150274
},
{
"file_size": 6035544,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2875148,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3522427,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91",
"timestamp": 1686150275
},
{
"file_size": 6035544,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 2875148,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3522427,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91",
"timestamp": 1686150275
},
{
"file_size": 13500336,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11443773,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11133887,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1ceec28970dbdc86c09768fdc2bfa305fce4d261",
"timestamp": 1686150276
},
{
"file_size": 13500336,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 11443773,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11133887,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1ceec28970dbdc86c09768fdc2bfa305fce4d261",
"timestamp": 1686150276
},
{
"file_size": 3376319,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 245960,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 15314,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "efd9d71b0975e5847c4615faf5afc5e9f7210ae3",
"timestamp": 1686150277
},
{
"file_size": 3376319,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 245960,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 15314,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "efd9d71b0975e5847c4615faf5afc5e9f7210ae3",
"timestamp": 1686150277
},
{
"file_size": 103016,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 33875,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 55429,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e412e2c41f29f865786ecf493deafd266c779d88",
"timestamp": 1686150277
},
{
"file_size": 103016,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 33875,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 55429,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e412e2c41f29f865786ecf493deafd266c779d88",
"timestamp": 1686150277
},
{
"file_size": 7885612,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6087984,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6053339,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "80430d7fd0fc7c60d98a89aed4c7bb4495aa6379",
"timestamp": 1686150278
},
{
"file_size": 7885612,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6087984,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6053339,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "80430d7fd0fc7c60d98a89aed4c7bb4495aa6379",
"timestamp": 1686150278
},
{
"file_size": 14178816,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4320653,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5427992,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ebde3e5d4f5dad37d897d676df2240e7e40e08fe",
"timestamp": 1686150278
},
{
"file_size": 14178816,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4320653,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5427992,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ebde3e5d4f5dad37d897d676df2240e7e40e08fe",
"timestamp": 1686150278
},
{
"file_size": 272896,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8053,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6460,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3a1800e643dae8652354dc0e1d09e0fdd010f6a4",
"timestamp": 1686150279
},
{
"file_size": 272896,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 8053,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6460,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3a1800e643dae8652354dc0e1d09e0fdd010f6a4",
"timestamp": 1686150279
},
{
"file_size": 689819,
"file_type": "Document/None/RTF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 533244,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 590406,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5eb3615197888c564cc0190dcb59bc20c7f5cbd9",
"timestamp": 1686150283
},
{
"file_size": 689819,
"file_type": "Document/None/RTF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 533244,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 590406,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "5eb3615197888c564cc0190dcb59bc20c7f5cbd9",
"timestamp": 1686150283
},
{
"file_size": 7179516,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1496148,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1515461,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8a89d0ad8c999e16a2226fddf4096770486212dd",
"timestamp": 1686150284
},
{
"file_size": 7179516,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1496148,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1515461,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8a89d0ad8c999e16a2226fddf4096770486212dd",
"timestamp": 1686150284
},
{
"file_size": 8096528,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5711198,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5832392,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0e753811a1a4bda820926842ce75c4e28c955919",
"timestamp": 1686150287
},
{
"file_size": 8096528,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5711198,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5832392,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0e753811a1a4bda820926842ce75c4e28c955919",
"timestamp": 1686150287
},
{
"file_size": 1766139,
"file_type": "Text/None",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 260148,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 825848,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8a6f27250902702f78938252e2671205790648d4",
"timestamp": 1686150288
},
{
"file_size": 1766139,
"file_type": "Text/None",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 260148,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 825848,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8a6f27250902702f78938252e2671205790648d4",
"timestamp": 1686150288
},
{
"file_size": 10031584,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6627232,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6604495,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8913aed7d56e63add8ed8f65622454ab0b0ed007",
"timestamp": 1686150290
},
{
"file_size": 10031584,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6627232,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6604495,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8913aed7d56e63add8ed8f65622454ab0b0ed007",
"timestamp": 1686150290
},
{
"file_size": 6598488,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1651604,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2536422,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513",
"timestamp": 1686150293
},
{
"file_size": 6598488,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1651604,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2536422,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513",
"timestamp": 1686150293
},
{
"file_size": 8198736,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1724241,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1717079,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2a770424281587e72a70f2b38c6393ee43fcb8fe",
"timestamp": 1686150293
},
{
"file_size": 8198736,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1724241,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1717079,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "2a770424281587e72a70f2b38c6393ee43fcb8fe",
"timestamp": 1686150293
},
{
"file_size": 8041928,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6164307,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6028674,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "58a086af9f4be29846114490255f118299ee9988",
"timestamp": 1686150298
},
{
"file_size": 8041928,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6164307,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6028674,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "58a086af9f4be29846114490255f118299ee9988",
"timestamp": 1686150298
},
{
"file_size": 22636544,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12836365,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17328505,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4a066f4da5351af20dcc6848fcca14ac7237022d",
"timestamp": 1686150304
},
{
"file_size": 22636544,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 12836365,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 17328505,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4a066f4da5351af20dcc6848fcca14ac7237022d",
"timestamp": 1686150304
},
{
"file_size": 31212344,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25069984,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 24741844,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "de4fab5048313f8ea6d87b1821bfc8707463f688",
"timestamp": 1686150308
},
{
"file_size": 31212344,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 25069984,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 24741844,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "de4fab5048313f8ea6d87b1821bfc8707463f688",
"timestamp": 1686150308
},
{
"file_size": 46181234,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28136043,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 340000,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a7dd7dbd677a352cade7696363a2b69827ed9efa",
"timestamp": 1686150316
},
{
"file_size": 46181234,
"file_type": "PE/.Net Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 28136043,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 340000,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a7dd7dbd677a352cade7696363a2b69827ed9efa",
"timestamp": 1686150316
},
{
"file_size": 4268456,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1053136,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1079585,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "55d4bb310cf6f691bf7917630349e60f91e69883",
"timestamp": 1686150328
},
{
"file_size": 4268456,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1053136,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1079585,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "55d4bb310cf6f691bf7917630349e60f91e69883",
"timestamp": 1686150328
},
{
"file_size": 711168,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 22283,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 140714,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1cc796892a6c83da4f9d64c7ac496f48e9e87462",
"timestamp": 1686150331
},
{
"file_size": 711168,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 22283,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 140714,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1cc796892a6c83da4f9d64c7ac496f48e9e87462",
"timestamp": 1686150331
},
{
"file_size": 81041,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26719,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48030,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fac13be0be3051b4ea5dd0299de7297c50eca677",
"timestamp": 1686150331
},
{
"file_size": 81041,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26719,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 48030,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "fac13be0be3051b4ea5dd0299de7297c50eca677",
"timestamp": 1686150331
},
{
"file_size": 2149088,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1486348,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1792360,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "918840817f162ce48336914897b0a2b9e94159c6",
"timestamp": 1686150332
},
{
"file_size": 2149088,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1486348,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1792360,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "918840817f162ce48336914897b0a2b9e94159c6",
"timestamp": 1686150332
},
{
"file_size": 83456,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3829,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4736,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7d2d0a954430071976be168e02000021fe3f8d47",
"timestamp": 1686150334
},
{
"file_size": 83456,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3829,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4736,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7d2d0a954430071976be168e02000021fe3f8d47",
"timestamp": 1686150334
},
{
"file_size": 81703,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29471,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51025,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0de6b65809ff0a806b84af7878f46ab7b0961e58",
"timestamp": 1686150335
},
{
"file_size": 81703,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 29471,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 51025,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "0de6b65809ff0a806b84af7878f46ab7b0961e58",
"timestamp": 1686150335
},
{
"file_size": 1986332,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1489941,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1578610,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "cefdbcf177848c3dbc4660ffa92e0971429717e6",
"timestamp": 1686150335
},
{
"file_size": 1986332,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1489941,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1578610,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "cefdbcf177848c3dbc4660ffa92e0971429717e6",
"timestamp": 1686150335
},
{
"file_size": 454144,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 282176,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 220548,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e4794fefadbba8fcb81540281ccccb949cccd828",
"timestamp": 1686150336
},
{
"file_size": 454144,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 282176,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 220548,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "e4794fefadbba8fcb81540281ccccb949cccd828",
"timestamp": 1686150336
},
{
"file_size": 18366038,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7030388,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12499092,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "b8c11b6867eaec662e5217df5c861393fa6220e6",
"timestamp": 1686150336
},
{
"file_size": 18366038,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7030388,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12499092,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "b8c11b6867eaec662e5217df5c861393fa6220e6",
"timestamp": 1686150336
},
{
"file_size": 8588884,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6284895,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6248087,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d9a5feabf05c02918500526e08a432cee2b65615",
"timestamp": 1686150337
},
{
"file_size": 8588884,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6284895,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6248087,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d9a5feabf05c02918500526e08a432cee2b65615",
"timestamp": 1686150337
},
{
"file_size": 9326836,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6567307,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6759624,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "dfb89e0653f80361906802592cd76c3dfbbe0881",
"timestamp": 1686150337
},
{
"file_size": 9326836,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6567307,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6759624,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "dfb89e0653f80361906802592cd76c3dfbbe0881",
"timestamp": 1686150337
},
{
"file_size": 150057,
"file_type": "Document/None/PDF",
"rule": [
{
"identifier": "ExampleRule",
"matched_data": [
{
"match_offset": 116422,
"matched_string": "dGV4dCBoZXJl\n",
"string_identifier": "JG15X3RleHRfc3RyaW5n\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset2",
"ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
"sample_available": false,
"sha1": "db9a5761f9beda80273964d79aa8bf589ea00f9d",
"timestamp": 1686150338
},
{
"file_size": 101408,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27646,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49200,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "920811cc5d0f3a9218886cc0c35f60793859ccff",
"timestamp": 1686150340
},
{
"file_size": 101408,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 27646,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 49200,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "920811cc5d0f3a9218886cc0c35f60793859ccff",
"timestamp": 1686150340
},
{
"file_size": 17661014,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6325364,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11794068,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "86e5a6461a4c70641f1d9f05b363a6ee9ad9e967",
"timestamp": 1686150341
},
{
"file_size": 17661014,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6325364,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11794068,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "86e5a6461a4c70641f1d9f05b363a6ee9ad9e967",
"timestamp": 1686150341
},
{
"file_size": 17709654,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6374004,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11842708,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d0286f449fe9b310149eba7c643ef32980b20c0a",
"timestamp": 1686150343
},
{
"file_size": 17709654,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6374004,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 11842708,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d0286f449fe9b310149eba7c643ef32980b20c0a",
"timestamp": 1686150343
},
{
"file_size": 18516054,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7180404,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12649108,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a629d0a626ea29b61a59fa12f74ecae92f111d2b",
"timestamp": 1686150345
},
{
"file_size": 18516054,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7180404,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12649108,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "a629d0a626ea29b61a59fa12f74ecae92f111d2b",
"timestamp": 1686150345
},
{
"file_size": 13872608,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9059948,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8952253,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9583081e5b7c0f4f74b2222a23fc058d667ab595",
"timestamp": 1686150351
},
{
"file_size": 13872608,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9059948,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8952253,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9583081e5b7c0f4f74b2222a23fc058d667ab595",
"timestamp": 1686150351
},
{
"file_size": 82432,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3812,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4691,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "39d12fff02df078867efb755f7353480b5f6c0bc",
"timestamp": 1686150357
},
{
"file_size": 82432,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3812,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4691,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "39d12fff02df078867efb755f7353480b5f6c0bc",
"timestamp": 1686150357
},
{
"file_size": 2272971,
"file_type": "Text/None",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 74664,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 619547,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "67c71d50582dea8fedfe6a3b234936a626ffaeb2",
"timestamp": 1686150357
},
{
"file_size": 2272971,
"file_type": "Text/None",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 74664,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 619547,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "67c71d50582dea8fedfe6a3b234936a626ffaeb2",
"timestamp": 1686150357
},
{
"file_size": 8879376,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5745648,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5751012,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1a773ba334a1fc0f818bbd42f77a4e1d946065a9",
"timestamp": 1686150360
},
{
"file_size": 8879376,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5745648,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5751012,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1a773ba334a1fc0f818bbd42f77a4e1d946065a9",
"timestamp": 1686150360
},
{
"file_size": 7755441,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 406771,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 21825,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "812184db6861a00260557e33605b51d0042ff585",
"timestamp": 1686150360
},
{
"file_size": 7755441,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 406771,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 21825,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "812184db6861a00260557e33605b51d0042ff585",
"timestamp": 1686150360
},
{
"file_size": 5618928,
"file_type": "MachO32 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3904124,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4378424,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d1b2e67d1e6066e353d169cfcdcb67b76360ad94",
"timestamp": 1686150361
},
{
"file_size": 5618928,
"file_type": "MachO32 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3904124,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4378424,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "d1b2e67d1e6066e353d169cfcdcb67b76360ad94",
"timestamp": 1686150361
},
{
"file_size": 7870848,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5851887,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5929958,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "350122e4dba72eec4fcf1b5b91d172335c85d7a9",
"timestamp": 1686150369
},
{
"file_size": 7870848,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5851887,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5929958,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "350122e4dba72eec4fcf1b5b91d172335c85d7a9",
"timestamp": 1686150369
},
{
"file_size": 8173600,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5940668,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5601532,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ecc1080cc4303734260b958a79cefb40ae6d0153",
"timestamp": 1686150372
},
{
"file_size": 8173600,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 5940668,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5601532,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "ecc1080cc4303734260b958a79cefb40ae6d0153",
"timestamp": 1686150372
},
{
"file_size": 366711,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 83827,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 363899,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "cf2f0e2acfc86560055a39013db63285b1d78a03",
"timestamp": 1686150388
},
{
"file_size": 366711,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 83827,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 363899,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "cf2f0e2acfc86560055a39013db63285b1d78a03",
"timestamp": 1686150388
},
{
"file_size": 9487360,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6897389,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6936885,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4106e8b239bb92d9fa524b3a6d667c7115b0b666",
"timestamp": 1686150401
},
{
"file_size": 9487360,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6897389,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6936885,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4106e8b239bb92d9fa524b3a6d667c7115b0b666",
"timestamp": 1686150401
},
{
"file_size": 58555814,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1184014,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10951600,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7c14bdf271b74f35da06091594293c7502c82107",
"timestamp": 1686150401
},
{
"file_size": 58555814,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1184014,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 10951600,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "7c14bdf271b74f35da06091594293c7502c82107",
"timestamp": 1686150401
},
{
"file_size": 366706,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 83826,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 363894,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "52a6a217b72415fc38bde13c0f077e47671a7845",
"timestamp": 1686150410
},
{
"file_size": 366706,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 83826,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 363894,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "52a6a217b72415fc38bde13c0f077e47671a7845",
"timestamp": 1686150410
},
{
"file_size": 21275520,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7310445,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12111641,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9dc59205f47be9eac8046b5b259f2ccf65ceddc6",
"timestamp": 1686150414
},
{
"file_size": 21275520,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7310445,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12111641,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "9dc59205f47be9eac8046b5b259f2ccf65ceddc6",
"timestamp": 1686150414
},
{
"file_size": 86684,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 34414,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 55968,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4120782b6b598f4a7e95b4c480c791cffe37a268",
"timestamp": 1686150422
},
{
"file_size": 86684,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 34414,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 55968,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4120782b6b598f4a7e95b4c480c791cffe37a268",
"timestamp": 1686150422
},
{
"file_size": 5327272,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3979083,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2767474,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "eb86c40eb9e7de2c827db61b705530e5945c4562",
"timestamp": 1686150442
},
{
"file_size": 5327272,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3979083,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2767474,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "eb86c40eb9e7de2c827db61b705530e5945c4562",
"timestamp": 1686150442
},
{
"file_size": 1686113,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 192055,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16350,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8d02b28113241f8c6bb4f6313a19950876eca116",
"timestamp": 1686150448
},
{
"file_size": 1686113,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 192055,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 16350,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "8d02b28113241f8c6bb4f6313a19950876eca116",
"timestamp": 1686150448
},
{
"file_size": 35515,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 34829,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 22757,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4767545f40d35fbfee5bbd359fe6be615e679ff9",
"timestamp": 1686150452
},
{
"file_size": 35515,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 34829,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 22757,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4767545f40d35fbfee5bbd359fe6be615e679ff9",
"timestamp": 1686150452
},
{
"file_size": 7892976,
"file_type": "ELF64 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3577820,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3615204,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "94c89fd87cf33f18c9b1783bb133633aa5b28234",
"timestamp": 1686150454
},
{
"file_size": 7892976,
"file_type": "ELF64 Little/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3577820,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 3615204,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "94c89fd87cf33f18c9b1783bb133633aa5b28234",
"timestamp": 1686150454
},
{
"file_size": 242700,
"file_type": "Document/None/RTF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31895,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 41619,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3d526a12778e918e2350d23aa02bfa7cd2c448d0",
"timestamp": 1686150455
},
{
"file_size": 242700,
"file_type": "Document/None/RTF",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 31895,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 41619,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3d526a12778e918e2350d23aa02bfa7cd2c448d0",
"timestamp": 1686150455
},
{
"file_size": 7525504,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1861301,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1676862,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "b2eed81dd77100042b7e918b4f5cacc2d6444aa6",
"timestamp": 1686150455
},
{
"file_size": 7525504,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 1861301,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1676862,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "b2eed81dd77100042b7e918b4f5cacc2d6444aa6",
"timestamp": 1686150455
},
{
"file_size": 74127,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26665,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 47554,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c1ad6cf9c783302cedf77c209ae4d5a11d05b07f",
"timestamp": 1686150464
},
{
"file_size": 74127,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 26665,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 47554,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "c1ad6cf9c783302cedf77c209ae4d5a11d05b07f",
"timestamp": 1686150464
},
{
"file_size": 6306744,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4682682,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5358994,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1fa90eebb148c20a065f0a78d5794f00c7bb51a4",
"timestamp": 1686150481
},
{
"file_size": 6306744,
"file_type": "DEX/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 4682682,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 5358994,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "1fa90eebb148c20a065f0a78d5794f00c7bb51a4",
"timestamp": 1686150481
},
{
"file_size": 8729572,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3118958,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2893418,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6eebfafb77dac46dd9a0541cbd719f59d18ae74a",
"timestamp": 1686150486
},
{
"file_size": 8729572,
"file_type": "PE/Exe/NSIS",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3118958,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 2893418,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6eebfafb77dac46dd9a0541cbd719f59d18ae74a",
"timestamp": 1686150486
},
{
"file_size": 662567,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 467856,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 24033,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4273c4cdb874a9caeddfb76f5e712480246928a6",
"timestamp": 1686150489
},
{
"file_size": 662567,
"file_type": "Email/None/MIME",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 467856,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 24033,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4273c4cdb874a9caeddfb76f5e712480246928a6",
"timestamp": 1686150489
},
{
"file_size": 366703,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 83825,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 363891,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4791aa7a9d8123b974c9b3e41fc3269bfa287c28",
"timestamp": 1686150489
},
{
"file_size": 366703,
"file_type": "Text/HTML/HTML",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 83825,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 363891,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "4791aa7a9d8123b974c9b3e41fc3269bfa287c28",
"timestamp": 1686150489
},
{
"file_size": 18824790,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 259206,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12957844,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3d779c8998dfba56449ad09dbd24db692d2b6528",
"timestamp": 1686150490
},
{
"file_size": 18824790,
"file_type": "PE/Dll",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 259206,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 12957844,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "3d779c8998dfba56449ad09dbd24db692d2b6528",
"timestamp": 1686150490
},
{
"file_size": 8471556,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7414380,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6887310,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f10efe378fb0fa90ca1ee5dcdfee615b1473a74e",
"timestamp": 1686150490
},
{
"file_size": 8471556,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 7414380,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 6887310,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "f10efe378fb0fa90ca1ee5dcdfee615b1473a74e",
"timestamp": 1686150490
},
{
"file_size": 81408,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3819,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4611,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "76c28f712820786cbe6cbeb7f9789480a7ac3b23",
"timestamp": 1686150491
},
{
"file_size": 81408,
"file_type": "Binary/Archive/Compound",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 3819,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 4611,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "76c28f712820786cbe6cbeb7f9789480a7ac3b23",
"timestamp": 1686150491
},
{
"file_size": 13890720,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9051048,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8736852,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "121299e36826d127762d70605c78118223be66a3",
"timestamp": 1686150497
},
{
"file_size": 13890720,
"file_type": "PE+/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 9051048,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 8736852,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "121299e36826d127762d70605c78118223be66a3",
"timestamp": 1686150497
},
{
"file_size": 18482183,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6662509,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1459423,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "SuperHunt",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6010aef2725e64cdeab0e91df479bf0e0a7be14c",
"timestamp": 1686150499
},
{
"file_size": 18482183,
"file_type": "PE/Exe",
"rule": [
{
"identifier": "Example",
"matched_data": [
{
"match_offset": 6662509,
"matched_string": "cGF5\n",
"string_identifier": "JHN0cmluZzE=\n"
},
{
"match_offset": 1459423,
"matched_string": "aW1tZWRpYXRlbHk=\n",
"string_identifier": "JHN0cmluZzI=\n"
}
],
"meta": [],
"tag": []
}
],
"ruleset_name": "ruleset1",
"ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
"sample_available": false,
"sha1": "6010aef2725e64cdeab0e91df479bf0e0a7be14c",
"timestamp": 1686150499
}
],
"last_timestamp": 1686150499,
"name": "YARA Match Continuous Feed",
"time_range": {
"from": "Wed, 07 Jun 2023 14:55:26 +0000",
"to": "Wed, 07 Jun 2023 15:08:19 +0000"
}
}
}
}
}
}

Human Readable Output#

ReversingLabs YARA Matches Feed for time value 1686149726#

Last timestamp: 1686150499 From: Wed, 07 Jun 2023 14:55:26 +0000 To: Wed, 07 Jun 2023 15:08:19 +0000

Entries#

file_sizefile_typeruleruleset_nameruleset_sha1sample_availablesha1timestamp
3276768PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true6c9a7e771632738a4d86e8211be63306b3c317391686149729
3276768PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true6c9a7e771632738a4d86e8211be63306b3c317391686149729
700972Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327393, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d91686149748
700972Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327393, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d91686149748
701035Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327456, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true327da64e3c8bd70b5868a11b90345ffb83faf1691686149771
701035Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327456, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true327da64e3c8bd70b5868a11b90345ffb83faf1691686149771
2495206PE/Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 1508164, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrue8b16533fe15079a2797c5edb655e7faa0136a2c31686149775
136068Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90723, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 126493, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true4b69b90535fffc35b944af09c4fecd1ea45bdf031686149791
136068Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90723, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 126493, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true4b69b90535fffc35b944af09c4fecd1ea45bdf031686149791
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true9833e067786155c711abd4748f0134dce2a50f701686149812
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true9833e067786155c711abd4748f0134dce2a50f701686149812
60165Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueeaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a71686149812
60165Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueeaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a71686149812
348160PE/Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrue8a5f73ba3d164d764f3247e1a4d8910f1c82118e1686149813
2032952PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1691838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1680161, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3ef76796bc39440ff9e380ee0870e082a7d4d8271686149813
2032952PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1691838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1680161, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3ef76796bc39440ff9e380ee0870e082a7d4d8271686149813
152263Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108863, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 66000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true672718e4181413228e56e9aca75af311e5113b341686149815
152263Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108863, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 66000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true672718e4181413228e56e9aca75af311e5113b341686149815
3594552PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2695368, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2746903, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3c1e2700b7b75d6f064f1a4cd92348cbbd12445e1686149821
3594552PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2695368, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2746903, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3c1e2700b7b75d6f064f1a4cd92348cbbd12445e1686149821
629694Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 195141, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 142128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true689fa08d967cd23c51d86f5f31245b2c4b4cb8f41686149825
629694Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 195141, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 142128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true689fa08d967cd23c51d86f5f31245b2c4b4cb8f41686149825
60165Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueeaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a71686149825
60165Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueeaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a71686149825
7876608ELF64 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truebe246b1372fc383087a49f7b217d57f60a91282e1686149830
7876608ELF64 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truebe246b1372fc383087a49f7b217d57f60a91282e1686149830
163095Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92470, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152391, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true38351d1f1fd246eed1a5319c70e6db239cf089611686149832
163095Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92470, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152391, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true38351d1f1fd246eed1a5319c70e6db239cf089611686149832
4435792Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8c2ac756b84dad335730361f0ae794d427f59ac81686149840
4435792Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8c2ac756b84dad335730361f0ae794d427f59ac81686149840
118346Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16163, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 93519, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true33b343dbf5e945badbde855fccd9d41cc6721b571686149841
118346Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16163, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 93519, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true33b343dbf5e945badbde855fccd9d41cc6721b571686149841
421625Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 254252, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 61027, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true97de77df7de1563a15054f68142f815b4df26ef81686149841
421625Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 254252, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 61027, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true97de77df7de1563a15054f68142f815b4df26ef81686149841
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true6c4a87910eafb345ad3b07f13dced51376ccc93f1686149842
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true6c4a87910eafb345ad3b07f13dced51376ccc93f1686149842
4091720PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1530891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1420528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truef0a94f8d3ba71b06bc7a463241233c2db1cf4a361686149842
4091720PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1530891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1420528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truef0a94f8d3ba71b06bc7a463241233c2db1cf4a361686149842
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true5c880504fedd3ee67d06ecb36ef7247a6b26cd481686149844
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true5c880504fedd3ee67d06ecb36ef7247a6b26cd481686149844
151754Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108353, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true1a9bc0dd119fa6b5b15042468d54a26cccccbeaa1686149844
151754Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108353, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true1a9bc0dd119fa6b5b15042468d54a26cccccbeaa1686149844
151042Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 107641, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65289, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trued7c4f4ab8fc6682e2ba020664b06cb40ac1436f81686149844
151042Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 107641, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65289, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trued7c4f4ab8fc6682e2ba020664b06cb40ac1436f81686149844
6321416ELF64 Little/SO{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 361578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 283948, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc71686149845
6321416ELF64 Little/SO{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 361578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 283948, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc71686149845
7876608ELF64 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truebe246b1372fc383087a49f7b217d57f60a91282e1686149847
7876608ELF64 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truebe246b1372fc383087a49f7b217d57f60a91282e1686149847
154712Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111318, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true846e91cbdccfbacf3790aaaa5aad6357394ec3281686149848
154712Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111318, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true846e91cbdccfbacf3790aaaa5aad6357394ec3281686149848
2037575Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 700877, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1730255, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true66ea67dd377be2868f91cada78056d679c37ad141686149849
2037575Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 700877, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1730255, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true66ea67dd377be2868f91cada78056d679c37ad141686149849
4435792Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8c2ac756b84dad335730361f0ae794d427f59ac81686149849
4435792Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8c2ac756b84dad335730361f0ae794d427f59ac81686149849
25735Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true2983e913f00f2919c3ef8af5984fc1d4165ef4591686149851
25735Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true2983e913f00f2919c3ef8af5984fc1d4165ef4591686149851
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true94d4edb7622aa1bc73976a43641f0f7aa673e5151686149851
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true94d4edb7622aa1bc73976a43641f0f7aa673e5151686149851
5899328PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3609590, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3648212, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true1e005a0d0a4e445a22845e20f507c9986ab8c9811686149855
5899328PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3609590, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3648212, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true1e005a0d0a4e445a22845e20f507c9986ab8c9811686149855
477009Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 117834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truec4362fdfb7e929c0befe19e1fdbb503e340713ef1686149858
477009Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 117834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truec4362fdfb7e929c0befe19e1fdbb503e340713ef1686149858
146948Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 103548, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60815, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true6aca08c08a657c545ca575cc33e124e0e38f87301686149865
146948Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 103548, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60815, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true6aca08c08a657c545ca575cc33e124e0e38f87301686149865
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true042e4cb27fc3d6fd7c73e3a217a872495a05c90a1686149866
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true042e4cb27fc3d6fd7c73e3a217a872495a05c90a1686149866
739873Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true2a8b44ff48c01cb281e6fc55079211d061ead5c51686149873
739873Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true2a8b44ff48c01cb281e6fc55079211d061ead5c51686149873
1001023Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truef5d3401062623204bff214eef2887ca59171fc8d1686149874
1001023Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truef5d3401062623204bff214eef2887ca59171fc8d1686149874
344860Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227575, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true1d8d3cffaf275d88d4fc68ec7eb20b30c03225b01686149875
344860Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227575, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true1d8d3cffaf275d88d4fc68ec7eb20b30c03225b01686149875
6738008PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2615445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2651672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3ac8e4d7748a9ca0affb66f81978d33e683c48141686149879
6738008PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2615445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2651672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3ac8e4d7748a9ca0affb66f81978d33e683c48141686149879
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truedc5645d2051ac4aac468e02b4ebf62628a73605f1686149880
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truedc5645d2051ac4aac468e02b4ebf62628a73605f1686149880
6343328PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4122595, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4778117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true2db6a690c35f5f29fc0986760df02acf70d67abf1686149881
6343328PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4122595, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4778117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true2db6a690c35f5f29fc0986760df02acf70d67abf1686149881
154231Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3af52ef8aff5735d794cb2611de951f786961c031686149900
154231Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3af52ef8aff5735d794cb2611de951f786961c031686149900
739903Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truee4965ce5cd511a3efd00a2caba635bfab3f4e8051686149921
739903Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truee4965ce5cd511a3efd00a2caba635bfab3f4e8051686149921
5685433Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 150959, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2075729, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true6974c8390c179c1a4a9dca8947a1f2378852faad1686149931
5685433Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 150959, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2075729, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true6974c8390c179c1a4a9dca8947a1f2378852faad1686149931
11163136PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9002020, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8469401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true07a157e4e612f74d0b01b2844eca8afdc2a439551686149931
11163136PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9002020, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8469401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true07a157e4e612f74d0b01b2844eca8afdc2a439551686149931
1408268Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true440bb2c50ba55eebe34ef8a4e201a17144bd5bc21686149934
1408268Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true440bb2c50ba55eebe34ef8a4e201a17144bd5bc21686149934
2397377Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 91153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1061201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true6cea94c3692b8930e8a4991d94810f01dffafd471686149935
2397377Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 91153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1061201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true6cea94c3692b8930e8a4991d94810f01dffafd471686149935
22505546Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4456790, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3991479, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8d8af50cf52f96e217de076f925b6bc41f8d0ec51686149935
22505546Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4456790, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3991479, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8d8af50cf52f96e217de076f925b6bc41f8d0ec51686149935
42817592Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30365472, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 40659304, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb1686149945
42817592Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30365472, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 40659304, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb1686149945
31211008PE+/Exe/QTinstaller{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16799441, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16899630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8cd67cceebf916ebc1dfa0f3caac9941d2da73181686149953
31211008PE+/Exe/QTinstaller{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16799441, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16899630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8cd67cceebf916ebc1dfa0f3caac9941d2da73181686149953
173951Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28226, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc1686149961
173951Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28226, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc1686149961
1001232Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true81722e46258f2181c4488ed7e4e016465a054df51686149962
1001232Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true81722e46258f2181c4488ed7e4e016465a054df51686149962
1408625Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truee497ae5b73b87142c68aa32ca6c8ddc0384a32791686149962
1408625Text/Go{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truee497ae5b73b87142c68aa32ca6c8ddc0384a32791686149962
3276768PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trued6a75b67f5d2e46acd4429b58e972867e9cd5d3a1686149979
3276768PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trued6a75b67f5d2e46acd4429b58e972867e9cd5d3a1686149979
91161Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50403, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true9dcc23c9b21440ad706a182c116309563cd3ffdd1686149982
91161Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50403, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true9dcc23c9b21440ad706a182c116309563cd3ffdd1686149982
10193920PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8189124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8246307, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3d30c8a0198738772f116ae497f63a98e38603971686149986
10193920PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8189124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8246307, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3d30c8a0198738772f116ae497f63a98e38603971686149986
10953728PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8832644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8334233, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true688225294de1ce81a0b86856e9473a44d79cb2c71686149992
10953728PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8832644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8334233, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true688225294de1ce81a0b86856e9473a44d79cb2c71686149992
13879776PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9063260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8955389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true6b2579402e748c7ca1efe1f9bb1829b935e2e7a31686149994
13879776PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9063260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8955389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true6b2579402e748c7ca1efe1f9bb1829b935e2e7a31686149994
24079793Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18057198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8412693, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true1f43bab8c6957fa362fb90c9729c1916eab2bcd01686150002
24079793Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18057198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8412693, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true1f43bab8c6957fa362fb90c9729c1916eab2bcd01686150002
6474752PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533793, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true4cde41ec566dfd3b8bc329e318c4f17e2b4f48291686150005
6474752PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533793, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true4cde41ec566dfd3b8bc329e318c4f17e2b4f48291686150005
932698Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 326870, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54869, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true2cbeabd2324a2a2d98c144c6d884e587223e2ec61686150015
932698Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 326870, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54869, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true2cbeabd2324a2a2d98c144c6d884e587223e2ec61686150015
72837Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 19785, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 43263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truec7d16b5e7cf3bfff42d2247043551c4175d61d201686150016
72837Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 19785, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 43263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truec7d16b5e7cf3bfff42d2247043551c4175d61d201686150016
36540577Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3889929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16366923, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truea805ed283e310974d552b3b322b4f188912557571686150017
36540577Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3889929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16366923, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truea805ed283e310974d552b3b322b4f188912557571686150017
5047332PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true546ddfb350387e7df8ca8266f8b2b038c7eef2d31686150017
5047332PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true546ddfb350387e7df8ca8266f8b2b038c7eef2d31686150017
24901120PE+/Exe/QTinstaller{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14371897, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14466070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truefd39aae727a929c51b958ee707c238bfb473ad151686150022
24901120PE+/Exe/QTinstaller{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14371897, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14466070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truefd39aae727a929c51b958ee707c238bfb473ad151686150022
34397761Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6212556, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12877011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true1b67acf2821d6fef6927fc280bc43d62c10f34531686150023
34397761Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6212556, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12877011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true1b67acf2821d6fef6927fc280bc43d62c10f34531686150023
15989124Binary/Archive/ZIP{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 12610545, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctruefbeba4bc92ad9ef8a63969244cefd0a89a82faca1686150024
30287982Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26848016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26812902, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true6b0fbcfd179386a5843a327f505fc9792d0ceb731686150026
30287982Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26848016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26812902, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true6b0fbcfd179386a5843a327f505fc9792d0ceb731686150026
9734975Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3297128, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3361389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8710a30f251eb354a10b9b3ded8f39dcb25112701686150030
9734975Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3297128, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3361389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8710a30f251eb354a10b9b3ded8f39dcb25112701686150030
36550757Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3894018, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16377103, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true2d01a780e7061977aa595ed1ab064a64ca72673f1686150034
36550757Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3894018, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16377103, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true2d01a780e7061977aa595ed1ab064a64ca72673f1686150034
30241965Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1270683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19094887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truee73e925688406110576d482b6349f6b4abf6e7911686150034
30241965Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1270683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19094887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truee73e925688406110576d482b6349f6b4abf6e7911686150034
1159176PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 917880, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1076516, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true75de010f85713ee4d027ad3b425d8810b83e26c51686150036
1159176PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 917880, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1076516, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true75de010f85713ee4d027ad3b425d8810b83e26c51686150036
932902Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 216644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true69d5e05c0d3120adbf821c2c81745278e84af7bb1686150036
932902Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 216644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true69d5e05c0d3120adbf821c2c81745278e84af7bb1686150036
9079296PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6536009, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6512841, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trued8abe35af92e46e46ba9279fe6026b44680e4c241686150040
9079296PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6536009, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6512841, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trued8abe35af92e46e46ba9279fe6026b44680e4c241686150040
36641188Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3930181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16467533, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true013bd97c6dedc7caabd9b4a867374ae3b0ac264c1686150043
36641188Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3930181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16467533, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true013bd97c6dedc7caabd9b4a867374ae3b0ac264c1686150043
34865877Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13375873, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 34219704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3aa2b177f8a825c6b13e4599eb6958557835926a1686150046
34865877Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13375873, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 34219704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3aa2b177f8a825c6b13e4599eb6958557835926a1686150046
57024799Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11320886, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48226201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueaf0677e0ad5168e7ea50bfbfa9d4cc6fb617882b1686150048
57024799Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11320886, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48226201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueaf0677e0ad5168e7ea50bfbfa9d4cc6fb617882b1686150048
348160PE/Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrue68000a66e0df17b4742280453a78dbd56240d1ee1686150052
2395811Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1060182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd71686150054
2395811Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1060182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd71686150054
36590144Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3909772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16416489, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true4cdaa1a635a89f003730568320dd1843b0b4eb9b1686150060
36590144Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3909772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16416489, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true4cdaa1a635a89f003730568320dd1843b0b4eb9b1686150060
36515211Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3879798, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16341556, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3354aa087f5e69e2514eb45f86481e3b48dd8c711686150061
36515211Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3879798, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16341556, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3354aa087f5e69e2514eb45f86481e3b48dd8c711686150061
33694294Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23513731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24426219, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueb530c39a703be42f39ea9b0871269121fde6889f1686150062
33694294Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23513731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24426219, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueb530c39a703be42f39ea9b0871269121fde6889f1686150062
36537740Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3888816, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16364086, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true33fb0fe07bf41fecddca87af88764a6133dadd471686150065
36537740Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3888816, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16364086, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true33fb0fe07bf41fecddca87af88764a6133dadd471686150065
36770403Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3981874, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16596748, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truefff92cc57a76f6fd2fb1a9f83323935488263d201686150067
36770403Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3981874, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16596748, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truefff92cc57a76f6fd2fb1a9f83323935488263d201686150067
58043690Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11416838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11383531, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueb34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc1686150088
58043690Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11416838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11383531, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueb34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc1686150088
43296371Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2845294, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 36059397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true82b57851ed6f20a92ee947f7475ba2f1483fbe401686150095
43296371Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2845294, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 36059397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true82b57851ed6f20a92ee947f7475ba2f1483fbe401686150095
928842Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 50772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 106169, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truea7e388dc1018be1fe314c4f8cbf03b1afef1f2ce1686150097
928842Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 50772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 106169, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truea7e388dc1018be1fe314c4f8cbf03b1afef1f2ce1686150097
932389Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331131, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50692, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3857f93365c892ca7633a9c53730d6bc1d831a0f1686150102
932389Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331131, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50692, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3857f93365c892ca7633a9c53730d6bc1d831a0f1686150102
928275Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 323826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51157, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true5c92ee4a922e8257741a8147f427470ec1fb2cc71686150102
928275Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 323826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51157, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true5c92ee4a922e8257741a8147f427470ec1fb2cc71686150102
932276Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 124645, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 684889, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true65dd53f03df7c7fc23c681906bc82faef89b62291686150102
932276Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 124645, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 684889, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true65dd53f03df7c7fc23c681906bc82faef89b62291686150102
36531162Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3886168, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16357507, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true4a50c617873f2fe6d95c80c122ed16c47a1418e11686150102
36531162Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3886168, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16357507, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true4a50c617873f2fe6d95c80c122ed16c47a1418e11686150102
931071Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true5f98263a56a793c9a5b1eb4137b241b3f2b3a92f1686150103
931071Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true5f98263a56a793c9a5b1eb4137b241b3f2b3a92f1686150103
7549400ELF32 Little/SO{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 313894, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 370505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true33c1abb22a7c450ec7a56d86ed55f2309033a1ad1686150103
7549400ELF32 Little/SO{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 313894, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 370505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true33c1abb22a7c450ec7a56d86ed55f2309033a1ad1686150103
1331824DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 913341, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 824258, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true0a67ebac16528d81e4d4a57c24f5ec98bffe78ba1686150104
1331824DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 913341, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 824258, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true0a67ebac16528d81e4d4a57c24f5ec98bffe78ba1686150104
968667Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495188, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true388a688ff5360dc566ae1e02c5744423b1474a8c1686150104
968667Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495188, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true388a688ff5360dc566ae1e02c5744423b1474a8c1686150104
931717Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 423260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51749, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3ea76a30076f6773a77a0d38cb4329bb87ccdca61686150105
931717Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 423260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51749, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3ea76a30076f6773a77a0d38cb4329bb87ccdca61686150105
8185728Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6588985, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7149558, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truef9042e40b9e538738ff824c1ab905857b9cdc83d1686150106
8185728Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6588985, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7149558, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truef9042e40b9e538738ff824c1ab905857b9cdc83d1686150106
930985Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 322357, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50952, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true6beac76e3513c3e844b4a273ee08a7489a8505261686150106
930985Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 322357, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50952, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true6beac76e3513c3e844b4a273ee08a7489a8505261686150106
926603Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47177, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 694431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truec8cef867ea206871eb64383f00f2fabaadb7c2761686150109
926603Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47177, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 694431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truec8cef867ea206871eb64383f00f2fabaadb7c2761686150109
935797Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 138034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 342929, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true73dafc4fdeb216048d15665f036646f99af739131686150109
935797Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 138034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 342929, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true73dafc4fdeb216048d15665f036646f99af739131686150109
931560Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 51372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 609695, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true0123930e0a777ee12c0a73cf035b5bd7f779ec851686150109
931560Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 51372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 609695, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true0123930e0a777ee12c0a73cf035b5bd7f779ec851686150109
935998Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338376, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59214, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb41686150110
935998Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338376, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59214, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb41686150110
933412Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 43451, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 185008, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true101516f0f938f540ac87d4f88875c39c267ea29e1686150112
933412Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 43451, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 185008, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true101516f0f938f540ac87d4f88875c39c267ea29e1686150112
6701832PE+/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trued194592f1c5946d2d49bc657e9924290ce2e2d2e1686150114
6701832PE+/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trued194592f1c5946d2d49bc657e9924290ce2e2d2e1686150114
3276768PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueafa59c4de068f13d617a8090c55f7d0b645d97821686150114
3276768PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueafa59c4de068f13d617a8090c55f7d0b645d97821686150114
173795Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truebd0f7e58c1600c5a717fcf060c6c260d9d865d221686150115
173795Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truebd0f7e58c1600c5a717fcf060c6c260d9d865d221686150115
931770Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118609, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 175602, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trued85fbe69e08f57750f22ef20ad20e3bb08fb53df1686150115
931770Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118609, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 175602, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trued85fbe69e08f57750f22ef20ad20e3bb08fb53df1686150115
929834Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 55696, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 651831, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueb4c897b4aaa258b27ee0ff7edf553735481f565d1686150116
929834Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 55696, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 651831, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueb4c897b4aaa258b27ee0ff7edf553735481f565d1686150116
23668351Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 774742, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23214826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true4af3d5aee88996ec6952ea9e598b434ee4dc0c281686150119
23668351Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 774742, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23214826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true4af3d5aee88996ec6952ea9e598b434ee4dc0c281686150119
9095348DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2065896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1838594, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truec8e8441cdad2974770adb2fd9091f4f5901889681686150123
9095348DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2065896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1838594, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truec8e8441cdad2974770adb2fd9091f4f5901889681686150123
930687Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 180327, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true961e3cd96bfa7943f71109d0c235fd8b38376f601686150124
930687Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 180327, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true961e3cd96bfa7943f71109d0c235fd8b38376f601686150124
931377Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 401046, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 129705, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true0bb2964f5efb578d0ecc0cf06417d686dde59f771686150125
931377Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 401046, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 129705, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true0bb2964f5efb578d0ecc0cf06417d686dde59f771686150125
927231Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 57153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 688672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true96625e5eb83bfd90167a64c8e3cc7e7be5b63fe01686150125
927231Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 57153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 688672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true96625e5eb83bfd90167a64c8e3cc7e7be5b63fe01686150125
3331072PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2187152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2194102, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true089a0358b27ea0c5d92c823b63add32457501a5e1686150126
3331072PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2187152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2194102, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true089a0358b27ea0c5d92c823b63add32457501a5e1686150126
8126464ELF64 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3474544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3515704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true20a165c1eb816ff4ad7d55d49e70a41c1198ead81686150128
8126464ELF64 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3474544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3515704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true20a165c1eb816ff4ad7d55d49e70a41c1198ead81686150128
36633572Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3927134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16459918, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true583d27662efc73f5f42eb81609770e692e9a65ed1686150129
36633572Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3927134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16459918, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true583d27662efc73f5f42eb81609770e692e9a65ed1686150129
34389577Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210700, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869171, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce1686150135
34389577Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210700, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869171, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce1686150135
935988Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331334, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52342, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true2129c563cfbfbab0111c73f31184e0bf4b1bc3a61686150139
935988Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331334, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52342, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true2129c563cfbfbab0111c73f31184e0bf4b1bc3a61686150139
930473Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338428, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59098, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true787d91817a5dd4cf63d0454eb240052aa96876191686150140
930473Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338428, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59098, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true787d91817a5dd4cf63d0454eb240052aa96876191686150140
12013103PE/Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 9115816, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrue6a335f4e638e564f836057fe6e0e2af05ec33da81686150140
6699288PE+/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815385, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed1686150143
6699288PE+/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815385, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed1686150143
929276Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 403386, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true9454c50693d7b390806ced4ef36b9b857b8629fa1686150149
929276Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 403386, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true9454c50693d7b390806ced4ef36b9b857b8629fa1686150149
930806Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 184147, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true274b00db13eebcd6082de509d400fe5251a98f031686150149
930806Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 184147, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true274b00db13eebcd6082de509d400fe5251a98f031686150149
61184217Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45211537, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58260786, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trued9db0d9b40773587e3f3504ee62dd13f356e20421686150152
61184217Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45211537, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58260786, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trued9db0d9b40773587e3f3504ee62dd13f356e20421686150152
73081759Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12895085, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30003463, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true824ad09d431328843657589c773b0b69b87fe04e1686150157
73081759Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12895085, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30003463, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true824ad09d431328843657589c773b0b69b87fe04e1686150157
10032511Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1605113, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7068039, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true5ba002fd1aa0d945d508de71864be5fbee45f4fb1686150162
10032511Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1605113, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7068039, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true5ba002fd1aa0d945d508de71864be5fbee45f4fb1686150162
931686Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 48187, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 409598, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truee5842bab24fad9c4287acfed037aab491c47df011686150163
931686Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 48187, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 409598, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truee5842bab24fad9c4287acfed037aab491c47df011686150163
26278447Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23857885, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23869615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true290617954cdec1062ac608739fe91ff59390d6971686150167
26278447Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23857885, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23869615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true290617954cdec1062ac608739fe91ff59390d6971686150167
34389577Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210892, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869363, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true6da793ceb98fba2eca7bf612512c1f19acd4169a1686150172
34389577Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210892, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869363, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true6da793ceb98fba2eca7bf612512c1f19acd4169a1686150172
8946132DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3674270, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3441202, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true90edd03ca6404f5463883a9636f3c0f9898e07bd1686150179
8946132DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3674270, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3441202, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true90edd03ca6404f5463883a9636f3c0f9898e07bd1686150179
9193604DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1891954, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3260593, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true7e0f6d644b62d3b5796e50c1d385d4a0c9c6e9901686150180
9193604DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1891954, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3260593, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true7e0f6d644b62d3b5796e50c1d385d4a0c9c6e9901686150180
12764160PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8980721, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12260413, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true7b6aa3b5779ec0d82fee559fc4d63ad480d510811686150184
12764160PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8980721, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12260413, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true7b6aa3b5779ec0d82fee559fc4d63ad480d510811686150184
3310440PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1999564, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 785846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true1f432e629ddc3a46933533ecbb34fea9957e75fb1686150210
3310440PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1999564, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 785846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true1f432e629ddc3a46933533ecbb34fea9957e75fb1686150210
9573220DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6332741, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7759019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truee65b15c85ad58e8c03d631bc18c60cb8158f284e1686150242
9573220DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6332741, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7759019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truee65b15c85ad58e8c03d631bc18c60cb8158f284e1686150242
930740Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueb873436ccab36552c99f8fe7061bdbe272d3ce8f1686150266
930740Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueb873436ccab36552c99f8fe7061bdbe272d3ce8f1686150266
348160PE/Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrued69278c938ecff91cb1de3e41eb4ad2ada3d7fd71686150275
348160PE/Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrue9e0b73ab7dd3c5393d59f189f72d86969fe810e61686150278
96404Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34942, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23974, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true40ae8ce4fd7be204b022a24d145bc76724f29a251686150284
96404Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34942, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23974, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true40ae8ce4fd7be204b022a24d145bc76724f29a251686150284
491771Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31265, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 449442, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true311b155865c0b0031906cc3cb642c1451c728b491686150285
491771Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31265, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 449442, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true311b155865c0b0031906cc3cb642c1451c728b491686150285
15222705Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3256698, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10462094, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8077d9e9178106ee04bb064f0c4836609b2651a31686150286
15222705Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3256698, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10462094, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8077d9e9178106ee04bb064f0c4836609b2651a31686150286
30296948Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26842835, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26807721, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true083b1295e2caf60b6a41f01b6f87667b984300911686150290
30296948Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26842835, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26807721, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true083b1295e2caf60b6a41f01b6f87667b984300911686150290
6537308PE/Exe/Py2ExeInstaller{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5693089, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2822995, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true49e0274cb0a8a40a09bcad3a1713a800e5fb6fd11686150294
6537308PE/Exe/Py2ExeInstaller{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5693089, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2822995, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true49e0274cb0a8a40a09bcad3a1713a800e5fb6fd11686150294
7247380Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4008699, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4004292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truedc5923d8b5caae31db125694e113c3838d6451801686150295
7247380Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4008699, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4004292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truedc5923d8b5caae31db125694e113c3838d6451801686150295
4502016PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3630751, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3591330, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true0577c58640804c401b437230cced87df2345e29c1686150298
4502016PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3630751, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3591330, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true0577c58640804c401b437230cced87df2345e29c1686150298
12545978Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10606314, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2930691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truea74dd66fb887d1af674a86bf6a29b7689e13bcfe1686150302
12545978Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10606314, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2930691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truea74dd66fb887d1af674a86bf6a29b7689e13bcfe1686150302
21330944PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15508458, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14984430, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trued7d92eeac776fff79b8bb27ae022acb7b2a72d461686150317
21330944PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15508458, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14984430, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trued7d92eeac776fff79b8bb27ae022acb7b2a72d461686150317
931771Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 414713, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8cb8155899b4297fa0a00e46789aadf71b9ebae01686150327
931771Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 414713, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8cb8155899b4297fa0a00e46789aadf71b9ebae01686150327
468938Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20060, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 207216, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true7f8905edbfd2e186ed2a4752c8be165a486871c01686150330
468938Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20060, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 207216, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true7f8905edbfd2e186ed2a4752c8be165a486871c01686150330
3557888PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 509291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truee07c7eeeec72a3a3d03de92f0c14ad55ad44ba281686150332
3557888PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 509291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truee07c7eeeec72a3a3d03de92f0c14ad55ad44ba281686150332
7852544PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6486978, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6455842, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true4a080485c96493bd3debfad49a284a34760e9b701686150343
7852544PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6486978, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6455842, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true4a080485c96493bd3debfad49a284a34760e9b701686150343
15735Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11559, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9762, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueaa7abe3707df21fd8e0aab4609e413c9e9395efe1686150351
15735Text/TypeScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11559, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9762, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueaa7abe3707df21fd8e0aab4609e413c9e9395efe1686150351
931613Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 123803, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 294152, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f41686150352
931613Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 123803, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 294152, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f41686150352
948192PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 612819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 588226, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truea6d3081cbeb195d1edfc1099435bf0f9afaf711a1686150354
948192PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 612819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 588226, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truea6d3081cbeb195d1edfc1099435bf0f9afaf711a1686150354
5127484PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueab46a7097d5e33fcc3eefcb097cf651d4b79327e1686150356
5127484PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueab46a7097d5e33fcc3eefcb097cf651d4b79327e1686150356
25453056PE+/Exe/QTinstaller{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15179465, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15285982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueade4a102d363465fc686f2205ccc541641212b761686150357
25453056PE+/Exe/QTinstaller{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15179465, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15285982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueade4a102d363465fc686f2205ccc541641212b761686150357
43717981Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22952660, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21572538, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true730b962ad50fa2261e7cc4cda3cd478e29433cb61686150363
43717981Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22952660, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21572538, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true730b962ad50fa2261e7cc4cda3cd478e29433cb61686150363
10340152PE/.Net Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 615180, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrue2715497b02f441d8f7fd55bcbc73e2dc912c284f1686150364
25406657PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5367098, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5417667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truecec13f5281df131634a68b0f404360f783f557ec1686150371
25406657PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5367098, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5417667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truecec13f5281df131634a68b0f404360f783f557ec1686150371
931361Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46225, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 192292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true5c4e9cc203c98e89a989478efaca334e8779af811686150371
931361Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46225, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 192292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true5c4e9cc203c98e89a989478efaca334e8779af811686150371
23095627Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369170, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21391369, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true06f8373056da04c985cd04b94e51ec666612d2cd1686150371
23095627Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369170, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21391369, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true06f8373056da04c985cd04b94e51ec666612d2cd1686150371
348160PE/Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrue147ae394a900a5d3d735e77dfd86ce49a09918621686150374
20372117PE/Exe/NSIS{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 7242654, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrue4f66b0d78adce76fe167fea619b11305034385591686150375
20280576PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8292185, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8209778, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8db22983306a388d96017ffdb3ab1e00d7ebb43c1686150377
20280576PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8292185, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8209778, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8db22983306a388d96017ffdb3ab1e00d7ebb43c1686150377
10182656PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3152562, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3805148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true59f6e8d7adc5364174e1ae0f192ad10d2f9d01171686150379
10182656PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3152562, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3805148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true59f6e8d7adc5364174e1ae0f192ad10d2f9d01171686150379
930152Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 412452, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true112c3ef4d7d4fee90f4367199ad90568e963cf661686150382
930152Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 412452, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true112c3ef4d7d4fee90f4367199ad90568e963cf661686150382
8814592PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4011313, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4713025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true775b98352e38f238b29f95040424f6c1ac503e8f1686150386
8814592PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4011313, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4713025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true775b98352e38f238b29f95040424f6c1ac503e8f1686150386
3282432PE+/Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 1698382, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08ctrue89c5c42946f23ab8da17d62395ec0801fc1ff93f1686150394
6444832PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4974746, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5726860, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truedd3646cd6dab41f30705c102b56e633b952bb4751686150397
6444832PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4974746, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5726860, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truedd3646cd6dab41f30705c102b56e633b952bb4751686150397
6474752PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533783, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591836, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true696ff8fef64c56e79ea3da6812c7a2edafdc029d1686150401
6474752PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533783, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591836, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true696ff8fef64c56e79ea3da6812c7a2edafdc029d1686150401
86433Binary/None{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28868, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50260, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true7195310aa4920e2cb39ddc26b248143499d3b1261686150413
86433Binary/None{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28868, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50260, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true7195310aa4920e2cb39ddc26b248143499d3b1261686150413
3267040PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2062484, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2095349, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d161686150421
3267040PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2062484, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2095349, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d161686150421
47601Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 33096, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true3175ad779cc055b571f0fd1acbd8cc9bfe5202801686150431
47601Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 33096, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true3175ad779cc055b571f0fd1acbd8cc9bfe5202801686150431
154756Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111362, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true220680831449b8f6588a9cce44741fab554a7ba71686150441
154756Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111362, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true220680831449b8f6588a9cce44741fab554a7ba71686150441
151462Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108062, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65135, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true1878b427f101a316442c57209fa17cbe6a1ca0fe1686150448
151462Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108062, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65135, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true1878b427f101a316442c57209fa17cbe6a1ca0fe1686150448
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truea9627215cb7c1b43c9f5f594a82a2c1559857d7b1686150449
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truea9627215cb7c1b43c9f5f594a82a2c1559857d7b1686150449
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true2d0ed62c390430662fc33d8f57b4eb121139ca541686150449
89327Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true2d0ed62c390430662fc33d8f57b4eb121139ca541686150449
159341Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 115940, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 73406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truea554594c774d4b5d41f7a5234e2905e14b0349871686150450
159341Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 115940, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 73406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truea554594c774d4b5d41f7a5234e2905e14b0349871686150450
126381Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 70625, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53368, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true505c406d7ea1a2f47312b0966be841028ae919e71686150450
126381Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 70625, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53368, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true505c406d7ea1a2f47312b0966be841028ae919e71686150450
14417Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11214, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12222, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true60281e56f446d4a3656a25658ffcbd74f12c5bf41686150454
14417Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11214, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12222, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true60281e56f446d4a3656a25658ffcbd74f12c5bf41686150454
154369Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110973, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truec099dd547b58e74ed8d9c2c6d579ab8e412695001686150455
154369Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110973, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truec099dd547b58e74ed8d9c2c6d579ab8e412695001686150455
155384Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truee24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a41686150457
155384Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truee24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a41686150457
154219Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68400, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true995fd53ad16804fccf466264417695e6b0ab6e201686150463
154219Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68400, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true995fd53ad16804fccf466264417695e6b0ab6e201686150463
381079Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 176266, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 345615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true593b0f2c47aa6bd73428f10ea0360725faf06c421686150465
381079Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 176266, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 345615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true593b0f2c47aa6bd73428f10ea0360725faf06c421686150465
163098Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92473, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152394, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true942e2fb470bd4008055a8bce6749e9bbccb75ea11686150468
163098Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92473, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152394, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true942e2fb470bd4008055a8bce6749e9bbccb75ea11686150468
13861856PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9049728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8942045, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true59dafd4d926ab9a9c34899540af51135fe4bd8da1686150470
13861856PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9049728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8942045, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true59dafd4d926ab9a9c34899540af51135fe4bd8da1686150470
164398Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3527, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58716, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trued968e98107f741326dca87d26537cc180932e35f1686150471
164398Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3527, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58716, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trued968e98107f741326dca87d26537cc180932e35f1686150471
1747296Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1673385, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1497969, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true99917368bb78857bf2f837dce851312a70b9ada71686150471
1747296Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1673385, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1497969, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true99917368bb78857bf2f837dce851312a70b9ada71686150471
11576577Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10342763, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10354427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truedff8243d0b4a32e46a8ac8021d97b0aad21830a41686150472
11576577Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10342763, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10354427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truedff8243d0b4a32e46a8ac8021d97b0aad21830a41686150472
154378Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110980, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueea9236fdef65fc30c10218b2140d0942adc1f22b1686150472
154378Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110980, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueea9236fdef65fc30c10218b2140d0942adc1f22b1686150472
39268559Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 64836, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 605486, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true54edf295efcf05160d27fb6834a3caf9f2209ba71686150475
39268559Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 64836, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 605486, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true54edf295efcf05160d27fb6834a3caf9f2209ba71686150475
444715Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15462, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 193293, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true55fc77d16e940a3be013328da7d777f419def4471686150476
444715Text/JavaScript{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15462, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 193293, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true55fc77d16e940a3be013328da7d777f419def4471686150476
146027Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 102626, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60254, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true969c08328198fbb0749411234c6a00b0ce5a003d1686150478
146027Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 102626, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60254, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true969c08328198fbb0749411234c6a00b0ce5a003d1686150478
154393Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truedf4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb01686150478
154393Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truedf4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb01686150478
407815Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 133036, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 80620, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truee35210e1fd190655438816adbb94a276948585d11686150478
407815Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 133036, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 80620, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truee35210e1fd190655438816adbb94a276948585d11686150478
20620343Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33910, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 196832, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truea2acda4f1d103c3935fecaceb702793840da5de21686150481
20620343Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33910, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 196832, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truea2acda4f1d103c3935fecaceb702793840da5de21686150481
6009840PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4616975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4984614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true58d3d4e8011ca5aa7a827bdb32984b46691cb5a91686150481
6009840PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4616975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4984614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true58d3d4e8011ca5aa7a827bdb32984b46691cb5a91686150481
20632380Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 208986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trued2778f896a3ff2d865af50cbcd529dafcf7143931686150482
20632380Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 208986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trued2778f896a3ff2d865af50cbcd529dafcf7143931686150482
273248Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true34578885caf1a2e0b48b46d4e70eb01445acc5f01686150482
273248Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true34578885caf1a2e0b48b46d4e70eb01445acc5f01686150482
344762Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueb6caa5f15f08024eda95d3eb61de207ea1db5ca71686150483
344762Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueb6caa5f15f08024eda95d3eb61de207ea1db5ca71686150483
273249Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508trueddff15d4914ff06b55fbac496362aaae7a2d3c9b1686150484
273249Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508trueddff15d4914ff06b55fbac496362aaae7a2d3c9b1686150484
456700Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 430650, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 214898, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truea3342c659d56113fcf63287f1f2b51015a32a9fe1686150491
456700Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 430650, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 214898, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truea3342c659d56113fcf63287f1f2b51015a32a9fe1686150491
20655221Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19076, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508truee1a3dcfe7846ac93feb3b6c0d368c619551e20601686150496
20655221Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19076, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508truee1a3dcfe7846ac93feb3b6c0d368c619551e20601686150496
1808816PE/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 201237, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 166562, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508true8cee4323aa88793881d1e9753476ffd85e9909d21686150498
1808816PE/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 201237, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 166562, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508true8cee4323aa88793881d1e9753476ffd85e9909d21686150498
17414211PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1697169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 341432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false86323712891af72832dd179625c1c9e5f47ef5dc1686149728
17414211PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1697169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 341432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false86323712891af72832dd179625c1c9e5f47ef5dc1686149728
97050Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27202, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48756, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4b894706af749cdad62ced56233c32dc852742121686149728
97050Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27202, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48756, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4b894706af749cdad62ced56233c32dc852742121686149728
735478Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555378, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false2d4d4a0e0efea6efab5dff40951a996b10fe594c1686149732
735478Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555378, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false2d4d4a0e0efea6efab5dff40951a996b10fe594c1686149732
609570Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53613, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseaaed518e40e25ce0e29bd86cefa05cf4c6cdaad81686149732
609570Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53613, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseaaed518e40e25ce0e29bd86cefa05cf4c6cdaad81686149732
8295796DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3332145, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1798128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseeb37a450426a73adc228c0b7af6b389fc7bdf56e1686149737
8295796DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3332145, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1798128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseeb37a450426a73adc228c0b7af6b389fc7bdf56e1686149737
13028229PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29013, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 650100, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec38171b6039aed6b7b759e296ace24dc7d025b831686149738
13028229PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29013, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 650100, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec38171b6039aed6b7b759e296ace24dc7d025b831686149738
7240420DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4735924, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4985544, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false06b99fba88558d39bdb6dbb429327e38bd1a00a61686149740
7240420DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4735924, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4985544, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false06b99fba88558d39bdb6dbb429327e38bd1a00a61686149740
9198608DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6192194, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6196270, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed537cc50888e2276c7faf74e30d23c170738198a1686149744
9198608DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6192194, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6196270, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed537cc50888e2276c7faf74e30d23c170738198a1686149744
26307192PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3868176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3642636, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0503efcbe5861c3e0d079f9becb3485452b972351686149749
26307192PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3868176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3642636, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0503efcbe5861c3e0d079f9becb3485452b972351686149749
108432Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45813, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17730, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6eb5e3bb205a25257bf20d66e9f4f70a7ae67d761686149755
108432Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45813, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17730, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6eb5e3bb205a25257bf20d66e9f4f70a7ae67d761686149755
22828Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8423, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11498, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false51b0ba00682591290f80e5855f1a4db9998acf091686149756
22828Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8423, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11498, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false51b0ba00682591290f80e5855f1a4db9998acf091686149756
22894Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11564, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0c6f35b25d6e074fab3199944f85df197e0631621686149766
22894Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11564, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0c6f35b25d6e074fab3199944f85df197e0631621686149766
735481Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555379, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733136, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec95b0d982790b576d4b8b0eb0b5eb81c07e8eb871686149767
735481Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555379, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733136, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec95b0d982790b576d4b8b0eb0b5eb81c07e8eb871686149767
69910542PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 432346, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 401816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec10dd19fb20e99ac5e03cc854fcb07f3a46896261686149774
69910542PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 432346, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 401816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec10dd19fb20e99ac5e03cc854fcb07f3a46896261686149774
78078Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48075, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6b23dddf010be66788315ffbd673a8786e216cca1686149779
78078Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48075, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6b23dddf010be66788315ffbd673a8786e216cca1686149779
55035681PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6445000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5864743, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea20295d2941d01ad89f148221bfeeb4a7ae91c8a1686149785
55035681PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6445000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5864743, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea20295d2941d01ad89f148221bfeeb4a7ae91c8a1686149785
72160935Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25254788, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62943840, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false3608d31f0528ed78f3b4c7325f48b21eaae7d6e91686149790
72160935Binary/Archive/ZIP{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 64192330, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse3608d31f0528ed78f3b4c7325f48b21eaae7d6e91686149790
72160935Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25254788, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62943840, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false3608d31f0528ed78f3b4c7325f48b21eaae7d6e91686149790
5053848PE/Exe/UPX{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 4631537, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse9d94d6d2c676ea1391707da336b08adb51a7602e1686149811
48064504PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14832618, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6254126, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false949abf3b22fde0d82aabde30b447202a85a229761686149814
48064504PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14832618, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6254126, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false949abf3b22fde0d82aabde30b447202a85a229761686149814
17363501PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 276134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4050570, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseea2a042555d2ed5031699ab262dd36ee11140a471686149826
17363501PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 276134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4050570, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseea2a042555d2ed5031699ab262dd36ee11140a471686149826
1097787PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1026714, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1022464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8347104bb4f67e9f6a009dddab7d9ba64c1f1f341686149827
1097787PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1026714, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1022464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8347104bb4f67e9f6a009dddab7d9ba64c1f1f341686149827
9109956DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6903276, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7053407, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false68272eebbf35852ead3ca57e4d4057c1aca9e87f1686149828
9109956DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6903276, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7053407, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false68272eebbf35852ead3ca57e4d4057c1aca9e87f1686149828
129965Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28324, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49213, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8862e555dfb36ef346c9ab015e9cdc042742f9051686149830
129965Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28324, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49213, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8862e555dfb36ef346c9ab015e9cdc042742f9051686149830
3401029Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 546852, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12694, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4edebb0ccaf461b657eefd6de9daa819718702c51686149831
3401029Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 546852, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12694, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4edebb0ccaf461b657eefd6de9daa819718702c51686149831
12211580DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1831826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1825431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsebce246203d8df748692e5d67f7b43779ca18fcb81686149833
12211580DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1831826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1825431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsebce246203d8df748692e5d67f7b43779ca18fcb81686149833
130472Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31577, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53131, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsebb95e8d71ced34ca09a220bcd4740c05bb5beaae1686149835
130472Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31577, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53131, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsebb95e8d71ced34ca09a220bcd4740c05bb5beaae1686149835
21856Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false49e3e9c608998a84c76dea1d14979748fa3031081686149836
21856Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false49e3e9c608998a84c76dea1d14979748fa3031081686149836
8761628DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5623501, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5729635, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false638ee91a8195f803fb856b9cc58ec90b4e302d2d1686149838
8761628DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5623501, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5729635, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false638ee91a8195f803fb856b9cc58ec90b4e302d2d1686149838
80384Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4633, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed71c31ff1506662b75a69ab2f4c470acd4a608c61686149840
80384Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4633, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed71c31ff1506662b75a69ab2f4c470acd4a608c61686149840
2696810Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11164, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false2bb02417e2229ec6c67723720e8c047473bac4281686149843
2696810Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11164, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false2bb02417e2229ec6c67723720e8c047473bac4281686149843
291468Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30654, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 206411, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false861df3d24be5051f03b772a3614ece4f38c9453f1686149843
291468Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30654, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 206411, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false861df3d24be5051f03b772a3614ece4f38c9453f1686149843
9605652DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6219463, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7291032, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsedbb08be91da3fbb62d3a940f50ee262b8ee64a001686149843
9605652DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6219463, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7291032, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsedbb08be91da3fbb62d3a940f50ee262b8ee64a001686149843
7851776DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5738916, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5715983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false44ecf0599917582d655aebecad3bff20428a95d51686149844
7851776DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5738916, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5715983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false44ecf0599917582d655aebecad3bff20428a95d51686149844
134280Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31122, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52676, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7b954a9a584dfea3b50aa0d266ece12edd920de31686149844
134280Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31122, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52676, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7b954a9a584dfea3b50aa0d266ece12edd920de31686149844
1566720Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48358, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9ae122565cefb2d077ffd8015b2080dbcd66210a1686149846
1566720Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48358, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9ae122565cefb2d077ffd8015b2080dbcd66210a1686149846
1826525PE/Exe/PECompact{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 61949, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1772779, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false00d16698e37238fa735a1f1728bcbd5a43247e801686149846
1826525PE/Exe/PECompact{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 61949, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1772779, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false00d16698e37238fa735a1f1728bcbd5a43247e801686149846
31410Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17271, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed11b319f05e4ca0f27820748b503a59f24beb00d1686149846
31410Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17271, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed11b319f05e4ca0f27820748b503a59f24beb00d1686149846
81478Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31946, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 38816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsefc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af1686149850
81478Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31946, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 38816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsefc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af1686149850
718416Document/None/PDF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140853, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false84c987347c558fb79e603b4ce107e727b35d2ce01686149850
718416Document/None/PDF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140853, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false84c987347c558fb79e603b4ce107e727b35d2ce01686149850
7765124Binary/None/TNEF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1806802, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false1898cb0bd9636e2770bef781e64c14ea930737d91686149851
7765124Binary/None/TNEF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1806802, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false1898cb0bd9636e2770bef781e64c14ea930737d91686149851
7445844DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5463059, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5443224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8397215a4ef8f0278ca94ac55bcfb7d951eb59911686149852
7445844DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5463059, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5443224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8397215a4ef8f0278ca94ac55bcfb7d951eb59911686149852
58880Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false5e3ce373290c3ff3a161f20ce507f566ec02ef371686149853
58880Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false5e3ce373290c3ff3a161f20ce507f566ec02ef371686149853
34304Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 18191, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6419bbc857dfc05244305301ce04fd3101dfbc4e1686149856
34304Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 18191, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6419bbc857dfc05244305301ce04fd3101dfbc4e1686149856
13647Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsef498fa63f00a6c5d563c78597b1e603f00c292ba1686149856
13647Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsef498fa63f00a6c5d563c78597b1e603f00c292ba1686149856
10867247Document/None/PDF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 615042, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2517009, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false80ac906fe3153d272625e4cfd0e953d01dabc7181686149858
10867247Document/None/PDF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 615042, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2517009, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false80ac906fe3153d272625e4cfd0e953d01dabc7181686149858
10866832DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2275907, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2454431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6d61d48bbadf3a5eaeec617653c64493c03abc481686149861
10866832DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2275907, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2454431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6d61d48bbadf3a5eaeec617653c64493c03abc481686149861
5101876PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 2341502, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsee846d1ab898e95541e6682720022dfb7433b42a11686149862
1200556Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 908895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1200168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea7c06c5ff0f929a52d7d9e88315d9dd6109a79391686149867
1200556Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 908895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1200168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea7c06c5ff0f929a52d7d9e88315d9dd6109a79391686149867
94208Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52375, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54543, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsee445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa71686149871
94208Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52375, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54543, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsee445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa71686149871
4403680DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070028, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1569453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false388bf96870666f99c68015c72e470b96afe330b61686149876
4403680DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070028, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1569453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false388bf96870666f99c68015c72e470b96afe330b61686149876
124306Document/None/RTF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 56115, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0c88ebb87d1db36ec61990b11b9046d8bfc842491686149876
124306Document/None/RTF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 56115, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0c88ebb87d1db36ec61990b11b9046d8bfc842491686149876
7532560DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5242377, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6199698, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b1686149880
7532560DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5242377, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6199698, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b1686149880
89227939PE+/Exe/SetupFactory{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 3721968, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse14f646a4c56d4a6908589ff38cfbc8904fef7ffd1686149881
23765288PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23568888, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12392190, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false32e0479375a7efd4648e3243d95c8a184b723ff71686149882
23765288PE/Exe{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 12386158, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse32e0479375a7efd4648e3243d95c8a184b723ff71686149882
23765288PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23568888, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12392190, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false32e0479375a7efd4648e3243d95c8a184b723ff71686149882
83456Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4722, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false08d52dd79c4506e569f6b44dd040c7666e1c990a1686149884
83456Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4722, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false08d52dd79c4506e569f6b44dd040c7666e1c990a1686149884
18747429PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1790351, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 434614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9315db8fd8e974ed3f32fed4af2a87950051db311686149884
18747429PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1790351, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 434614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9315db8fd8e974ed3f32fed4af2a87950051db311686149884
7971248DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6010248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5922837, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7c0467942d6e3a17cb46f80485735703971be9511686149899
7971248DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6010248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5922837, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7c0467942d6e3a17cb46f80485735703971be9511686149899
8746736DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6663701, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6518302, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec3905032ee58bd7252bfea670af4fae789ee65bc1686149904
8746736DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6663701, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6518302, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec3905032ee58bd7252bfea670af4fae789ee65bc1686149904
29495534PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7777152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14315453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false5448598e37f1525d59dbde93ed3226c6995916601686149907
29495534PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23706990, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse5448598e37f1525d59dbde93ed3226c6995916601686149907
29495534PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7777152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14315453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false5448598e37f1525d59dbde93ed3226c6995916601686149907
20208408PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8042295, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9983725, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false1274f648fbf7ec60f349f91426520d5fed741a751686149911
20208408PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8042295, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9983725, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false1274f648fbf7ec60f349f91426520d5fed741a751686149911
9360804DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6623554, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6393329, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea32a21cc68347f914640067d66a8eb9f3d718f971686149912
9360804DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6623554, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6393329, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea32a21cc68347f914640067d66a8eb9f3d718f971686149912
22696990PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2310626, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false2ee61b0db428bd1943c0a3a23fa9657bdbae45251686149917
22696990PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2310626, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false2ee61b0db428bd1943c0a3a23fa9657bdbae45251686149917
45056Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26775, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7215, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4a2a97a3ccc4f69e4369540afa9621517b61a70d1686149924
45056Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26775, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7215, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4a2a97a3ccc4f69e4369540afa9621517b61a70d1686149924
8178116DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5952245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6078981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6187f8a655a0c8d63f7c0d0159ec48faf39263971686149926
8178116DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5952245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6078981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6187f8a655a0c8d63f7c0d0159ec48faf39263971686149926
118949Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27159, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48713, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false010536c2287998f486647077d5f5f4cb14216f211686149928
118949Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27159, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48713, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false010536c2287998f486647077d5f5f4cb14216f211686149928
4397292DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070008, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1563324, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false28104c2b1121a331071889a8285f18e4e5fa857e1686149932
4397292DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070008, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1563324, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false28104c2b1121a331071889a8285f18e4e5fa857e1686149932
1126838Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec068b6be9d12ef34c4bff6438217ec83aedb39201686149932
1126838Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec068b6be9d12ef34c4bff6438217ec83aedb39201686149932
5742Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1420, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1478, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false784251aee0035f509d9a59f46a7854e3156eb1e81686149932
5742Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1420, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1478, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false784251aee0035f509d9a59f46a7854e3156eb1e81686149932
8342696DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5758241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6719849, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false1a5599d9ac6637d73e45a008eb13963a43a42de51686149933
8342696DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5758241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6719849, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false1a5599d9ac6637d73e45a008eb13963a43a42de51686149933
10935924DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7358335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7658163, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsead38d8e905018d8214d3d086a5314bc8baf530f01686149935
10935924DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7358335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7658163, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsead38d8e905018d8214d3d086a5314bc8baf530f01686149935
9367552PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3032179, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 699012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsef5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd1686149936
9367552PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3032179, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 699012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsef5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd1686149936
5615616Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 684425, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1855040, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false27177a9974cf5e51e406dfc565abec4323a7f4601686149938
5615616Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 684425, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1855040, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false27177a9974cf5e51e406dfc565abec4323a7f4601686149938
12587776DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1885979, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1879584, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false61f1d317d4b637547328d7bbd8db162332ffca961686149941
12587776DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1885979, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1879584, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false61f1d317d4b637547328d7bbd8db162332ffca961686149941
15528080PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7666937, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9603001, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false90006a605fefb15ef0e3ee3a7913e4e3085aa9101686149943
15528080PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7666937, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9603001, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false90006a605fefb15ef0e3ee3a7913e4e3085aa9101686149943
61198027Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3493267, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59650081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false81fdd91f2f3ad757beaa4e99d1e696fe216572a71686149946
61198027Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3493267, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59650081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false81fdd91f2f3ad757beaa4e99d1e696fe216572a71686149946
92550Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50934, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false11e37775d188125698553bb54b92212db30c98681686149952
92550Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50934, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false11e37775d188125698553bb54b92212db30c98681686149952
15909007PE+/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4403826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false3044d17533125b0e81479c13a3938c5f680945dd1686149952
15909007PE+/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4403826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false3044d17533125b0e81479c13a3938c5f680945dd1686149952
7030588PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4138419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3925485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false3e781f619085938c400ef62d124e1c160d8e606d1686149953
7030588PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4138419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3925485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false3e781f619085938c400ef62d124e1c160d8e606d1686149953
7891860DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5936181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6065613, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9672712486f68f6ef3fa5ea1051a4886527687821686149956
7891860DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5936181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6065613, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9672712486f68f6ef3fa5ea1051a4886527687821686149956
1126838Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec068b6be9d12ef34c4bff6438217ec83aedb39201686149974
1126838Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec068b6be9d12ef34c4bff6438217ec83aedb39201686149974
58853069PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 453396, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 422866, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7f61bf37ba7a45b4d9686384db4cccec61f67c471686149975
58853069PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 453396, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 422866, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7f61bf37ba7a45b4d9686384db4cccec61f67c471686149975
80896Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6fc8b4b91789e00438dc40c306b51a4cb607eb8d1686149975
80896Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6fc8b4b91789e00438dc40c306b51a4cb607eb8d1686149975
4090442PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2966063, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3005572, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea9102e50f879a876bcde1a65ed9e66061345af381686149977
4090442PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2966063, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3005572, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea9102e50f879a876bcde1a65ed9e66061345af381686149977
11287504PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9611205, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9336911, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false855439438fa49547ac12bdf953b32f72c719b2c91686149980
11287504PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9611205, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9336911, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false855439438fa49547ac12bdf953b32f72c719b2c91686149980
51580195PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192859, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1055775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseaa57da659dd7d00cce7d1435bfc8459087f51b6f1686149983
51580195PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192859, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1055775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseaa57da659dd7d00cce7d1435bfc8459087f51b6f1686149983
52603562Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5081683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48790340, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7b645c555f2208a68b7d6aff201736b6e111d3cc1686149989
52603562Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5081683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48790340, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7b645c555f2208a68b7d6aff201736b6e111d3cc1686149989
12364752PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10579965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10306863, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6c745b37d30bdc06e8ace8b4189538403c4d5c8a1686149991
12364752PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10579965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10306863, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6c745b37d30bdc06e8ace8b4189538403c4d5c8a1686149991
113599Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50276, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec797c0ed6564a46ae0ac9973f2b97411dbac47541686149993
113599Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50276, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec797c0ed6564a46ae0ac9973f2b97411dbac47541686149993
8720028DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6232135, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6035292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea12a22c2b0ecdbeb2f98a592328068591520225e1686149993
8720028DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6232135, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6035292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea12a22c2b0ecdbeb2f98a592328068591520225e1686149993
11722184PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10006757, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9731199, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed824b4da35e0527c04c91b45111790421e0df9c31686149993
11722184PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10006757, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9731199, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed824b4da35e0527c04c91b45111790421e0df9c31686149993
1647430Document/None/RTF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1504890, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1514081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed416c83fd8bc78cc77ef30a8e5543b59f8b58f901686150001
1647430Document/None/RTF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1504890, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1514081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed416c83fd8bc78cc77ef30a8e5543b59f8b58f901686150001
8185068DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1729023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1836665, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea470d52b3da243f0a6e4f29990910c15fe8772601686150003
8185068DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1729023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1836665, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea470d52b3da243f0a6e4f29990910c15fe8772601686150003
9058488DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2024065, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2076599, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false28cb515f6029996c620d90852ac18089b1ded1101686150004
9058488DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2024065, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2076599, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false28cb515f6029996c620d90852ac18089b1ded1101686150004
6957242PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1535249, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2867970, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false936ed9f8b5e106db89d568cdd6cf0d3768e35e8a1686150005
6957242PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1535249, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2867970, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false936ed9f8b5e106db89d568cdd6cf0d3768e35e8a1686150005
11402192PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9748709, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9479007, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false67bf7558493de43e5248d5c3fb0eff9ebe15e0251686150005
11402192PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9748709, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9479007, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false67bf7558493de43e5248d5c3fb0eff9ebe15e0251686150005
3560827ELF64 Little/SO{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134236, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3282561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false09a2f81add6a24707bf53b87fc35649648d83d841686150008
3560827ELF64 Little/SO{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134236, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3282561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false09a2f81add6a24707bf53b87fc35649648d83d841686150008
24621335PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1120542, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1090012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false42b2ae12dea46ea047d05762919e9b4bfe5ef7881686150010
24621335PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1120542, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1090012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false42b2ae12dea46ea047d05762919e9b4bfe5ef7881686150010
27294631PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2867337, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5192795, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsefadcba6ae6a7d80804672d39716caf6d6b2365481686150010
27294631PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2867337, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5192795, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsefadcba6ae6a7d80804672d39716caf6d6b2365481686150010
563708Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 71256, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13295, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseec4ae655adbbb3805d80b71db833024062f40a301686150022
563708Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 71256, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13295, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseec4ae655adbbb3805d80b71db833024062f40a301686150022
23674771PE/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1113582, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 898210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec3b9b20d2b059c554bfedcf02f7e20a78ea0b6341686150029
23674771PE/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1113582, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 898210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec3b9b20d2b059c554bfedcf02f7e20a78ea0b6341686150029
8696352PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6448188, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5556020, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8c6478d4da8936bbd1c41d55d627e5947f350a3c1686150030
8696352PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6448188, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5556020, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8c6478d4da8936bbd1c41d55d627e5947f350a3c1686150030
89737Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49043, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseea0cd712f5841da8a42c88b5531580a67a46606d1686150040
89737Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49043, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseea0cd712f5841da8a42c88b5531580a67a46606d1686150040
7919852DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5071035, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5906334, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false639f26fcdf4cf23f537da436e579d7642bb88a341686150042
7919852DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5071035, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5906334, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false639f26fcdf4cf23f537da436e579d7642bb88a341686150042
4740152DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3564800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3647079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0e2b28a93eb1a6028a450f2d0fb17b8a4142c8381686150044
4740152DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3564800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3647079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0e2b28a93eb1a6028a450f2d0fb17b8a4142c8381686150044
8722544DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6754191, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7446396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false11da04c21b47ff12ad322a6b23556b240c57e1321686150045
8722544DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6754191, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7446396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false11da04c21b47ff12ad322a6b23556b240c57e1321686150045
3826214Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 68922, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3251864, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false57e01329fd57cdf43d48e6126dcb04a9a649f4861686150045
3826214Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 68922, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3251864, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false57e01329fd57cdf43d48e6126dcb04a9a649f4861686150045
90401Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseeb539586df1f83a1ad6a46578ae93af47d28e5831686150050
90401Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseeb539586df1f83a1ad6a46578ae93af47d28e5831686150050
5196432PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1774761, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1594184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0dfbab7b39fe2df27cc3c450a33703e862548e7c1686150050
5196432PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1774761, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1594184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0dfbab7b39fe2df27cc3c450a33703e862548e7c1686150050
88693Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4f0abfde4499ca4265efaa76240165eeec26ae9c1686150055
88693Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4f0abfde4499ca4265efaa76240165eeec26ae9c1686150055
3114071ELF32 Little/SO{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 104418, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2618650, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsee99fb966b75da3eb02a16fcac3b36c3a9194b8571686150056
3114071ELF32 Little/SO{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 104418, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2618650, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsee99fb966b75da3eb02a16fcac3b36c3a9194b8571686150056
28120902Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22260169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 27281148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0ac06711934890049220bec85d224ca6a69a4abf1686150060
28120902Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22260169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 27281148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0ac06711934890049220bec85d224ca6a69a4abf1686150060
28328686PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6610304, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13148605, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7929803a26acbb9fbec06ee003d65fb01966f3a91686150077
28328686PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6610304, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13148605, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7929803a26acbb9fbec06ee003d65fb01966f3a91686150077
28328686PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22540142, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse7929803a26acbb9fbec06ee003d65fb01966f3a91686150077
18271076PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4064513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8efe34081ab998e156e537df4da387b0a4bd7f081686150078
18271076PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4064513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8efe34081ab998e156e537df4da387b0a4bd7f081686150078
28018926PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6300544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12838845, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false3095cf7fcee94f7ca177dd1cb4aea29b5b4511161686150083
28018926PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22230382, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse3095cf7fcee94f7ca177dd1cb4aea29b5b4511161686150083
28018926PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6300544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12838845, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false3095cf7fcee94f7ca177dd1cb4aea29b5b4511161686150083
27306734PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5588352, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12126653, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false32c438b9048acb085fda9bd828fe370804e83b5c1686150084
27306734PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5588352, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12126653, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false32c438b9048acb085fda9bd828fe370804e83b5c1686150084
27306734PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21518190, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse32c438b9048acb085fda9bd828fe370804e83b5c1686150084
81650Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16951, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 39263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false37b6ec97243b59e031215a7c79c76bd535c94a111686150090
81650Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16951, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 39263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false37b6ec97243b59e031215a7c79c76bd535c94a111686150090
181777Document/None/PDF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9977, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8279, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8e5698b6c99e84ef251da396e57801eea4d4a7e01686150096
181777Document/None/PDF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9977, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8279, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8e5698b6c99e84ef251da396e57801eea4d4a7e01686150096
271360Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 119107, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 118595, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false2b1c1ebb77a69accf7ade4a6656a229a8236da231686150101
271360Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 119107, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 118595, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false2b1c1ebb77a69accf7ade4a6656a229a8236da231686150101
583414Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 304758, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec90a2097bb3ef3b7782b569aad3a7a402c40ece61686150102
583414Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 304758, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec90a2097bb3ef3b7782b569aad3a7a402c40ece61686150102
5011956DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3830891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4122073, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsebceeab17f46e635c4d2d8e83ba98fc53d3b944091686150104
5011956DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3830891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4122073, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsebceeab17f46e635c4d2d8e83ba98fc53d3b944091686150104
22521Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 17697, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7370d7caf811dc3fb9b8ded4fb3a23d36997253d1686150104
22521Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 17697, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7370d7caf811dc3fb9b8ded4fb3a23d36997253d1686150104
7701312DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5240872, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6126943, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseaf1458eda29940c81e42bf6a11d689b9363a575b1686150107
7701312DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5240872, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6126943, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseaf1458eda29940c81e42bf6a11d689b9363a575b1686150107
8298484DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572183, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2680377, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false99047e1bf6e16b647f124db80faf90d91947643e1686150109
8298484DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572183, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2680377, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false99047e1bf6e16b647f124db80faf90d91947643e1686150109
105267Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false891e13aa1d764808d787be69ae3e8188345891ed1686150115
105267Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false891e13aa1d764808d787be69ae3e8188345891ed1686150115
6390588PE+/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3498419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3285485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false732c2810e0cecccdfbcf3a052753060d8158643d1686150119
6390588PE+/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3498419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3285485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false732c2810e0cecccdfbcf3a052753060d8158643d1686150119
102498470PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26303220, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15358931, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false89f539a36777589582b45b5ab3f1c4b8c392a5191686150124
102498470PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26303220, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15358931, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false89f539a36777589582b45b5ab3f1c4b8c392a5191686150124
223744Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 21284, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15037, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d1686150124
223744Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 21284, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15037, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d1686150124
34840Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1586, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20241, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false247dda310be523a670399ce08ac7576eeffceba91686150127
34840Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1586, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20241, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false247dda310be523a670399ce08ac7576eeffceba91686150127
97689Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34565, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 56119, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsece2fbbb268352f30e63708658a895b55d5994a211686150127
97689Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34565, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 56119, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsece2fbbb268352f30e63708658a895b55d5994a211686150127
608019Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 120997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false81bc384770e1fcf3d32e38b69e7fa6dfd68eceb51686150128
608019Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 120997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false81bc384770e1fcf3d32e38b69e7fa6dfd68eceb51686150128
7109996DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5978050, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4853648, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false2a354db1cbe01973b6ea523d0842327ddafc17b81686150129
7109996DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5978050, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4853648, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false2a354db1cbe01973b6ea523d0842327ddafc17b81686150129
11060751PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 208731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4067711, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed328639db252e6882cde55b4d96fb6c6917ce6471686150135
11060751PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 208731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4067711, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed328639db252e6882cde55b4d96fb6c6917ce6471686150135
102034Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52637, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9d13375b63610249a16e7eec10b2be064c7097f71686150136
102034Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52637, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9d13375b63610249a16e7eec10b2be064c7097f71686150136
24915182PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19126638, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse3c24cca2a6bfa8faaa35756e6814802dbcd751f21686150137
24915182PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3196800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9735101, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false3c24cca2a6bfa8faaa35756e6814802dbcd751f21686150137
24915182PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3196800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9735101, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false3c24cca2a6bfa8faaa35756e6814802dbcd751f21686150137
26192622PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20404078, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse9c9d925179896d29421f881eb5ad77af9e8bc7fb1686150137
26192622PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4474240, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11012541, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9c9d925179896d29421f881eb5ad77af9e8bc7fb1686150137
26192622PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4474240, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11012541, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9c9d925179896d29421f881eb5ad77af9e8bc7fb1686150137
26345710PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20557166, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsed6d554d74fdfd98418b8fa34338056708291599e1686150137
26345710PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4627328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11165629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed6d554d74fdfd98418b8fa34338056708291599e1686150137
26345710PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4627328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11165629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed6d554d74fdfd98418b8fa34338056708291599e1686150137
25406702PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3688320, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10226621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false1799c607028ad0ed4d15e46bb80cc0a70683e90f1686150137
25406702PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3688320, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10226621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false1799c607028ad0ed4d15e46bb80cc0a70683e90f1686150137
25406702PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19618158, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse1799c607028ad0ed4d15e46bb80cc0a70683e90f1686150137
25241838PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19453294, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsef5be7fa83024d787932ead402e6a0a63da6eb4431686150138
25241838PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3523456, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10061757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsef5be7fa83024d787932ead402e6a0a63da6eb4431686150138
25241838PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3523456, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10061757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsef5be7fa83024d787932ead402e6a0a63da6eb4431686150138
27273966PE/Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21485422, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsef9461339c56853fd3b535f99bc72bd2b897591d01686150138
27273966PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5555584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12093885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsef9461339c56853fd3b535f99bc72bd2b897591d01686150138
27273966PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5555584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12093885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsef9461339c56853fd3b535f99bc72bd2b897591d01686150138
26257134PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4538752, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11077053, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsebbda585b97e741d2fb638684255a0c49daafadac1686150138
26257134PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20468590, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsebbda585b97e741d2fb638684255a0c49daafadac1686150138
26257134PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4538752, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11077053, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsebbda585b97e741d2fb638684255a0c49daafadac1686150138
4620288PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2649834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2685878, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false102d0b298f078b7d115083307e4ca0ed1bcbd1341686150138
4620288PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2649834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2685878, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false102d0b298f078b7d115083307e4ca0ed1bcbd1341686150138
489616Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 38581, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false32de67e7b17be1d18964e2086362b34f3c7b35751686150138
489616Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 38581, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false32de67e7b17be1d18964e2086362b34f3c7b35751686150138
33862Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26439, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23818, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false40caa9fe8fa64c0f9ba67298941a34d042cff1791686150138
33862Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26439, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23818, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false40caa9fe8fa64c0f9ba67298941a34d042cff1791686150138
85008Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49445, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false37c285df8d320279049afa0c23fa334a3bbeda771686150139
85008Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49445, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false37c285df8d320279049afa0c23fa334a3bbeda771686150139
27974382PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22185838, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse153a8db91757b63b2d6f178bb9d02ea5208c94571686150139
27974382PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6256000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12794301, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false153a8db91757b63b2d6f178bb9d02ea5208c94571686150139
27974382PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6256000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12794301, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false153a8db91757b63b2d6f178bb9d02ea5208c94571686150139
28105966PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6387584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12925885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed50286aa8bb8c3014247b90adb746b25bfd310031686150139
28105966PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22317422, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsed50286aa8bb8c3014247b90adb746b25bfd310031686150139
28105966PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6387584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12925885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed50286aa8bb8c3014247b90adb746b25bfd310031686150139
29250286PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7531904, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14070205, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6c074b89819c235bdeb338af24c7c735ad0035ec1686150140
29250286PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7531904, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14070205, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6c074b89819c235bdeb338af24c7c735ad0035ec1686150140
29250286PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23461742, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse6c074b89819c235bdeb338af24c7c735ad0035ec1686150140
58288120PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 41036824, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23548621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec9812fa79f7c7d3a61f8ed156a3f9047aba842561686150140
58288120PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 41036824, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23548621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec9812fa79f7c7d3a61f8ed156a3f9047aba842561686150140
27151086PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5432704, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11971005, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6f9101e3313d15831fe21dca4f41cd305a5a42b01686150140
27151086PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5432704, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11971005, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6f9101e3313d15831fe21dca4f41cd305a5a42b01686150140
27151086PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21362542, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse6f9101e3313d15831fe21dca4f41cd305a5a42b01686150140
25467630PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3749248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10287549, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false54553aa667794ecaf466add2eb68115e655bb1421686150142
25467630PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3749248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10287549, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false54553aa667794ecaf466add2eb68115e655bb1421686150142
25467630PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19679086, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse54553aa667794ecaf466add2eb68115e655bb1421686150142
24958190PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3239808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9778109, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false96485038e952a3ea5b05d3b73cb09e16746f05fe1686150142
24958190PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19169646, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse96485038e952a3ea5b05d3b73cb09e16746f05fe1686150142
24958190PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3239808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9778109, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false96485038e952a3ea5b05d3b73cb09e16746f05fe1686150142
22632960PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12832781, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17325113, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed9470e93a7f0471df16a93a2df001e35f383b3581686150143
22632960PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12832781, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17325113, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed9470e93a7f0471df16a93a2df001e35f383b3581686150143
28521710PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6803328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13341629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea9e434ae7946b87a7a35e1ceea2a3585c63364ff1686150146
28521710PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22733166, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsea9e434ae7946b87a7a35e1ceea2a3585c63364ff1686150146
28521710PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6803328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13341629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea9e434ae7946b87a7a35e1ceea2a3585c63364ff1686150146
28730094PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7011712, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13550013, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false722d9445761cedf9cf95b00a27484c98b198a0871686150147
28730094PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22941550, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse722d9445761cedf9cf95b00a27484c98b198a0871686150147
28730094PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7011712, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13550013, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false722d9445761cedf9cf95b00a27484c98b198a0871686150147
19508784PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea074e8cd0d7f96a1660eb8034c9d4bb659911d8c1686150151
19508784PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea074e8cd0d7f96a1660eb8034c9d4bb659911d8c1686150151
134656Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4983, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa441686150153
134656Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4983, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa441686150153
123956Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35591, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4151684c657f55df0fbcf6f23e4ff59a3d4349331686150154
123956Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35591, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4151684c657f55df0fbcf6f23e4ff59a3d4349331686150154
89099Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48799, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec1c8b28dccfe8d0b1019ccd86c4a64b6deff30f61686150158
89099Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48799, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec1c8b28dccfe8d0b1019ccd86c4a64b6deff30f61686150158
526968Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9a1f873e7ca75688bb3ecf3538c673994ea8f06e1686150159
526968Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9a1f873e7ca75688bb3ecf3538c673994ea8f06e1686150159
3652720DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1101203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1128397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false946bccb4633670592563b838e8905d87d32006c91686150162
3652720DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1101203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1128397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false946bccb4633670592563b838e8905d87d32006c91686150162
9176564DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6268070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7592405, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false30a5cb71610bf97bb780db06d1c3a685558cef601686150163
9176564DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6268070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7592405, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false30a5cb71610bf97bb780db06d1c3a685558cef601686150163
6925744DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4923140, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4887861, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec552441469a45b5342205401366537d43dfbf1c31686150164
6925744DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4923140, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4887861, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec552441469a45b5342205401366537d43dfbf1c31686150164
7991496PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2569503, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3902224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9f236dccf15907ee09d04f6c8a451bd42b1d4e2d1686150165
7991496PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2569503, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3902224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9f236dccf15907ee09d04f6c8a451bd42b1d4e2d1686150165
5979364DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4057685, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4165750, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false967fcbf4e10d26548398eec462c166d1df7222661686150165
5979364DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4057685, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4165750, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false967fcbf4e10d26548398eec462c166d1df7222661686150165
9728028DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6334598, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6463104, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false5d2ee739905d5f78b6e31684f3bb92423647692b1686150166
9728028DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6334598, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6463104, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false5d2ee739905d5f78b6e31684f3bb92423647692b1686150166
8267816DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5914695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5870746, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsebb7e753018fc4b3c1fdc780a364df59d2e566e671686150167
8267816DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5914695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5870746, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsebb7e753018fc4b3c1fdc780a364df59d2e566e671686150167
6904424DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4921711, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5569145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false750679ecdaac688baa60e32674e510f60cac2ba11686150167
6904424DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4921711, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5569145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false750679ecdaac688baa60e32674e510f60cac2ba11686150167
8668000DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5790672, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929530, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8d17ecf99008a1800aa77b798c53f75f34db635f1686150167
8668000DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5790672, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929530, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8d17ecf99008a1800aa77b798c53f75f34db635f1686150167
8020420DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1730444, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1955210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false098c13f1d5cc4b6038d67874cd2340c470047bde1686150168
8020420DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1730444, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1955210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false098c13f1d5cc4b6038d67874cd2340c470047bde1686150168
9653972DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1796540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636817, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false683b6403118d4a672e2f31efef768346320c5d5d1686150169
9653972DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1796540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636817, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false683b6403118d4a672e2f31efef768346320c5d5d1686150169
5534364DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320126, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4305821, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false2627f11c33033737de957cf52cc29297d08103711686150169
5534364DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320126, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4305821, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false2627f11c33033737de957cf52cc29297d08103711686150169
10148688DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1961186, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2836228, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9834a9b1ff7edf23552ac4e15464a50ced1f90fa1686150170
10148688DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1961186, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2836228, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9834a9b1ff7edf23552ac4e15464a50ced1f90fa1686150170
8828660DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6406510, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6382932, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false48bd69a510ba602c73863ad2afb6b1455e8583351686150170
8828660DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6406510, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6382932, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false48bd69a510ba602c73863ad2afb6b1455e8583351686150170
6136097PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 3709386, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse5bc8ccc3bfd1b1c9bb5c14f442c70a32efa61a711686150172
19905987PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2216386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636129, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9f547ef8cba3b6f25f8c7fe2cacf62496c78cf091686150174
19905987PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2216386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636129, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9f547ef8cba3b6f25f8c7fe2cacf62496c78cf091686150174
1215488PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 576416, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse059403186f3a5d4832bd7bf3e137ab532076c37c1686150175
62215476Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25262900, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53345796, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseaf6b75fe56e8568402c36c11a851c31519729d091686150176
62215476Binary/Archive/ZIP{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25262900, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53345796, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseaf6b75fe56e8568402c36c11a851c31519729d091686150176
62215476Binary/Archive/ZIP{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 53626293, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalseaf6b75fe56e8568402c36c11a851c31519729d091686150176
8790228DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5984952, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7594298, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false791352f0f97961d04505e72dbbc4c905218232121686150176
8790228DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5984952, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7594298, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false791352f0f97961d04505e72dbbc4c905218232121686150176
3970896PE/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1384326, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3217764, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false739c8e7a85bf46ced7d5926d46f5327b03c13e391686150177
3970896PE/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1384326, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3217764, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false739c8e7a85bf46ced7d5926d46f5327b03c13e391686150177
370759Text/HTML/HTML{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 120638, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsed15409e85cbcd767078d35da6402415a8786b2611686150178
19508784PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea074e8cd0d7f96a1660eb8034c9d4bb659911d8c1686150178
19508784PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea074e8cd0d7f96a1660eb8034c9d4bb659911d8c1686150178
9376260DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6790310, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7997401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false69b79a4acbecc8d616965ccde616fbed0bce6bb61686150180
9376260DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6790310, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7997401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false69b79a4acbecc8d616965ccde616fbed0bce6bb61686150180
25092884PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3544155, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3318615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0061d1045777f0d4ffa785a37224981e663cadef1686150187
25092884PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3544155, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3318615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0061d1045777f0d4ffa785a37224981e663cadef1686150187
29217518PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23428974, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsea407bb0966cf4665bf7f5a7145d8659dbb8cf3d01686150197
29217518PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7499136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14037437, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea407bb0966cf4665bf7f5a7145d8659dbb8cf3d01686150197
29217518PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7499136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14037437, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea407bb0966cf4665bf7f5a7145d8659dbb8cf3d01686150197
29422318PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7703936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14242237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea90063b91d8f19cd55120a84a2264dbb56e465941686150197
29422318PE/Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23633774, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsea90063b91d8f19cd55120a84a2264dbb56e465941686150197
29422318PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7703936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14242237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea90063b91d8f19cd55120a84a2264dbb56e465941686150197
25040110PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3321728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9860029, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsef1f94bb6adc57f0f8e47ab859f8a2ba47bea02291686150199
25040110PE/Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19251566, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsef1f94bb6adc57f0f8e47ab859f8a2ba47bea02291686150199
25040110PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3321728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9860029, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsef1f94bb6adc57f0f8e47ab859f8a2ba47bea02291686150199
28910318PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7191936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13730237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false765176df2ecd44d2f33c9a3e09cfffd38b86dc641686150200
28910318PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7191936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13730237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false765176df2ecd44d2f33c9a3e09cfffd38b86dc641686150200
28910318PE/.Net Dll{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23121774, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalse765176df2ecd44d2f33c9a3e09cfffd38b86dc641686150200
32130008PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 977110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 761738, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseae7ff1a8ecc631ba5589735ad0fafbe18d1c41e51686150201
32130008PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 977110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 761738, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseae7ff1a8ecc631ba5589735ad0fafbe18d1c41e51686150201
66892302PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3139247, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2558990, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false5e440414494a26e2ee213b9b681d867ad39b9f801686150214
66892302PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3139247, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2558990, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false5e440414494a26e2ee213b9b681d867ad39b9f801686150214
166833664PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 143364306, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 146750644, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6adeec98314a2649c39350736d889cd272a391b81686150221
166833664PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 143364306, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 146750644, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6adeec98314a2649c39350736d889cd272a391b81686150221
138356736PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 113475200, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 116917070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseeb3c36c843befc50091898fb978f83d45d32e4221686150228
138356736PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 113475200, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 116917070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseeb3c36c843befc50091898fb978f83d45d32e4221686150228
93670Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28715, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50269, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec3a0a929800a0ebe66ac85e6667c6644e872b09d1686150231
93670Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28715, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50269, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec3a0a929800a0ebe66ac85e6667c6644e872b09d1686150231
8553924DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5876359, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6986177, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea3b265af2589cf44aecb2049803a5a4ff84bb2021686150232
8553924DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5876359, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6986177, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea3b265af2589cf44aecb2049803a5a4ff84bb2021686150232
88241Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27207, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48761, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec2643a9a4997e6e3e51685cab2f9c6fd4abc76111686150237
88241Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27207, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48761, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec2643a9a4997e6e3e51685cab2f9c6fd4abc76111686150237
9414708DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6335661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6370528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7d304cf9efb664f2ccd968904d504ed8c576e6541686150239
9414708DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6335661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6370528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7d304cf9efb664f2ccd968904d504ed8c576e6541686150239
10379992DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6814165, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8323239, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsefb499f3e7de44f21eb9cb1a956f3f767d4ed47f01686150241
10379992DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6814165, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8323239, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsefb499f3e7de44f21eb9cb1a956f3f767d4ed47f01686150241
5250Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2325, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4097, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false630991c60909126d75f94b113fd177180f6712ea1686150245
5250Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2325, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4097, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false630991c60909126d75f94b113fd177180f6712ea1686150245
82432Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3828, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4798, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false797c389bd066a4a04c2bce344cb60123443ec81e1686150247
82432Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3828, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4798, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false797c389bd066a4a04c2bce344cb60123443ec81e1686150247
111806Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29792, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51346, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8ad9ad7f0468ebd22e0d9e8384c4a107857333a51686150247
111806Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29792, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51346, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8ad9ad7f0468ebd22e0d9e8384c4a107857333a51686150247
27570Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19448, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false1bfc6472d02cab3b91ce506a17d9cad64804871c1686150248
27570Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19448, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false1bfc6472d02cab3b91ce506a17d9cad64804871c1686150248
450048Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 288291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 221176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false111bcee00d7c3d6df8c1420ee0de782eb19371331686150248
450048Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 288291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 221176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false111bcee00d7c3d6df8c1420ee0de782eb19371331686150248
2600888PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2163112, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2014788, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7e32d3bc9afd569852093401de5c4bb5f44b76ff1686150249
2600888PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2163112, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2014788, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7e32d3bc9afd569852093401de5c4bb5f44b76ff1686150249
175221Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35882, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57436, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false423a146bc73d434a9f39de260f567dd8d0258d471686150250
175221Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35882, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57436, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false423a146bc73d434a9f39de260f567dd8d0258d471686150250
8509312DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6222960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6167524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false19b22d0a540bac402aa018c7df49bd97bf02f44a1686150251
8509312DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6222960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6167524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false19b22d0a540bac402aa018c7df49bd97bf02f44a1686150251
80864416PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2597762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2017505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsee8a00ce275d0d66559cadb01b10a0ae2d441c60d1686150258
80864416PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2597762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2017505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsee8a00ce275d0d66559cadb01b10a0ae2d441c60d1686150258
20964640PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7215661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11972784, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsee8aeecd01fdf0e1521090598c2180f5cb575f6e61686150261
20964640PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7215661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11972784, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsee8aeecd01fdf0e1521090598c2180f5cb575f6e61686150261
275456Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5162, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6481, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec1686150261
275456Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5162, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6481, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec1686150261
87323Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27477, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49031, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false19f3b61586f5cb7808ed718fae3b99408fcde7b81686150263
87323Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27477, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49031, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false19f3b61586f5cb7808ed718fae3b99408fcde7b81686150263
12437976PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10483381, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10170287, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsebd599890f96bfd2cb617bc1155bd15fc40a084ed1686150266
12437976PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10483381, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10170287, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsebd599890f96bfd2cb617bc1155bd15fc40a084ed1686150266
10148938Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 864896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0233a0fec543e6232060515a2e26cc58c2a756231686150268
10148938Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 864896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0233a0fec543e6232060515a2e26cc58c2a756231686150268
9892620DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6562492, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7558230, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a1686150270
9892620DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6562492, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7558230, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a1686150270
9560808DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6901970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6907982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsefbcc73b821ae5184783a597050d8ebd62835bfc91686150270
9560808DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6901970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6907982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsefbcc73b821ae5184783a597050d8ebd62835bfc91686150270
18831446PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 265862, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12964500, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false25e03817dafe65daaa426190b00318324d21cf711686150270
18831446PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 265862, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12964500, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false25e03817dafe65daaa426190b00318324d21cf711686150270
8165976PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3933805, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4859118, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsef4678063bfee99893461cd18f9ec4556382d102f1686150272
8165976PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3933805, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4859118, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsef4678063bfee99893461cd18f9ec4556382d102f1686150272
101077Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27765, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49319, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false62ea9191258518515b4be63a7c69a39b918bd28a1686150272
101077Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27765, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49319, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false62ea9191258518515b4be63a7c69a39b918bd28a1686150272
8092688DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1464386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2192617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsee1e78ef90f835f32fb9bd89fc074c22f7748f3e31686150273
8092688DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1464386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2192617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsee1e78ef90f835f32fb9bd89fc074c22f7748f3e31686150273
9136128PE/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3935869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3109983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false48672736929745d0f2716882ccdb099501cb6b1e1686150274
9136128PE/.Net Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3935869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3109983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false48672736929745d0f2716882ccdb099501cb6b1e1686150274
6035544PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2875148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3522427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9d0c0632f5948623baa3c1ff47e51cb7d7fa2e911686150275
6035544PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2875148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3522427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9d0c0632f5948623baa3c1ff47e51cb7d7fa2e911686150275
13500336PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11443773, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11133887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false1ceec28970dbdc86c09768fdc2bfa305fce4d2611686150276
13500336PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11443773, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11133887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false1ceec28970dbdc86c09768fdc2bfa305fce4d2611686150276
3376319Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 245960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15314, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseefd9d71b0975e5847c4615faf5afc5e9f7210ae31686150277
3376319Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 245960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15314, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseefd9d71b0975e5847c4615faf5afc5e9f7210ae31686150277
103016Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33875, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsee412e2c41f29f865786ecf493deafd266c779d881686150277
103016Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33875, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsee412e2c41f29f865786ecf493deafd266c779d881686150277
7885612DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6087984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6053339, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false80430d7fd0fc7c60d98a89aed4c7bb4495aa63791686150278
7885612DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6087984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6053339, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false80430d7fd0fc7c60d98a89aed4c7bb4495aa63791686150278
14178816PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320653, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5427992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseebde3e5d4f5dad37d897d676df2240e7e40e08fe1686150278
14178816PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320653, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5427992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseebde3e5d4f5dad37d897d676df2240e7e40e08fe1686150278
272896Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8053, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false3a1800e643dae8652354dc0e1d09e0fdd010f6a41686150279
272896Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8053, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false3a1800e643dae8652354dc0e1d09e0fdd010f6a41686150279
689819Document/None/RTF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 533244, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 590406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false5eb3615197888c564cc0190dcb59bc20c7f5cbd91686150283
689819Document/None/RTF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 533244, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 590406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false5eb3615197888c564cc0190dcb59bc20c7f5cbd91686150283
7179516DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1496148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1515461, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8a89d0ad8c999e16a2226fddf4096770486212dd1686150284
7179516DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1496148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1515461, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8a89d0ad8c999e16a2226fddf4096770486212dd1686150284
8096528DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5711198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5832392, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0e753811a1a4bda820926842ce75c4e28c9559191686150287
8096528DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5711198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5832392, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0e753811a1a4bda820926842ce75c4e28c9559191686150287
1766139Text/None{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 260148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 825848, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8a6f27250902702f78938252e2671205790648d41686150288
1766139Text/None{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 260148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 825848, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8a6f27250902702f78938252e2671205790648d41686150288
10031584DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6627232, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6604495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8913aed7d56e63add8ed8f65622454ab0b0ed0071686150290
10031584DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6627232, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6604495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8913aed7d56e63add8ed8f65622454ab0b0ed0071686150290
6598488DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1651604, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2536422, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e5131686150293
6598488DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1651604, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2536422, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e5131686150293
8198736DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1724241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1717079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false2a770424281587e72a70f2b38c6393ee43fcb8fe1686150293
8198736DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1724241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1717079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false2a770424281587e72a70f2b38c6393ee43fcb8fe1686150293
8041928DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6164307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6028674, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false58a086af9f4be29846114490255f118299ee99881686150298
8041928DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6164307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6028674, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false58a086af9f4be29846114490255f118299ee99881686150298
22636544PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12836365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17328505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4a066f4da5351af20dcc6848fcca14ac7237022d1686150304
22636544PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12836365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17328505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4a066f4da5351af20dcc6848fcca14ac7237022d1686150304
31212344PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25069984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24741844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsede4fab5048313f8ea6d87b1821bfc8707463f6881686150308
31212344PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25069984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24741844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsede4fab5048313f8ea6d87b1821bfc8707463f6881686150308
46181234PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28136043, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 340000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea7dd7dbd677a352cade7696363a2b69827ed9efa1686150316
46181234PE/.Net Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28136043, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 340000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea7dd7dbd677a352cade7696363a2b69827ed9efa1686150316
4268456DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1053136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1079585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false55d4bb310cf6f691bf7917630349e60f91e698831686150328
4268456DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1053136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1079585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false55d4bb310cf6f691bf7917630349e60f91e698831686150328
711168Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22283, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140714, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false1cc796892a6c83da4f9d64c7ac496f48e9e874621686150331
711168Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22283, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140714, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false1cc796892a6c83da4f9d64c7ac496f48e9e874621686150331
81041Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26719, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48030, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsefac13be0be3051b4ea5dd0299de7297c50eca6771686150331
81041Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26719, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48030, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsefac13be0be3051b4ea5dd0299de7297c50eca6771686150331
2149088DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1486348, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1792360, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false918840817f162ce48336914897b0a2b9e94159c61686150332
2149088DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1486348, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1792360, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false918840817f162ce48336914897b0a2b9e94159c61686150332
83456Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4736, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7d2d0a954430071976be168e02000021fe3f8d471686150334
83456Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4736, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7d2d0a954430071976be168e02000021fe3f8d471686150334
81703Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29471, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false0de6b65809ff0a806b84af7878f46ab7b0961e581686150335
81703Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29471, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false0de6b65809ff0a806b84af7878f46ab7b0961e581686150335
1986332DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1489941, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1578610, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsecefdbcf177848c3dbc4660ffa92e0971429717e61686150335
1986332DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1489941, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1578610, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsecefdbcf177848c3dbc4660ffa92e0971429717e61686150335
454144Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 282176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 220548, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsee4794fefadbba8fcb81540281ccccb949cccd8281686150336
454144Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 282176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 220548, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsee4794fefadbba8fcb81540281ccccb949cccd8281686150336
18366038PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7030388, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12499092, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseb8c11b6867eaec662e5217df5c861393fa6220e61686150336
18366038PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7030388, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12499092, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseb8c11b6867eaec662e5217df5c861393fa6220e61686150336
8588884DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6284895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6248087, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed9a5feabf05c02918500526e08a432cee2b656151686150337
8588884DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6284895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6248087, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed9a5feabf05c02918500526e08a432cee2b656151686150337
9326836DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6567307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6759624, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsedfb89e0653f80361906802592cd76c3dfbbe08811686150337
9326836DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6567307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6759624, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsedfb89e0653f80361906802592cd76c3dfbbe08811686150337
150057Document/None/PDF{'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 116422, 'matched_string': 'dGV4dCBoZXJl\n'}]}ruleset224239959bf00c630739896da7b08cb59011fc08cfalsedb9a5761f9beda80273964d79aa8bf589ea00f9d1686150338
101408Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27646, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49200, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false920811cc5d0f3a9218886cc0c35f60793859ccff1686150340
101408Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27646, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49200, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false920811cc5d0f3a9218886cc0c35f60793859ccff1686150340
17661014PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6325364, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11794068, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false86e5a6461a4c70641f1d9f05b363a6ee9ad9e9671686150341
17661014PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6325364, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11794068, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false86e5a6461a4c70641f1d9f05b363a6ee9ad9e9671686150341
17709654PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6374004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11842708, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed0286f449fe9b310149eba7c643ef32980b20c0a1686150343
17709654PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6374004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11842708, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed0286f449fe9b310149eba7c643ef32980b20c0a1686150343
18516054PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7180404, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12649108, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsea629d0a626ea29b61a59fa12f74ecae92f111d2b1686150345
18516054PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7180404, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12649108, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsea629d0a626ea29b61a59fa12f74ecae92f111d2b1686150345
13872608PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9059948, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8952253, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9583081e5b7c0f4f74b2222a23fc058d667ab5951686150351
13872608PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9059948, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8952253, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9583081e5b7c0f4f74b2222a23fc058d667ab5951686150351
82432Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3812, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false39d12fff02df078867efb755f7353480b5f6c0bc1686150357
82432Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3812, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false39d12fff02df078867efb755f7353480b5f6c0bc1686150357
2272971Text/None{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 74664, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 619547, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false67c71d50582dea8fedfe6a3b234936a626ffaeb21686150357
2272971Text/None{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 74664, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 619547, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false67c71d50582dea8fedfe6a3b234936a626ffaeb21686150357
8879376DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5745648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5751012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false1a773ba334a1fc0f818bbd42f77a4e1d946065a91686150360
8879376DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5745648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5751012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false1a773ba334a1fc0f818bbd42f77a4e1d946065a91686150360
7755441Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 406771, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21825, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false812184db6861a00260557e33605b51d0042ff5851686150360
7755441Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 406771, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21825, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false812184db6861a00260557e33605b51d0042ff5851686150360
5618928MachO32 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3904124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4378424, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsed1b2e67d1e6066e353d169cfcdcb67b76360ad941686150361
5618928MachO32 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3904124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4378424, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsed1b2e67d1e6066e353d169cfcdcb67b76360ad941686150361
7870848DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5851887, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929958, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false350122e4dba72eec4fcf1b5b91d172335c85d7a91686150369
7870848DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5851887, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929958, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false350122e4dba72eec4fcf1b5b91d172335c85d7a91686150369
8173600PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5940668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5601532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseecc1080cc4303734260b958a79cefb40ae6d01531686150372
8173600PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5940668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5601532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseecc1080cc4303734260b958a79cefb40ae6d01531686150372
366711Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83827, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363899, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsecf2f0e2acfc86560055a39013db63285b1d78a031686150388
366711Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83827, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363899, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsecf2f0e2acfc86560055a39013db63285b1d78a031686150388
9487360PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6897389, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6936885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4106e8b239bb92d9fa524b3a6d667c7115b0b6661686150401
9487360PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6897389, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6936885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4106e8b239bb92d9fa524b3a6d667c7115b0b6661686150401
58555814PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1184014, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10951600, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false7c14bdf271b74f35da06091594293c7502c821071686150401
58555814PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1184014, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10951600, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false7c14bdf271b74f35da06091594293c7502c821071686150401
366706Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363894, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false52a6a217b72415fc38bde13c0f077e47671a78451686150410
366706Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363894, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false52a6a217b72415fc38bde13c0f077e47671a78451686150410
21275520PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7310445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12111641, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false9dc59205f47be9eac8046b5b259f2ccf65ceddc61686150414
21275520PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7310445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12111641, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false9dc59205f47be9eac8046b5b259f2ccf65ceddc61686150414
86684Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34414, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55968, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4120782b6b598f4a7e95b4c480c791cffe37a2681686150422
86684Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34414, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55968, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4120782b6b598f4a7e95b4c480c791cffe37a2681686150422
5327272PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3979083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2767474, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseeb86c40eb9e7de2c827db61b705530e5945c45621686150442
5327272PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3979083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2767474, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseeb86c40eb9e7de2c827db61b705530e5945c45621686150442
1686113Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192055, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16350, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false8d02b28113241f8c6bb4f6313a19950876eca1161686150448
1686113Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192055, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16350, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false8d02b28113241f8c6bb4f6313a19950876eca1161686150448
35515Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4767545f40d35fbfee5bbd359fe6be615e679ff91686150452
35515Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4767545f40d35fbfee5bbd359fe6be615e679ff91686150452
7892976ELF64 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3577820, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3615204, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false94c89fd87cf33f18c9b1783bb133633aa5b282341686150454
7892976ELF64 Little/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3577820, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3615204, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false94c89fd87cf33f18c9b1783bb133633aa5b282341686150454
242700Document/None/RTF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 41619, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false3d526a12778e918e2350d23aa02bfa7cd2c448d01686150455
242700Document/None/RTF{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 41619, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false3d526a12778e918e2350d23aa02bfa7cd2c448d01686150455
7525504DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1861301, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1676862, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falseb2eed81dd77100042b7e918b4f5cacc2d6444aa61686150455
7525504DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1861301, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1676862, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falseb2eed81dd77100042b7e918b4f5cacc2d6444aa61686150455
74127Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26665, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47554, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsec1ad6cf9c783302cedf77c209ae4d5a11d05b07f1686150464
74127Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26665, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47554, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsec1ad6cf9c783302cedf77c209ae4d5a11d05b07f1686150464
6306744DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4682682, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5358994, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false1fa90eebb148c20a065f0a78d5794f00c7bb51a41686150481
6306744DEX/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4682682, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5358994, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false1fa90eebb148c20a065f0a78d5794f00c7bb51a41686150481
8729572PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3118958, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2893418, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6eebfafb77dac46dd9a0541cbd719f59d18ae74a1686150486
8729572PE/Exe/NSIS{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3118958, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2893418, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6eebfafb77dac46dd9a0541cbd719f59d18ae74a1686150486
662567Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 467856, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24033, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4273c4cdb874a9caeddfb76f5e712480246928a61686150489
662567Email/None/MIME{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 467856, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24033, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4273c4cdb874a9caeddfb76f5e712480246928a61686150489
366703Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363891, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false4791aa7a9d8123b974c9b3e41fc3269bfa287c281686150489
366703Text/HTML/HTML{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363891, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false4791aa7a9d8123b974c9b3e41fc3269bfa287c281686150489
18824790PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 259206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12957844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false3d779c8998dfba56449ad09dbd24db692d2b65281686150490
18824790PE/Dll{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 259206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12957844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false3d779c8998dfba56449ad09dbd24db692d2b65281686150490
8471556PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7414380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6887310, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508falsef10efe378fb0fa90ca1ee5dcdfee615b1473a74e1686150490
8471556PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7414380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6887310, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508falsef10efe378fb0fa90ca1ee5dcdfee615b1473a74e1686150490
81408Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4611, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false76c28f712820786cbe6cbeb7f9789480a7ac3b231686150491
81408Binary/Archive/Compound{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4611, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false76c28f712820786cbe6cbeb7f9789480a7ac3b231686150491
13890720PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9051048, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8736852, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false121299e36826d127762d70605c78118223be66a31686150497
13890720PE+/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9051048, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8736852, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false121299e36826d127762d70605c78118223be66a31686150497
18482183PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6662509, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1459423, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}SuperHuntc739753a2575d69ae31b33122622b6a736660508false6010aef2725e64cdeab0e91df479bf0e0a7be14c1686150499
18482183PE/Exe{'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6662509, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1459423, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]}ruleset1c739753a2575d69ae31b33122622b6a736660508false6010aef2725e64cdeab0e91df479bf0e0a7be14c1686150499

reversinglabs-titaniumcloud-yara-retro-hunt-actions#


Perform various YARA retroactive hunting actions.

Base Command#

reversinglabs-titaniumcloud-yara-retro-hunt-actions

Input#

Argument NameDescriptionRequired
yara_retro_actionYARA retro hunt action. Possible values are: ENABLE RETRO HUNT, START RETRO HUNT, CHECK STATUS, CANCEL RETRO HUNT.Required
ruleset_nameName of the YARA ruleset.Required

Context Output#

PathTypeDescription
ReversingLabs.enable_yara_retroUnknown
ReversingLabs.start_yara_retroUnknown
ReversingLabs.check_yara_retro_statusUnknown
ReversingLabs.cancel_yara_retroUnknown

Command example#

!reversinglabs-titaniumcloud-yara-retro-hunt-actions yara_retro_action="CHECK STATUS" ruleset_name=SuperHunt

Context Example#

{
"ReversingLabs": {
"check_yara_retro_status": {
"estimated_finish_time": null,
"finish_time": "2023-05-18T11:31:12",
"progress": null,
"reason": null,
"retro_status": "FINISHED",
"ruleset_name": "SuperHunt",
"start_time": "2023-05-18T11:30:35"
}
}
}

Human Readable Output#

{ "estimated_finish_time": null, "finish_time": "2023-05-18T11:31:12", "progress": null, "reason": null, "retro_status": "FINISHED", "ruleset_name": "SuperHunt", "start_time": "2023-05-18T11:30:35" }

reversinglabs-titaniumcloud-yara-retro-matches-feed#


Returns a recordset of YARA ruleset matches in the specified time range.

Base Command#

reversinglabs-titaniumcloud-yara-retro-matches-feed

Input#

Argument NameDescriptionRequired
time_formatDefine the time format that is used. Possible values are: utc, timestamp.Required
time_valueTime value in the defined format.Required

Context Output#

PathTypeDescription
ReversingLabs.yara_retro_matches_feedUnknown

Command example#

!reversinglabs-titaniumcloud-yara-retro-matches-feed time_format=timestamp time_value=1686063146

Context Example#

{
"ReversingLabs": {
"yara_retro_matches_feed": {
"rl": {
"feed": {
"entries": [],
"last_timestamp": 1686149546,
"name": "YARA Retro Match Continuous Feed",
"time_range": {
"from": "Tue, 06 Jun 2023 14:52:26 +0000",
"to": "Wed, 07 Jun 2023 14:52:26 +0000"
}
}
}
}
}
}

Human Readable Output#

ReversingLabs YARA Retro Matches Feed for time value 1686063146#

Last timestamp: 1686149546 From: Tue, 06 Jun 2023 14:52:26 +0000 To: Wed, 07 Jun 2023 14:52:26 +0000

Entries#

No entries.

reversinglabs-titaniumcloud-reanalyze-sample#


Accepts a hash of a sample in the cloud that you want to reanalyze.

Base Command#

reversinglabs-titaniumcloud-reanalyze-sample

Input#

Argument NameDescriptionRequired
hashHash string.Required

Context Output#

PathTypeDescription
ReversingLabs.reanalyze_sampleUnknown

Command example#

!reversinglabs-titaniumcloud-reanalyze-sample hash=21841b32c6165b27dddbd4d6eb3a672defe54271

Context Example#

{
"ReversingLabs": {
"reanalyze_sample": "Sample sent for rescanning"
}
}

Human Readable Output#

Sample sent for rescanning

reversinglabs-titaniumcloud-imphash-similarity#


Accepts an imphash and returns a list of SHA-1 hashes of files sharing that imphash.

Base Command#

reversinglabs-titaniumcloud-imphash-similarity

Input#

Argument NameDescriptionRequired
imphashImphash string.Required
max_resultsMaximum number of returned results. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.imphash_similarityUnknown

Command example#

!reversinglabs-titaniumcloud-imphash-similarity imphash=fb815acbc7109e8c83537d7d9c7020be max_results=2

Context Example#

{
"ReversingLabs": {
"imphash_similarity": [
"0001af77206c3bc81b26d13bc5e6737770076dbd",
"0001d0cb17013c46d70d9f7bbb2adebf523c65c8"
]
}
}

Human Readable Output#

ReversingLabs Imphash Similarity for fb815acbc7109e8c83537d7d9c7020be#

SHA-1 list#

Hashes
0001af77206c3bc81b26d13bc5e6737770076dbd
0001d0cb17013c46d70d9f7bbb2adebf523c65c8

reversinglabs-titaniumcloud-url-downloaded-files#


Returns a list of files downloaded from the provided URL.

Base Command#

reversinglabs-titaniumcloud-url-downloaded-files

Input#

Argument NameDescriptionRequired
urlURL string.Required
extended_resultsReturn extended results. Possible values are: true, false. Default is True.Optional
classificationReturn only results with this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN, UNKNOWN.Optional
last_analysisReturn results from the last analysis. Possible values are: true, false.Optional
analysis_idReturn results from a specific analysis.Optional
results_per_pageNumber of results per query. Default is 1000.Optional
max_resultsMaximum number of results. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.url_downloaded_filesUnknown

Command example#

!reversinglabs-titaniumcloud-url-downloaded-files max_results=2 url=https://www.nytimes.com/ extended_results=true results_per_page=2

Context Example#

{
"ReversingLabs": {
"url_downloaded_files": [
{
"classification": "KNOWN",
"first_download": "2022-02-26T15:52:16",
"first_seen": "2022-02-26T16:50:11",
"last_download": "2022-02-26T15:52:16",
"last_seen": "2022-02-26T17:05:38",
"md5": "8f16d9b505328d012335e15ad71dba04",
"sample_available": true,
"sample_size": 1188968,
"sample_type": "Text/HTML/HTML",
"sha1": "001647571e28b34d55e02c9ed298242bf8249931",
"sha256": "12ee005e585d8fce2023a848514b408b70ff4a6b4df5be44ee86d9db3960dadd",
"threat_level": 0,
"trust_factor": 2
},
{
"classification": "KNOWN",
"first_download": "2023-02-22T01:02:45",
"first_seen": "2023-02-22T02:00:22",
"last_download": "2023-02-22T01:02:45",
"last_seen": "2023-03-07T05:07:26",
"md5": "f9b456b6222561142301f223a2c7c9a9",
"sample_available": true,
"sample_size": 52579,
"sample_type": "Text/XML",
"sha1": "0034b543da787385621ef607153058aa176cfbdc",
"sha256": "f55bfb144d01e405ce6a2435292acd90d7292126e4b2c7ab17553c9c4c442a0c",
"threat_level": 0,
"trust_factor": 2
}
]
}
}

Human Readable Output#

ReversingLabs Files Downloaded from URL https://www.nytimes.com/#

Downloaded files#

classificationfirst_downloadfirst_seenlast_downloadlast_seenmd5sample_availablesample_sizesample_typesha1sha256threat_leveltrust_factor
KNOWN2022-02-26T15:52:162022-02-26T16:50:112022-02-26T15:52:162022-02-26T17:05:388f16d9b505328d012335e15ad71dba04true1188968Text/HTML/HTML001647571e28b34d55e02c9ed298242bf824993112ee005e585d8fce2023a848514b408b70ff4a6b4df5be44ee86d9db3960dadd02
KNOWN2023-02-22T01:02:452023-02-22T02:00:222023-02-22T01:02:452023-03-07T05:07:26f9b456b6222561142301f223a2c7c9a9true52579Text/XML0034b543da787385621ef607153058aa176cfbdcf55bfb144d01e405ce6a2435292acd90d7292126e4b2c7ab17553c9c4c442a0c02

reversinglabs-titaniumcloud-url-latest-analyses-feed#


Returns the latest URL analysis reports.

Base Command#

reversinglabs-titaniumcloud-url-latest-analyses-feed

Input#

Argument NameDescriptionRequired
results_per_pageNumber of results per query. Default is 1000.Optional
max_resultsMaximum number of results. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.url_latest_analyses_feedUnknown

Command example#

!reversinglabs-titaniumcloud-url-latest-analyses-feed results_per_page=2 max_results=2

Context Example#

{
"InfoFile": {
"EntryID": "7704@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "ReversingLabs Latest URL Analyses Feed",
"Size": 782,
"Type": "ASCII text"
},
"ReversingLabs": {
"url_latest_analyses_feed": [
{
"analysis_id": "1686146896780f90",
"analysis_time": "2023-06-07T14:08:19",
"availability_status": "online",
"final_url": "https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar",
"url": "https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar"
},
{
"analysis_id": "168614689679c15f",
"analysis_time": "2023-06-07T14:08:19",
"availability_status": "online",
"final_url": "https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar",
"url": "https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar"
}
]
}
}

Human Readable Output#

ReversingLabs Latest URL Analyses Feed#

Latest URL analyses#

analysis_idanalysis_timeavailability_statusfinal_urlurl
1686146896780f902023-06-07T14:08:19onlinehttps://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.marhttps://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar
168614689679c15f2023-06-07T14:08:19onlinehttps://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.marhttps://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar

reversinglabs-titaniumcloud-url-analyses-feed-from-date#


Returns URL analyses reports from the defined time onward.

Base Command#

reversinglabs-titaniumcloud-url-analyses-feed-from-date

Input#

Argument NameDescriptionRequired
time_formatDefine the time format that is used. Possible values are: utc, timestamp.Required
start_timeTime value in the defined format.Required
results_per_pageNumber of results per query. Default is 1000.Optional
max_resultsMaximum number of results. Default is 5000.Optional

Context Output#

PathTypeDescription
ReversingLabs.url_analyses_feed_from_dateUnknown

Command example#

!reversinglabs-titaniumcloud-url-analyses-feed-from-date results_per_page=2 max_results=2 time_format=timestamp start_time=1685976746

Context Example#

{
"InfoFile": {
"EntryID": "7695@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "ReversingLabs URL Analyses Feed From Date 1685976746",
"Size": 846,
"Type": "ASCII text"
},
"ReversingLabs": {
"url_analyses_feed_from_date": [
{
"analysis_id": "168597674625002a",
"analysis_time": "2023-06-05T14:52:28",
"availability_status": "online",
"final_url": "http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz",
"url": "http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz"
},
{
"analysis_id": "168597674529c352",
"analysis_time": "2023-06-05T14:52:28",
"availability_status": "online",
"final_url": "http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2",
"url": "http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2"
}
]
}
}

Human Readable Output#

ReversingLabs URL Analyses Feed From Date 1685976746#

URL analyses from specified date#

analysis_idanalysis_timeavailability_statusfinal_urlurl
168597674625002a2023-06-05T14:52:28onlinehttp://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gzhttp://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz
168597674529c3522023-06-05T14:52:28onlinehttp://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2

reversinglabs-titaniumcloud-domain-report#


Returns a domain analysis report.

Base Command#

reversinglabs-titaniumcloud-domain-report

Input#

Argument NameDescriptionRequired
domainDomain string.Required

Context Output#

PathTypeDescription
ReversingLabs.domain_reportUnknownThe domain analysis report.

Command example#

!reversinglabs-titaniumcloud-domain-report domain=bloom-artists.com

Context Example#

{
"DBotScore": {
"Indicator": "bloom-artists.com",
"Reliability": "C - Fairly reliable",
"Score": 0,
"Type": "domain",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"Domain": {
"Name": "bloom-artists.com"
},
"ReversingLabs": {
"domain_report": {
"rl": {
"downloaded_files_statistics": {
"known": 54,
"malicious": 1,
"suspicious": 0,
"total": 55,
"unknown": 0
},
"last_dns_records": [
{
"provider": "ReversingLabs",
"type": "A",
"value": "85.187.128.34"
}
],
"last_dns_records_time": "2023-08-25T09:34:16",
"modified_time": "2023-11-06T12:06:50",
"requested_domain": "bloom-artists.com",
"third_party_reputations": {
"sources": [
{
"detection": "undetected",
"source": "phishing_database",
"update_time": "2023-11-06T02:25:55"
},
{
"detection": "undetected",
"source": "0xSI_f33d",
"update_time": "2023-11-06T06:22:03"
},
{
"detection": "undetected",
"source": "cyradar",
"update_time": "2023-11-06T08:15:05"
},
{
"detect_time": "2023-10-22T21:13:34",
"detection": "malicious",
"source": "adminus_labs",
"update_time": "2023-11-06T12:06:50"
},
{
"detection": "undetected",
"source": "apwg",
"update_time": "2023-11-02T17:30:36"
},
{
"detection": "undetected",
"source": "netstar",
"update_time": "2023-11-06T11:39:40"
},
{
"detection": "undetected",
"source": "threatfox_abuse_ch",
"update_time": "2023-11-06T08:20:49"
},
{
"detection": "undetected",
"source": "botvrij",
"update_time": "2023-11-06T02:26:03"
},
{
"detection": "undetected",
"source": "alphamountain",
"update_time": "2023-11-06T10:57:13"
},
{
"detection": "undetected",
"source": "comodo_valkyrie",
"update_time": "2023-11-06T05:53:24"
},
{
"detection": "undetected",
"source": "web_security_guard",
"update_time": "2022-01-21T06:56:15"
},
{
"detection": "undetected",
"source": "osint",
"update_time": "2023-11-06T01:30:13"
},
{
"detect_time": "2023-10-23T03:27:25",
"detection": "malicious",
"source": "crdf",
"update_time": "2023-11-06T08:34:19"
}
],
"statistics": {
"clean": 0,
"malicious": 2,
"total": 13,
"undetected": 11
}
},
"top_threats": [
{
"files_count": 1,
"threat_level": 5,
"threat_name": "Win32.Trojan.RedLine"
}
]
}
}
}
}

Human Readable Output#

ReversingLabs Domain Report for bloom-artists.com#

Last DNS records#

providertypevalue
ReversingLabsA85.187.128.34

Last DNS records time: 2023-08-25T09:34:16

Top threats#

files_countthreat_levelthreat_name
15Win32.Trojan.RedLine

Third party statistics#

CLEAN: 0 MALICIOUS: 2 UNDETECTED: 11 TOTAL: 13

Third party sources#

detectionsourceupdate_time
undetectedphishing_database2023-11-06T02:25:55
undetected0xSI_f33d2023-11-06T06:22:03
undetectedcyradar2023-11-06T08:15:05
maliciousadminus_labs2023-11-06T12:06:50
undetectedapwg2023-11-02T17:30:36
undetectednetstar2023-11-06T11:39:40
undetectedthreatfox_abuse_ch2023-11-06T08:20:49
undetectedbotvrij2023-11-06T02:26:03
undetectedalphamountain2023-11-06T10:57:13
undetectedcomodo_valkyrie2023-11-06T05:53:24
undetectedweb_security_guard2022-01-21T06:56:15
undetectedosint2023-11-06T01:30:13
maliciouscrdf2023-11-06T08:34:19

Downloaded files statistics#

KNOWN: 54 MALICIOUS: 1 SUSPICIOUS: 0 UNKNOWN: 0 TOTAL: 55

reversinglabs-titaniumcloud-domain-downloaded-files#


Returns a list of files downloaded from a domain.

Base Command#

reversinglabs-titaniumcloud-domain-downloaded-files

Input#

Argument NameDescriptionRequired
domainDomain string.Required
classificationReturn only files of this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN.Optional
result_limitMaximum number of returned results. Default is 50000.Optional
results_per_pageNumber of results returned per request. Default is 1000.Optional

Context Output#

PathTypeDescription
ReversingLabs.domain_downloaded_filesUnknownThe list of files downloaded from a domain.

Command example#

!reversinglabs-titaniumcloud-domain-downloaded-files domain=bloom-artists.com classification=MALICIOUS result_limit=10 results_per_page=3

Context Example#

{
"DBotScore": {
"Indicator": "bloom-artists.com",
"Reliability": "C - Fairly reliable",
"Score": 0,
"Type": "domain",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"Domain": {
"Name": "bloom-artists.com"
},
"ReversingLabs": {
"domain_downloaded_files": [
{
"classification": "MALICIOUS",
"first_download": "2023-07-08T06:13:02",
"first_seen": "2023-07-08T00:39:23",
"last_download": "2023-07-08T15:11:31",
"last_download_url": "http://bloom-artists.com/wp-includes/class-wp-image-editors.php?filename=winx32apideftype.exe",
"last_seen": "2023-09-26T15:25:41",
"malware_family": "RedLine",
"malware_type": "Trojan",
"md5": "2796bf32abbebdd11a35603f3453214d",
"platform": "Win32",
"sample_available": true,
"sample_size": 3697248,
"sample_type": "PE/Exe",
"sha1": "96826340af3f4708b16f8f0e3eb29ad0ce5bb6f8",
"sha256": "0edc6dae7ee848bf465be34edfc49377b7da304798445685e4a7d45d4983f166",
"threat_level": 5,
"threat_name": "Win32.Trojan.RedLine",
"trust_factor": 5
}
]
}
}

Human Readable Output#

ReversingLabs Files downloaded from domain bloom-artists.com#

Downloaded files#

classificationfirst_downloadfirst_seenlast_downloadlast_download_urllast_seenmalware_familymalware_typemd5platformsample_availablesample_sizesample_typesha1sha256threat_levelthreat_nametrust_factor
MALICIOUS2023-07-08T06:13:022023-07-08T00:39:232023-07-08T15:11:31http://bloom-artists.com/wp-includes/class-wp-image-editors.php?filename=winx32apideftype.exe2023-09-26T15:25:41RedLineTrojan2796bf32abbebdd11a35603f3453214dWin32true3697248PE/Exe96826340af3f4708b16f8f0e3eb29ad0ce5bb6f80edc6dae7ee848bf465be34edfc49377b7da304798445685e4a7d45d4983f1665Win32.Trojan.RedLine5

reversinglabs-titaniumcloud-domain-urls#


Returns a list of URL-s associated with the requested domain.

Base Command#

reversinglabs-titaniumcloud-domain-urls

Input#

Argument NameDescriptionRequired
domainDomain string.Required
result_limitMaximum number of returned results. Default is 50000.Optional
results_per_pageNumber of results returned per request. Default is 1000.Optional

Context Output#

PathTypeDescription
ReversingLabs.domain_urlsUnknownThe list of URL-s associated with the requested domain.

Command example#

!reversinglabs-titaniumcloud-domain-urls result_limit=10 results_per_page=3 domain=bloom-artists.com

Context Example#

{
"DBotScore": {
"Indicator": "bloom-artists.com",
"Reliability": "C - Fairly reliable",
"Score": 0,
"Type": "domain",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"Domain": {
"Name": "bloom-artists.com"
},
"ReversingLabs": {
"domain_urls": [
{
"url": "https://bloom-artists.com/wp-content/uploads/2021/01/cropped-%C3%A8%C2%97%C2%9D%C3%A9%C2%BB%C2%9E%C3%A4%C2%BA%C2%AE%C3%A5%C2%8D%C2%94%C3%A6%C2%9C%C2%83-logo-1-32x32.jpg"
},
{
"url": "https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-custom-header.js?ver=7.2.1"
},
{
"url": "https://bloom-artists.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=6.2.2"
},
{
"url": "https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1"
},
{
"url": "https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1"
},
{
"url": "https://bloom-artists.com/2021/01/15/teacher-2/"
},
{
"url": "https://bloom-artists.com/wp-json/"
},
{
"url": "https://bloom-artists.com/2021/01/15/author-6/"
},
{
"url": "https://bloom-artists.com/wp-content/plugins/convertplug/modules/slide_in/assets/demos"
},
{
"url": "https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.2.1"
}
]
}
}

Human Readable Output#

ReversingLabs URL-s associated with domain bloom-artists.com#

URL list#

url
https://bloom-artists.com/wp-content/uploads/2021/01/cropped-%C3%A8%C2%97%C2%9D%C3%A9%C2%BB%C2%9E%C3%A4%C2%BA%C2%AE%C3%A5%C2%8D%C2%94%C3%A6%C2%9C%C2%83-logo-1-32x32.jpg
https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-custom-header.js?ver=7.2.1
https://bloom-artists.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=6.2.2
https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1
https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1
https://bloom-artists.com/2021/01/15/teacher-2/
https://bloom-artists.com/wp-json/
https://bloom-artists.com/2021/01/15/author-6/
https://bloom-artists.com/wp-content/plugins/convertplug/modules/slide_in/assets/demos
https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.2.1

reversinglabs-titaniumcloud-domain-to-ip#


Returns a list of IP addresses resolved from a domain.

Base Command#

reversinglabs-titaniumcloud-domain-to-ip

Input#

Argument NameDescriptionRequired
domainDomain string.Required
result_limitMaximum number of returned results. Default is 50000.Optional
results_per_pageNumber of results returned per request. Default is 1000.Optional

Context Output#

PathTypeDescription
ReversingLabs.domain_to_ipUnknownThe list of IP addresses resolved from the domain.

Command example#

!reversinglabs-titaniumcloud-domain-to-ip results_per_page=3 domain=bloom-artists.com result_limit=10

Context Example#

{
"DBotScore": {
"Indicator": "bloom-artists.com",
"Reliability": "C - Fairly reliable",
"Score": 0,
"Type": "domain",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"Domain": {
"Name": "bloom-artists.com"
},
"ReversingLabs": {
"domain_to_ip": [
{
"ip": "85.187.128.34",
"last_resolution_time": "2023-08-25T09:34:16",
"provider": "ReversingLabs"
}
]
}
}

Human Readable Output#

ReversingLabs IP addresses resolved from domain bloom-artists.com#

IP address list#

iplast_resolution_timeprovider
85.187.128.342023-08-25T09:34:16ReversingLabs

reversinglabs-titaniumcloud-domain-related-domains#


Returns a list of domains related to the submitted domain.

Base Command#

reversinglabs-titaniumcloud-domain-related-domains

Input#

Argument NameDescriptionRequired
domainDomain string.Required
result_limitMaximum number of returned results. Default is 50000.Optional
results_per_pageNumber of results returned per request. Default is 1000.Optional

Context Output#

PathTypeDescription
ReversingLabs.domain_related_domainsUnknownThe list of domains related to the submitted domain.

Command example#

!reversinglabs-titaniumcloud-domain-related-domains domain=smsv4.ufcfan.org result_limit=10 results_per_page=3

Context Example#

{
"DBotScore": {
"Indicator": "smsv4.ufcfan.org",
"Reliability": "C - Fairly reliable",
"Score": 0,
"Type": "domain",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"Domain": {
"Name": "smsv4.ufcfan.org"
},
"ReversingLabs": {
"domain_related_domains": [
{
"domain": "mstanley.ufcfan.org"
},
{
"domain": "ketogendietmo.ufcfan.org"
},
{
"domain": "vmze-crypto511386.marketscoin.ufcfan.org"
},
{
"domain": "cxip-crypto665491.marketscoin.ufcfan.org"
},
{
"domain": "xgzc-crypto767019.marketscoin.ufcfan.org"
},
{
"domain": "dejar-de-roncar.ufcfan.org"
},
{
"domain": "uolv-crypto969448.marketscoin.ufcfan.org"
},
{
"domain": "nowornever1.ufcfan.org"
},
{
"domain": "the.ufcfan.org"
},
{
"domain": "onedrshapointooo.ufcfan.org"
}
]
}
}

Human Readable Output#

ReversingLabs domains related to domain smsv4.ufcfan.org#

Domain list#

domain
mstanley.ufcfan.org
ketogendietmo.ufcfan.org
vmze-crypto511386.marketscoin.ufcfan.org
cxip-crypto665491.marketscoin.ufcfan.org
xgzc-crypto767019.marketscoin.ufcfan.org
dejar-de-roncar.ufcfan.org
uolv-crypto969448.marketscoin.ufcfan.org
nowornever1.ufcfan.org
the.ufcfan.org
onedrshapointooo.ufcfan.org

reversinglabs-titaniumcloud-ip-report#


Returns an IP address analysis report.

Base Command#

reversinglabs-titaniumcloud-ip-report

Input#

Argument NameDescriptionRequired
ipIP address.Required

Context Output#

PathTypeDescription
ReversingLabs.ip_reportUnknownThe IP address analysis report.

Command example#

!reversinglabs-titaniumcloud-ip-report ip=5.42.64.70

Context Example#

{
"DBotScore": {
"Indicator": "5.42.64.70",
"Reliability": "C - Fairly reliable",
"Score": 0,
"Type": "ip",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"IP": {
"Address": "5.42.64.70"
},
"ReversingLabs": {
"ip_report": {
"rl": {
"downloaded_files_statistics": {
"known": 0,
"malicious": 0,
"suspicious": 0,
"total": 0,
"unknown": 0
},
"modified_time": "2023-11-06T12:00:35",
"requested_ip": "5.42.64.70",
"third_party_reputations": {
"sources": [
{
"detection": "undetected",
"source": "adminus_labs",
"update_time": "2023-11-06T12:00:35"
},
{
"detection": "undetected",
"source": "apwg",
"update_time": "2023-11-01T21:23:52"
},
{
"detection": "undetected",
"source": "threatfox_abuse_ch",
"update_time": "2023-11-06T08:20:49"
},
{
"detection": "undetected",
"source": "alphamountain",
"update_time": "2023-11-06T10:57:13"
},
{
"detection": "undetected",
"source": "osint",
"update_time": "2023-11-06T01:30:13"
},
{
"detection": "undetected",
"source": "feodotracker",
"update_time": "2023-11-06T05:28:24"
},
{
"detect_time": "2023-10-27T03:54:23",
"detection": "malicious",
"source": "crdf",
"update_time": "2023-11-06T08:34:19"
}
],
"statistics": {
"clean": 0,
"malicious": 1,
"total": 7,
"undetected": 6
}
}
}
}
}
}

Human Readable Output#

ReversingLabs IP address report for 5.42.64.70#

Downloaded files statistics#

KNOWN: 0 MALICIOUS: 0 SUSPICIOUS: 0 UNKNOWN: 0 TOTAL: 0

Third party statistics#

CLEAN: 0 MALICIOUS: 1 UNDETECTED: 6 TOTAL: 7

Third party sources#

detectionsourceupdate_time
undetectedadminus_labs2023-11-06T12:00:35
undetectedapwg2023-11-01T21:23:52
undetectedthreatfox_abuse_ch2023-11-06T08:20:49
undetectedalphamountain2023-11-06T10:57:13
undetectedosint2023-11-06T01:30:13
undetectedfeodotracker2023-11-06T05:28:24
maliciouscrdf2023-11-06T08:34:19

reversinglabs-titaniumcloud-ip-downloaded-files#


Returns a list of files downloaded from an IP address.

Base Command#

reversinglabs-titaniumcloud-ip-downloaded-files

Input#

Argument NameDescriptionRequired
ipIP address.Required
classificationReturn only files of this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN.Optional
result_limitMaximum number of returned results. Default is 50000.Optional
results_per_pageNumber of results returned per request. Default is 1000.Optional

Context Output#

PathTypeDescription
ReversingLabs.ip_downloaded_filesUnknownThe list of files downloaded from an IP address.

Command example#

!reversinglabs-titaniumcloud-ip-downloaded-files ip=61.253.71.111 result_limit=10 results_per_page=3 classification=KNOWN

Context Example#

{
"DBotScore": {
"Indicator": "61.253.71.111",
"Reliability": "C - Fairly reliable",
"Score": 0,
"Type": "ip",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"IP": {
"Address": "61.253.71.111"
},
"ReversingLabs": {
"ip_downloaded_files": [
{
"classification": "KNOWN",
"first_download": "2023-07-07T17:19:28",
"first_seen": "2023-07-07T17:19:28",
"last_download": "2023-07-07T17:19:28",
"last_download_url": "http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E",
"last_seen": "2023-07-07T19:59:59",
"md5": "797eccd405422c693c0191979ff6ef4a",
"sample_available": true,
"sample_size": 556,
"sample_type": "Text/JSON",
"sha1": "91b32dca495014f75ffdee6faa698bdf6434d8fb",
"sha256": "4b89d4825098a840cd456b2b5885dcb2877f64860849241fa1f61ae222ad17bf",
"threat_level": 0,
"trust_factor": 5
},
{
"classification": "KNOWN",
"first_download": "2023-06-02T11:22:59",
"first_seen": "2023-06-02T11:22:59",
"last_download": "2023-06-02T11:22:59",
"last_download_url": "http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288",
"last_seen": "2023-07-24T13:15:30",
"md5": "c64e2b30fda16b0196942265d3dd5fef",
"sample_available": true,
"sample_size": 560,
"sample_type": "Text/JSON",
"sha1": "d8e27451c3045d36059275900c471d6fbb0cabf4",
"sha256": "196a50b5dd9a72e24acb81c757df553d1e0f5c072d52672decb5c598f203b4c5",
"threat_level": 0,
"trust_factor": 5
},
{
"classification": "KNOWN",
"first_download": "2023-07-06T13:27:18",
"first_seen": "2023-07-06T13:27:18",
"last_download": "2023-07-06T13:27:18",
"last_download_url": "http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702",
"last_seen": "2023-07-13T18:31:02",
"md5": "4dea2d4466b52c08d0b8276dd0c45172",
"sample_available": true,
"sample_size": 556,
"sample_type": "Text/JSON",
"sha1": "e8f717a59b8c1c5290797642d9442612ea234657",
"sha256": "8575ac48af341192f571d55002370cc945c56dd43655731d76348f4df6d232a7",
"threat_level": 0,
"trust_factor": 5
}
]
}
}

Human Readable Output#

ReversingLabs Files downloaded from IP address 61.253.71.111#

Downloaded files#

classificationfirst_downloadfirst_seenlast_downloadlast_download_urllast_seenmd5sample_availablesample_sizesample_typesha1sha256threat_leveltrust_factor
KNOWN2023-07-07T17:19:282023-07-07T17:19:282023-07-07T17:19:28http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E2023-07-07T19:59:59797eccd405422c693c0191979ff6ef4atrue556Text/JSON91b32dca495014f75ffdee6faa698bdf6434d8fb4b89d4825098a840cd456b2b5885dcb2877f64860849241fa1f61ae222ad17bf05
KNOWN2023-06-02T11:22:592023-06-02T11:22:592023-06-02T11:22:59http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF92882023-07-24T13:15:30c64e2b30fda16b0196942265d3dd5feftrue560Text/JSONd8e27451c3045d36059275900c471d6fbb0cabf4196a50b5dd9a72e24acb81c757df553d1e0f5c072d52672decb5c598f203b4c505
KNOWN2023-07-06T13:27:182023-07-06T13:27:182023-07-06T13:27:18http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D438167022023-07-13T18:31:024dea2d4466b52c08d0b8276dd0c45172true556Text/JSONe8f717a59b8c1c5290797642d9442612ea2346578575ac48af341192f571d55002370cc945c56dd43655731d76348f4df6d232a705

reversinglabs-titaniumcloud-ip-urls#


Returns a list of URL-s associated with an IP address.

Base Command#

reversinglabs-titaniumcloud-ip-urls

Input#

Argument NameDescriptionRequired
ipIP address.Required
result_limitMaximum number of returned results. Default is 50000.Optional
results_per_pageNumber of results returned per request. Default is 1000.Optional

Context Output#

PathTypeDescription
ReversingLabs.ip_urlsUnknownThe list of URL-s associated with an IP address.

Command example#

!reversinglabs-titaniumcloud-ip-urls ip=61.253.71.111 result_limit=10 results_per_page=3

Context Example#

{
"DBotScore": {
"Indicator": "61.253.71.111",
"Reliability": "C - Fairly reliable",
"Score": 0,
"Type": "ip",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"IP": {
"Address": "61.253.71.111"
},
"ReversingLabs": {
"ip_urls": [
{
"url": "http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288"
},
{
"url": "http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E"
},
{
"url": "http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702"
}
]
}
}

Human Readable Output#

ReversingLabs URL-s associated with IP address 61.253.71.111#

URL list#

url
http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288
http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E
http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702

reversinglabs-titaniumcloud-ip-to-domain#


Returns a list of IP to domain mappings.

Base Command#

reversinglabs-titaniumcloud-ip-to-domain

Input#

Argument NameDescriptionRequired
ipIP address.Required
result_limitMaximum number of returned results. Default is 50000.Optional
results_per_pageNumber of results returned per request. Default is 1000.Optional

Context Output#

PathTypeDescription
ReversingLabs.ip_to_domainUnknownThe list of IP to domain mappings.

Command example#

!reversinglabs-titaniumcloud-ip-to-domain results_per_page=3 ip=61.253.71.111 result_limit=10

Context Example#

{
"DBotScore": {
"Indicator": "61.253.71.111",
"Reliability": "C - Fairly reliable",
"Score": 0,
"Type": "ip",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"IP": {
"Address": "61.253.71.111"
},
"ReversingLabs": {
"ip_to_domain": [
{
"host_name": "zexeq.com",
"last_resolution_time": "2023-07-07T17:19:28",
"provider": "ReversingLabs"
}
]
}
}

Human Readable Output#

ReversingLabs IP to domain mappings for IP address 61.253.71.111#

Domain list#

host_namelast_resolution_timeprovider
zexeq.com2023-07-07T17:19:28ReversingLabs

reversinglabs-titaniumcloud-network-reputation#


Returns network reputation for requested network locations.

Base Command#

reversinglabs-titaniumcloud-network-reputation

Input#

Argument NameDescriptionRequired
network_locationsA comma-separated list of network locations. The list should have no spaces.Required

Context Output#

PathTypeDescription
ReversingLabs.network_reputationUnknownNetwork reputation.

Command example#

!reversinglabs-titaniumcloud-network-reputation network_locations=http://43.138.221.139/jquery-3.3.1.min.js,61.253.71.111,bloom-artists.com

Context Example#

{
"ReversingLabs": {
"network_reputation": {
"rl": {
"entries": [
{
"associated_malware": false,
"categories": [
"phishing",
"command_and_control"
],
"classification": "malicious",
"first_seen": "2022-09-11T11:54:39",
"last_seen": "2023-04-14T11:15:51",
"reason": "third_party_reputation",
"requested_network_location": "http://43.138.221.139/jquery-3.3.1.min.js",
"third_party_reputations": {
"clean": 0,
"malicious": 2,
"total": 19,
"undetected": 17
},
"type": "url"
},
{
"associated_malware": false,
"first_seen": "2023-11-06T13:10:15",
"last_seen": "2023-07-24T13:15:52",
"requested_network_location": "61.253.71.111",
"third_party_reputations": {
"clean": 0,
"malicious": 0,
"total": 7,
"undetected": 7
},
"type": "ip"
},
{
"associated_malware": true,
"first_seen": "2023-10-22T21:13:34",
"last_seen": "2023-10-23T03:27:25",
"requested_network_location": "bloom-artists.com",
"third_party_reputations": {
"clean": 0,
"malicious": 2,
"total": 13,
"undetected": 11
},
"type": "domain"
}
]
}
}
}
}

Human Readable Output#

ReversingLabs Reputation for the following network locations: http://43.138.221.139/jquery-3.3.1.min.js, 61.253.71.111, bloom-artists.com#

Network locations#

associated_malwarecategoriesclassificationfirst_seenlast_seenreasonrequested_network_locationthird_party_reputations_cleanthird_party_reputations_maliciousthird_party_reputations_totalthird_party_reputations_undetectedtype
falsephishing,
command_and_control
malicious2022-09-11T11:54:392023-04-14T11:15:51third_party_reputationhttp://43.138.221.139/jquery-3.3.1.min.js021917url
false2023-11-06T13:10:152023-07-24T13:15:5261.253.71.1110077ip
true2023-10-22T21:13:342023-10-23T03:27:25bloom-artists.com021311domain

reversinglabs-titaniumcloud-network-reputation-override#


Sets and removes user-requested network reputation overrides.

Base Command#

reversinglabs-titaniumcloud-network-reputation-override

Input#

Argument NameDescriptionRequired
set_overrides_listNetwork locations whose reputations should be overriden. The locations should be written as a string in the following format - 'network_location,location_type,new_classification|network_location,location_type,new_classification|network_location,location_type,new_classification'.Optional
remove_overrides_listNetwork locations whose reputation overrides should be removed. The locations should be written as a string in the following format - 'network_location,location_type|network_location,location_type|network_location,location_type'.Optional

Context Output#

PathTypeDescription
ReversingLabs.network_reputation_overrideUnknownNetwork reputation user override.

Command example#

!reversinglabs-titaniumcloud-network-reputation-override set_overrides_list="http://163.197.220.144/5x8x,url,suspicious|http://163.197.220.144/j.ad,url,known" remove_overrides_list="http://43.138.221.139/jquery-3.3.1.min.js,url"

Context Example#

{
"ReversingLabs": {
"network_reputation_override": {
"rl": {
"user_override": {
"created_overrides": [
{
"classification": "suspicious",
"network_location": "http://163.197.220.144/5x8x",
"reason": "user_override",
"type": "url"
},
{
"classification": "known",
"network_location": "http://163.197.220.144/j.ad",
"reason": "user_override",
"type": "url"
}
],
"removed_overrides": [
{
"network_location": "http://43.138.221.139/jquery-3.3.1.min.js",
"type": "url"
}
]
}
}
}
}
}

Human Readable Output#

ReversingLabs Network reputation user override#

Created overrides#

classificationnetwork_locationreasontype
suspicioushttp://163.197.220.144/5x8xuser_overrideurl
knownhttp://163.197.220.144/j.aduser_overrideurl

Removed overrides#

network_locationtype
http://43.138.221.139/jquery-3.3.1.min.jsurl

reversinglabs-titaniumcloud-network-reputation-overrides-list#


Lists the active network reputation overrides.

Base Command#

reversinglabs-titaniumcloud-network-reputation-overrides-list

Input#

Argument NameDescriptionRequired
result_limitMaximum number of returned results. Default is 50000.Optional

Context Output#

PathTypeDescription
ReversingLabs.network_reputation_overrides_listUnknownNetwork reputation overrides list.

Command example#

!reversinglabs-titaniumcloud-network-reputation-overrides-list result_limit=10

Context Example#

{
"ReversingLabs": {
"network_reputation_overrides_list": [
{
"network_location": "https://cisco.com/",
"type": "url"
},
{
"network_location": "http://banco.colpatria.com.co/banca-virtual/login/",
"type": "url"
},
{
"network_location": "http://cvisd.com/",
"type": "url"
},
{
"network_location": "https://ca-sil.com/",
"type": "url"
},
{
"network_location": "http://partner.frontread.com/",
"type": "url"
},
{
"network_location": "https://eclipse.org/",
"type": "url"
},
{
"network_location": "http://163.197.220.144/5x8x",
"type": "url"
},
{
"network_location": "https://ajestudios.com/",
"type": "url"
},
{
"network_location": "https://openairmt.org/",
"type": "url"
},
{
"network_location": "https://synnexfpt.com/",
"type": "url"
}
]
}
}

Human Readable Output#

ReversingLabs Network reputation active user overrides list#

Network location list#

network_locationtype
https://cisco.com/url
http://banco.colpatria.com.co/banca-virtual/login/url
http://cvisd.com/url
https://ca-sil.com/url
http://partner.frontread.com/url
https://eclipse.org/url
http://163.197.220.144/5x8xurl
https://ajestudios.com/url
https://openairmt.org/url
https://synnexfpt.com/url

reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis#


Submit an existing sample for dynamic analysis.

Base Command#

reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis

Input#

Argument NameDescriptionRequired
sha1Sample SHA-1 hash.Required
platformDesired platform; See the API documentation for possible values.Required

Context Output#

PathTypeDescription
ReversingLabs.detonate_sample_dynamicUnknownThe dynamic analysis.

Command example#

!reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 platform=windows10

Context Example#

{
"ReversingLabs": {
"detonate_sample_dynamic": {
"rl": {
"analysis_id": "9084a751-cd94-4b2f-8d01-e5bf9542dc89",
"requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"status": "started"
}
}
}
}

Human Readable Output#

ReversingLabs submit sample 21841b32c6165b27dddbd4d6eb3a672defe54271 for Dynamic Analysis#

Status: started Requested hash: 21841b32c6165b27dddbd4d6eb3a672defe54271 Analysis ID: 9084a751-cd94-4b2f-8d01-e5bf9542dc89

reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results#


Retrieve dynamic analysis results for a sample.

Base Command#

reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results

Input#

Argument NameDescriptionRequired
sha1Sample SHA-1 hash.Required
analysis_idID of a specific analysis to fetch.Optional
latest_analysisFetch the latest analysis. Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
File.MD5StringMD5 hash.
File.SHA1StringSHA1 hash.
File.SHA256StringSHA256 hash.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.sample_dynamic_analysis_resultsUnknownThe sample dynamic analysis results.

Command example#

!reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 analysis_id=08249dbc-77bf-482e-be4d-b8fa58de01c7 latest_analysis=false

Context Example#

{
"DBotScore": {
"Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"Reliability": "C - Fairly reliable",
"Score": 3,
"Type": "file",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"File": {
"Hashes": [
{
"type": "MD5",
"value": "d5720ea13de22edcbe76d20c7908c0bf"
},
{
"type": "SHA1",
"value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
},
{
"type": "SHA256",
"value": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19"
}
],
"MD5": "d5720ea13de22edcbe76d20c7908c0bf",
"Malicious": {
"Description": "MALICIOUS",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"SHA256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19"
},
"InfoFile": {
"EntryID": "8950@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Info": "text/plain",
"Name": "Dynamic analysis report file for sample 21841b32c6165b27dddbd4d6eb3a672defe54271",
"Size": 1985565,
"Type": "ASCII text, with very long lines"
},
"ReversingLabs": {
"sample_dynamic_analysis_results": {
"rl": {
"report": {
"analysis_duration": 211,
"analysis_id": "08249dbc-77bf-482e-be4d-b8fa58de01c7",
"analysis_time": "2023-07-16T11:08:11",
"behavioral": [
{
"file_actions": [
{
"action_type": "file_opened",
"file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}",
"file_path": "\\DEVICE",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "Output",
"file_path": "\\Device\\ConDrv\\",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dhcpcsvc.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ipconfig.exe.mui",
"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}",
"file_path": "\\DEVICE",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Connect",
"file_path": "\\Device\\ConDrv\\",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CONOUT$",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reference",
"file_path": "\\Device\\ConDrv\\",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IPHLPAPI.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Input",
"file_path": "\\Device\\ConDrv\\",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dhcpcsvc6.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Nsi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Server",
"file_path": "\\Device\\ConDrv",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DNSAPI.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SysWOW64",
"file_path": "C:\\WINDOWS",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls32\\RPCRT4.dll"
},
{
"module_name": "\\KnownDlls32\\dhcpcsvc6.DLL"
},
{
"module_name": "\\KnownDlls32\\NSI.dll"
},
{
"module_name": "\\KnownDlls32\\KERNEL32.DLL"
},
{
"module_name": "\\KnownDlls32\\KERNELBASE.dll"
},
{
"module_name": "\\KnownDlls32\\DNSAPI.dll"
},
{
"module_name": "\\KnownDlls32\\WS2_32.dll"
},
{
"module_name": "\\KnownDlls32\\kernel32.dll"
},
{
"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"
},
{
"module_name": "\\KnownDlls32\\msvcrt.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\IPHLPAPI.DLL"
},
{
"module_name": "\\KnownDlls\\wow64.dll"
},
{
"module_name": "\\KnownDlls32\\IPHLPAPI.DLL"
},
{
"module_name": "\\KnownDlls32\\sechost.dll"
},
{
"module_name": "unknown"
},
{
"module_name": "\\KnownDlls\\wow64log.dll"
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
},
{
"module_name": "\\KnownDlls\\wow64cpu.dll"
},
{
"module_name": "\\KnownDlls\\wow64win.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\dhcpcsvc6.dll"
},
{
"module_name": "\\KnownDlls32\\dhcpcsvc.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\dnsapi.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\en-US\\ipconfig.exe.mui"
},
{
"module_name": "\\KnownDlls32\\SspiCli.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\dhcpcsvc.dll"
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection"
},
{
"module_name": "\\KnownDlls32\\CRYPTBASE.dll"
}
],
"process": {
"name": "ipconfig.exe",
"parameters": "ipconfig /renew"
},
"process_actions": [
{
"action_type": "process_terminated",
"path": "C:\\Windows\\SysWOW64\\ipconfig.exe",
"status": "success or wait"
},
{
"action_type": "process_queried",
"path": "C:\\Windows\\SysWOW64\\ipconfig.exe",
"status": "success or wait"
}
]
},
{
"file_actions": [
{
"action_type": "file_opened",
"file_name": "uxtheme.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ole32.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "comctl32.DLL",
"file_path": "C:\\WINDOWS\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "conhost.exe",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403",
"file_path": "C:\\WINDOWS\\WinSxS",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "conhost.exe.mui",
"file_path": "C:\\WINDOWS\\system32\\en-US",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uxtheme.dll.Config",
"file_path": "C:\\WINDOWS\\system32",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "user32.dll.mui",
"file_path": "C:\\WINDOWS\\System32\\en-US",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WindowsShell.Manifest",
"file_path": "C:\\WINDOWS",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dwmapi.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ipconfig.exe",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls\\profapi.dll"
},
{
"module_name": "\\KnownDlls\\windows.storage.dll"
},
{
"module_name": "\\KnownDlls\\gdi32full.dll"
},
{
"module_name": "\\KnownDlls\\msvcp_win.dll"
},
{
"module_name": "\\KnownDlls\\KERNEL32.DLL"
},
{
"module_name": "\\KnownDlls\\combase.dll"
},
{
"module_name": "\\KnownDlls\\uxtheme.dll"
},
{
"module_name": "\\KnownDlls\\shcore.dll"
},
{
"module_name": "C:\\Windows\\System32\\en-US\\user32.dll.mui"
},
{
"module_name": "\\KnownDlls\\sechost.dll"
},
{
"module_name": "\\KnownDlls\\shlwapi.dll"
},
{
"module_name": "\\KnownDlls\\win32u.dll"
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
},
{
"module_name": "\\KnownDlls\\cfgmgr32.dll"
},
{
"module_name": "C:\\Windows\\System32\\uxtheme.dll"
},
{
"module_name": "\\KnownDlls\\RPCRT4.dll"
},
{
"module_name": "\\KnownDlls\\kernel.appcore.dll"
},
{
"module_name": "\\KnownDlls\\ucrtbase.dll"
},
{
"module_name": "\\KnownDlls\\FLTLIB.DLL"
},
{
"module_name": "\\Sessions\\1\\Windows\\ThemeSection"
},
{
"module_name": "\\KnownDlls\\KERNELBASE.dll"
},
{
"module_name": "C:\\Windows\\System32\\ole32.dll"
},
{
"module_name": "C:\\Windows\\System32\\dwmapi.dll"
},
{
"module_name": "\\KnownDlls\\shell32.dll"
},
{
"module_name": "unknown"
},
{
"module_name": "\\KnownDlls\\IMM32.DLL"
},
{
"module_name": "\\KnownDlls\\bcryptPrimitives.dll"
},
{
"module_name": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403\\comctl32.dll"
},
{
"module_name": "\\KnownDlls\\user32.dll"
},
{
"module_name": "C:\\Windows\\WindowsShell.Manifest"
},
{
"module_name": "\\KnownDlls\\OLEAUT32.dll"
},
{
"module_name": "\\KnownDlls\\MSCTF.dll"
},
{
"module_name": "C:\\Windows\\System32\\en-US\\Conhost.exe.mui"
},
{
"module_name": "\\KnownDlls\\msvcrt.dll"
},
{
"module_name": "\\KnownDlls\\powrprof.dll"
},
{
"module_name": "C:\\Windows\\System32\\imm32.dll"
},
{
"module_name": "\\KnownDlls\\advapi32.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"
},
{
"module_name": "\\KnownDlls\\dwmapi.dll"
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection"
},
{
"module_name": "\\KnownDlls\\GDI32.dll"
},
{
"module_name": "\\Windows\\Theme596611661",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\Theme3441928617",
"module_tag": ""
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1076:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1076:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4548:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4548:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7568:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7568:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7880:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7880:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6668:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6668:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6932:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6932:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6064:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6064:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3916:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3916:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7428:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7428:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7652:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7652:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2636:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2636:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5268:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5268:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4588:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4588:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8060:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8060:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8132:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8132:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8112:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8112:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1848:304:WilStaging_02",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1848:120:WilError_01",
"status": "success or wait"
}
],
"process": {
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1"
},
"process_actions": [
{
"action_type": "process_queried",
"path": "C:\\Windows\\System32\\conhost.exe",
"status": "success or wait"
}
]
},
{
"file_actions": [
{
"action_type": "file_created",
"file_name": "Start Menu",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "WS2_32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WININET.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Roaming",
"file_path": "C:\\Users\\user\\AppData",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.done.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "win32u.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cfgmgr32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ADVAPI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GDI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcryptPrimitives.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntdll.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcp_win.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SspiCli.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Programs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "combase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "windows.storage.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "apphelp.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "RPCRT4.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ucrtbase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNEL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sysmain.sdb",
"file_path": "C:\\WINDOWS\\AppPatch",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "user",
"file_path": "C:\\Users",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "SHELL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sechost.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shlwapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gdi32full.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kernel.appcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "powrprof.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "FLTLIB.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "profapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNELBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Tox.exe",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcrt.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls32\\msvcp_win.dll"
},
{
"module_name": "\\KnownDlls32\\RPCRT4.dll"
},
{
"module_name": "\\KnownDlls32\\WS2_32.dll"
},
{
"module_name": "\\KnownDlls32\\USER32.dll"
},
{
"module_name": "\\KnownDlls32\\combase.dll"
},
{
"module_name": "\\KnownDlls32\\profapi.dll"
},
{
"module_name": "\\KnownDlls32\\windows.storage.dll"
},
{
"module_name": "\\KnownDlls32\\FLTLIB.DLL"
},
{
"module_name": "\\KnownDlls32\\KERNEL32.DLL"
},
{
"module_name": "\\KnownDlls32\\kernel.appcore.dll"
},
{
"module_name": "\\KnownDlls32\\KERNELBASE.dll"
},
{
"module_name": "\\KnownDlls32\\win32u.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\apphelp.dll"
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"
},
{
"module_name": "\\KnownDlls32\\IMM32.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"
},
{
"module_name": "\\KnownDlls32\\kernel32.dll"
},
{
"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"
},
{
"module_name": "\\KnownDlls32\\powrprof.dll"
},
{
"module_name": "\\KnownDlls32\\msvcrt.dll"
},
{
"module_name": "\\KnownDlls\\wow64.dll"
},
{
"module_name": "\\KnownDlls32\\sechost.dll"
},
{
"module_name": "unknown"
},
{
"module_name": "\\KnownDlls\\wow64log.dll"
},
{
"module_name": "\\KnownDlls32\\apphelp.dll"
},
{
"module_name": "\\KnownDlls\\wow64cpu.dll"
},
{
"module_name": "\\KnownDlls32\\cfgmgr32.dll"
},
{
"module_name": "\\KnownDlls\\wow64win.dll"
},
{
"module_name": "\\KnownDlls32\\ucrtbase.dll"
},
{
"module_name": "\\KnownDlls32\\GDI32.dll"
},
{
"module_name": "\\KnownDlls32\\WININET.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"
},
{
"module_name": "\\KnownDlls32\\SspiCli.dll"
},
{
"module_name": "\\KnownDlls32\\shlwapi.dll"
},
{
"module_name": "\\KnownDlls32\\shcore.dll"
},
{
"module_name": "\\KnownDlls32\\SHELL32.DLL"
},
{
"module_name": "C:\\Windows\\apppatch\\sysmain.sdb"
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection"
},
{
"module_name": "\\KnownDlls32\\CRYPTBASE.dll"
},
{
"module_name": "\\KnownDlls32\\gdi32full.dll"
},
{
"module_name": "\\KnownDlls32\\ADVAPI32.dll"
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8020:64:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8020:168:WilStaging_02",
"status": "success or wait"
}
],
"process": {
"name": "Tox.exe",
"parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" "
},
"process_actions": [
{
"action_type": "process_queried",
"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",
"status": "success or wait"
},
{
"action_type": "process_terminated",
"path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "buffer overflow"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Tox.exe",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\NULL",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"status": "object name not found"
}
]
},
{
"file_actions": [
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "R000000000013.clb",
"file_path": "C:\\WINDOWS\\Registration",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "object name collision"
},
{
"action_type": "file_created",
"file_name": "Start Menu",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "uxtheme.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WININET.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ole32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.done.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "user",
"file_path": "C:\\Users",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "Desktop",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Roaming",
"file_path": "C:\\Users\\user\\AppData",
"status": "object name collision"
},
{
"action_type": "file_created",
"file_name": "Programs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "dwmapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TextInputFramework.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntmarta.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CoreUIComponents.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CoreMessaging.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wintypes.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "StaticCache.dat",
"file_path": "C:\\Windows\\Fonts",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "staticcache.dat",
"file_path": "C:\\Windows\\Fonts",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll.mui",
"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls32\\windows.storage.dll"
},
{
"module_name": "\\KnownDlls32\\OLEAUT32.dll"
},
{
"module_name": "\\KnownDlls32\\powrprof.dll"
},
{
"module_name": "\\KnownDlls32\\msvcrt.dll"
},
{
"module_name": "\\KnownDlls32\\combase.dll"
},
{
"module_name": "unknown"
},
{
"module_name": "\\KnownDlls\\wow64cpu.dll"
},
{
"module_name": "\\KnownDlls32\\clbcatq.dll"
},
{
"module_name": "\\KnownDlls32\\ucrtbase.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\wininet.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll"
},
{
"module_name": "C:\\Windows\\Registration\\R000000000013.clb"
},
{
"module_name": "\\KnownDlls32\\RPCRT4.dll"
},
{
"module_name": "\\KnownDlls32\\FLTLIB.DLL"
},
{
"module_name": "\\KnownDlls32\\KERNEL32.DLL"
},
{
"module_name": "\\KnownDlls32\\cfgmgr32.dll"
},
{
"module_name": "\\KnownDlls32\\uxtheme.dll"
},
{
"module_name": "\\KnownDlls32\\SHELL32.DLL"
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection"
},
{
"module_name": "\\KnownDlls32\\shcore.dll"
},
{
"module_name": "\\KnownDlls32\\WS2_32.dll"
},
{
"module_name": "\\KnownDlls32\\kernel.appcore.dll"
},
{
"module_name": "\\KnownDlls32\\win32u.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll"
},
{
"module_name": "\\KnownDlls32\\IMM32.DLL"
},
{
"module_name": "C:\\Windows\\SysWOW64\\imm32.dll"
},
{
"module_name": "\\KnownDlls32\\bcryptPrimitives.dll"
},
{
"module_name": "\\KnownDlls32\\sechost.dll"
},
{
"module_name": "\\KnownDlls\\wow64win.dll"
},
{
"module_name": "\\KnownDlls32\\GDI32.dll"
},
{
"module_name": "\\KnownDlls32\\SspiCli.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__"
},
{
"module_name": "\\KnownDlls32\\msvcp_win.dll"
},
{
"module_name": "\\KnownDlls32\\USER32.dll"
},
{
"module_name": "\\KnownDlls32\\KERNELBASE.dll"
},
{
"module_name": "\\KnownDlls32\\profapi.dll"
},
{
"module_name": "\\KnownDlls32\\kernel32.dll"
},
{
"module_name": "\\KnownDlls\\wow64.dll"
},
{
"module_name": "\\KnownDlls\\wow64log.dll"
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
},
{
"module_name": "\\KnownDlls32\\shlwapi.dll"
},
{
"module_name": "\\KnownDlls32\\WININET.DLL"
},
{
"module_name": "\\KnownDlls32\\CRYPTBASE.dll"
},
{
"module_name": "\\KnownDlls32\\gdi32full.dll"
},
{
"module_name": "\\KnownDlls32\\ADVAPI32.dll"
},
{
"module_name": "\\KnownDlls32\\ole32.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1"
},
{
"module_name": "C:\\Windows\\Fonts\\StaticCache.dat"
},
{
"module_name": "\\KnownDlls32\\ntmarta.dll"
},
{
"module_name": "\\KnownDlls32\\CoreMessaging.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\ole32.dll"
},
{
"module_name": "\\KnownDlls32\\dwmapi.dll"
},
{
"module_name": "\\Sessions\\1\\Windows\\ThemeSection"
},
{
"module_name": "\\KnownDlls32\\MSCTF.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\TextInputFramework.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\en-US\\user32.dll.mui"
},
{
"module_name": "C:\\Windows\\SysWOW64\\ntmarta.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\CoreMessaging.dll"
},
{
"module_name": "\\KnownDlls32\\TextInputFramework.dll"
},
{
"module_name": "\\KnownDlls32\\wintypes.dll"
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory"
},
{
"module_name": "\\KnownDlls32\\CoreUIComponents.dll"
},
{
"module_name": "C:\\Windows\\SysWOW64\\dwmapi.dll"
},
{
"module_name": "\\Sessions\\1\\Windows\\Theme3441928617",
"module_tag": ""
},
{
"module_name": "\\Windows\\Theme596611661",
"module_tag": ""
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7716:64:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7716:168:WilStaging_02",
"status": "success or wait"
}
],
"process": {
"name": "rl_file.exe",
"parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" "
},
"process_actions": [
{
"action_type": "process_queried",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
},
{
"action_type": "process_terminated",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "buffer overflow"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\NULL",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\App Management",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\Compatibility\\rl_file.exe",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\App Management",
"status": "object name not found"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",
"status": "object name not found"
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Input",
"status": "success or wait"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"status": "success or wait"
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM",
"status": "object name not found"
}
]
},
{
"file_actions": [
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cs-CZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-GT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.done.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "History",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ms-MY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-IT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "edputil.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-AT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-TN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-RE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uxtheme.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "chrome_shutdown_ms.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "af-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UsageLogs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-BH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ucrtbase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Temp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "DefaultLayouts.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "DefaultLayouts.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Chrome",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-IT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Credentials",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "tox.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-YE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hi-IN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-ML",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-419",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "BrowserMetrics",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ActiveSync",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-IE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-GT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "3534848bb9f4cb71",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-BZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Windows",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-FR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-SN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shlwapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OLEAUT32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "id-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-RE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "eu-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcrypt.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WININET.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-MY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GDI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ha-Latn-NG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rsaenh.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sl-SI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hu-HU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcp_win.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTSP.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Startup",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "es-HN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v2.0_32",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLDAPI.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MicrosoftEdge",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-SA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "DefaultLayouts.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sq-AL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Event Viewer",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.decrypt.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "hu-HU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-OM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tox.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "object name not found"
},
{
"action_type": "file_read",
"file_name": "brndlog.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WS2_32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fa-IR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "win32u.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sk-SK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Microsoft",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Firefox",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-SN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MountPointManager",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-HK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kernel.appcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-BE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-GB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gl-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "c:",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GameDVR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-029",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-MX",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WidevineCdm",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bg-BG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNELBASE.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-DZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-FR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNEL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "input",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "desktop.ini",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "af-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-QA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-EG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sysmain.sdb",
"file_path": "C:\\WINDOWS\\AppPatch",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-NZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-IQ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "apphelp.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-KW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-EC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CrashReports",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hy-AM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Low",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tr-TR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "eu-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "brndlog.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-SG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fi-FI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hr-BA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-VE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pt-PT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nb-NO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-MX",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "user",
"file_path": "C:\\Users",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "nl-BE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ka-GE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "clbcatq.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AppData",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-UY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "History.IE5",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-SG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-DO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sechost.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DBG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-EC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "desktop.ini",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sw-KE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-AR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-IN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DBG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pnacl",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-UY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shcore.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-AE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msdtadmin",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v4.0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Vault",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bg-BG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Low",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OriginTrials",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Unistore",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-JM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Microsoft",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Mozilla",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "History",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-KW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-NZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PROPSYS.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cfgmgr32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "et-EE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fi-FI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "combase.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Tox.exe",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PeerDistRepub",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-DO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pl-PL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "RPCRT4.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-NI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DefaultLayouts.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kk-KZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "rl_file.exe:Zone.Identifier",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "he-IL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "da-DK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rl_file.exe",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Crashpad",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-GB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Google",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "et-EE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-IN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Windows.StateRepositoryPS.dll",
"file_path": "C:\\Windows\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-OM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Packages",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "chrome_shutdown_ms.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gl-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-JO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hy-AM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcryptPrimitives.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KsecDD",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WER",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "DefaultLayouts.xml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nl-NL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Default",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-JO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "unknown",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-JM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-TT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "el-GR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-HT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcrt.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Office",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-BO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-HT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntdll.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-IQ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-LU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "lv-LV",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "brndlog.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "user",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "it-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mk-MK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-LI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "windows.storage.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gdi32full.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-YE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UsageLogs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-US",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kk-KZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Desktop",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v4.0_32",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "he-IL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rl_file.exe:Zone.Identifier",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-AE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tox.log",
"file_path": "C:\\Users\\user\\AppData\\Roaming",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-AU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v4.0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-AU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Credentials",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v2.0_32",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Local",
"file_path": "C:\\Users\\user\\AppData",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Chrome",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Caches",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "ca-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SHELL32.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bn-BD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PROPSYS.dll.mui",
"file_path": "C:\\WINDOWS\\SysWOW64\\en-US",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GameDVR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-DZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pt-BR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-MC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ConnectedDevicesPlatform",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Microsoft Help",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Publishers",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-QA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-AR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "User Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "iertutil.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cversions.1.db",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-NI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-LU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-TN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "desktop.ini",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TokenBroker",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ro-MD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-SA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-MC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hr-BA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "oleaut32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Caches",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CrashReports",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fa-IR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Safe Browsing",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "lt-LT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "id-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "el-GR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-EG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "History.IE5",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hr-HR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-SY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Temp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "input",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-HK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ms-BN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sv-FI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Start Menu",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "ca-ES-valencia",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Comms",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-IE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-DE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ole32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Comms",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cs-CZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-TT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-MY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-US",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Acrobat",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ro-RO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ID",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "rl_file.exe",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hi-IN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bn-BD",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-SV",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PepperFlash",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-LU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "FLTLIB.DLL",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CLR_v4.0_32",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneDrive",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-BH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "powrprof.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Feeds Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ShaderCache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Roaming",
"file_path": "C:\\Users\\user\\AppData",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "Users",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "R000000000013.clb",
"file_path": "C:\\WINDOWS\\Registration",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "profapi.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_shutdown_ms.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "chrome_shutdown_ms.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ADVAPI32.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "da-DK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-MA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Tox.exe",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Unistore",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Programs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "de-DE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-HN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-SY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "D3DSCache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-LU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UsageLogs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0_32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-ML",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-BO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "L.user",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ConnectedDevicesPlatform",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "chrome_shutdown_ms.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-VE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-ZW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "brndlog.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WinTypes.dll",
"file_path": "C:\\Windows\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Google",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "D3DSCache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "desktop.ini",
"file_path": "C:\\Users\\user\\Desktop",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-PA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uk-UA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-BZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-BE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "3D Objects",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "History.IE5",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ka-GE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MEIPreload",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "12.0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fr-CH",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UnistoreDB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sv-SE",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ElevatedDiagnostics",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-SV",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "User",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DC",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "C:",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "brndlog.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ru-RU",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-029",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "es-CL",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ar-LY",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hr-HR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARM",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "az-Latn-AZ",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "updates",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PlayReady",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Profiles",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SspiCli.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Color",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "urlmon.dll",
"file_path": "C:\\WINDOWS\\SysWOW64",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Adobe",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-AT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nn-NO",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "VirtualStore",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application Data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UnistoreDB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ca-ES",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "S",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "de-LI",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WindowsApps",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "lt-LT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DBG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ElevatedDiagnostics",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "weakrefobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sre_parse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "fileinput.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "objimpl.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "encoder.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "threads.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "struct.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "calendar.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "events.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "parsetok.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyframe.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "calltip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "NEWS.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "csv.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "complexobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rpc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "imghdr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "codeop.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fork_wait.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "client.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "oem.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "CREDITS.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pystrhex.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "nntplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mainmenu.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ffdh3072.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "warnings.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "doctest.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "genobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "parsetok.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gdb_sample.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "copy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "copyreg.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tracemalloc.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "query.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1258.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "config.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp858.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pytime.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "imghdr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "poplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "secrets.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "warnings.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "copy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp875.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "mimetypes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "import.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1251.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "traceback.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pystrtod.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "imghdr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "intrcheck.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp932.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "idle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bisect_cmd.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "wave.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "opcode.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "memoryobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "iomenu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "keycert2.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bisect.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1250.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LICENSE.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ipaddress.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dbapi2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pydebug.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "textwrap.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "weakrefobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Python.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "config.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "weakref.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "lzma.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pymem.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "listobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "osmodule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp273.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "genericpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "os.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "moduleobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bltinmodule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tempfile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cmd.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "debugobj.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pkgutil.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "turtle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "numbers.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pydebug.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "import.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "utils.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pprint.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bytesobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sunau.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_collections_abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "patcomp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_py_abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "traceback.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "formatter.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "lzma.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bad_getattr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1253.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "enumobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyclbr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "optparse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "codecs.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "debugger.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1125.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uuid.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1140.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp856.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dbapi2.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "errors.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "posixpath.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ann_module6.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "context.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "window.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_sitebuiltins.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ann_module5.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "queue.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1255.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "message.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "random.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "squeezer.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "has_key.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bad_getattr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ann_module7.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "message.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dump.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "py_compile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "poplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "opcode.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sysconfig.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pymacro.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "parsetok.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "filecmp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_markupbase.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp864.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ann_module7.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ann_module.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "eval.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "koi8_u.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sunau.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "undo.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "GrShaderCache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pstats.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "zzdummy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pdb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "trsock.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cellobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_compat_pickle.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "plistlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1252.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pydtrace.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "socket.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "frameobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "futures.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_py_abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "list_tests.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gb2312.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bad_coding.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "graphlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "codeop.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "hmac.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sunau.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "euc_kr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "euc_kr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "big5.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "filecmp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "nturl2path.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "profile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "shutil.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "parser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "socket.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "text.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "keycertecc.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "schema.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "base64.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_endian.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "gzip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pickletools.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "queues.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pythread.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "utils.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "weakref.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "boolobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bdb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "runpy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "methodobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ftplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "code.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "query.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "modulefinder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "symtable.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "Python-ast.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cellobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "base.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "typing.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "iomenu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyport.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "datetime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sslproto.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "threads.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp863.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "uuid.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "aifc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_pydecimal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "johab.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ieee754.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "profile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pkgutil.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hyphen-data",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "bdb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "shelve.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "crypt.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "subprocess.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "genericpath.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "gb2312.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "parser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "functools.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "chunk.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "string.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "tupleobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "modulefinder.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tupleobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "netrc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "big5.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "genobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyfpe.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "compileall.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "telnetlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dist.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1251.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "config.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "NEWS2x.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_logs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\npm-cache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "compile.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp865.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "structseq.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1255.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pydebug.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp037.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ipaddress.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bytesobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tracemalloc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "queue.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pymem.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pythread.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dd_SetupUtility.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp858.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tarfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pymacconfig.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "format.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "py_curses.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "help.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nturl2path.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "heapq.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "linecache.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "formatter.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "errors.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "code.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "symtable.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "panel.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "py_curses.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cookiejar.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "datetime.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "heapq.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "datetime.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp949.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mailbox.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tracemalloc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "charset.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "classobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "fnmatch.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "events.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp864.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "osdefs.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Outlook.pst",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bitset.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mimetypes.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cookiejar.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cookiejar.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp864.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "iterators.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "futures.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "mailbox.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "badcert.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "locale.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bad_coding2.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ann_module3.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "platform.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "debugger.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "utf_32.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "NEWS2x.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ann_module2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "image.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pydtrace.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "imghdr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fileinput.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ast.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "policy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "contextlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "outwin.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "kz1048.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "entities.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zipapp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_py_abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pip",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "iterators.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "contextlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "base64.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cgi.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "odictobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "oem.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyframe.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "imp_dummy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "rpc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cProfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_threading_local.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ceval.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "final_b.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "shelve.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "coding20731.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "parser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "osmodule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "kz1048.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dis_module.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "asdl.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ann_module6.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "re.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bdb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "getpass.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "io.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ast.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "aifc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "copy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "textview.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "coding20731.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ascii.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "operator.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "inspect.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "exports.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "koi8_t.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pathlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "objimpl.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp950.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "undo.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "poplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "policy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "binhex.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dump.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "floatobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "idna.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "token.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "socketserver.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "rlcompleter.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "contextlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "struct.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp863.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "gettext.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_collections_abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "idle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "bisect.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "symbol.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp737.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyport.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ann_module2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "descrobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "charset.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "filelist.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tokenize.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyhash.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "typeslots.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "util.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "aifc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1256.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1026.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__main__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tracemalloc.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_aix.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rangeobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "johab.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "kz1048.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tree.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "osdefs.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "asdl.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "oem.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "quoprimime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "smtpd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "utf_32.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bad_getattr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pymacconfig.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "symtable.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pyframe.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "replace.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pyconfig.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ann_module2.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "rangeobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "graminit.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp865.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gzip.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "telnetlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "undo.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp424.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_markupbase.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "gnu.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "NEWS2x.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "signal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "koi8_r.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "graphlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sched.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bisect.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dbapi2.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "heapq.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "encoders.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "marshal.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "glob.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "smtplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "modsupport.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "gdb_sample.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zipfile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gbk.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bltinmodule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "config.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ssl.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "zipapp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dataclasses.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "difflib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "traceback.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pstats.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "mimetypes.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "xdrlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "floatobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp424.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sysconfig.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "badcert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "cProfile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp863.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "base.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "generator.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1253.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "parsetok.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "base64.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "decimal.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "LICENSE.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pymem.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "code.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp865.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "policy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "compileall.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "gzip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_aix.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "filecmp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "codeop.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "extend.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "enum.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pystate.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "text.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "generator.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "patchlevel.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "editor.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp737.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NEWS.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp500.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_compat_pickle.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pystate.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "euc_jp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "idna.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "glob.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sliceobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_sitebuiltins.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pygram.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1253.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp424.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "fileobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "trsock.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "server.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "eval.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp775.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "browser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "macosx.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "fnmatch.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "debug.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyexpat.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "reprlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cookiejar.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "longobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "xdrlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "eval.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "exports.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "bltinmodule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "heapq.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tmpjnl2abyncacert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "stat.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "final_b.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1258.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyconfig.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "abstract.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "heapq.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "koi8_t.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "listobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sunau.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ast.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sslproto.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "reprlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ndbm.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "calltip.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bad_coding2.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "NEWS.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "enumobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "frameobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "linecache.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "object.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "timeit.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "secrets.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ann_module3.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tupleobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "decimal.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "token.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "structmember.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp858.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp874.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "stringprep.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pyfpe.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp875.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "code.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "panel.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "search.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ffdh3072.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "idna.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp037.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "streams.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1125.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "shelve.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dis.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyhash.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_compression.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "timeit.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "enumobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1255.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "operator.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp875.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__main__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "kz1048.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "format.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "mailcap.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "optparse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "parser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "abstract.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "bytesobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dist.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Python-ast.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ftplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "lzma.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "asynchat.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "audiotests.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "datetime.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "datetime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "query.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pickletools.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pymem.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ann_module5.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "textwrap.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "osmodule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "traceback.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Python",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "webbrowser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ntpath.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pathlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "rot_13.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "calendar.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "binhex.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "warnings.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "config.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "operator.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__phello__.foo.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "datetime.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "policy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "getpass.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "compile.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "structmember.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "moduleobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "text.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "util.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "objimpl.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "boolobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sre_compile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "allsans.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "base64mime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "entities.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "binhex.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "moduleobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "audio.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "palmos.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "py_compile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_sitebuiltins.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "config.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pathlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "koi8_u.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pythonrun.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "decoder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pylifecycle.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "log.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "uuid.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "keycert4.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "sliceobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "has_key.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "entities.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "config.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zzdummy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pymacconfig.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "plistlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__main__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bisect.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "crypt.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "run.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "code.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tmpjnl2abyncacert.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "coding20731.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "errors.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "idna.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "colorsys.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "codeop.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "text.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "cellobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "log.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyerrors.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ast.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "inspect.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp850.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "decimal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "mailcap.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1255.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "graphlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "doctest.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "csv.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "keycert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\collections",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "threading.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fnmatch.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "imp_dummy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "euc_kr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dataclasses.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "errors.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "TODO.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "image.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "fileinput.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "timeit.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "asdl.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "errors.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "getopt.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "utf_16.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "encoder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "statistics.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "lock_tests.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "final_a.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "numbers.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dataclasses.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "palmos.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dictobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "symtable.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "enum.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "marshal.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp860.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "imp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "badcert.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tabnanny.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_endian.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp950.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__phello__.foo.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tool.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "events.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Package Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "xdrlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Grammar.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pymath.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pylifecycle.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "Python.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NEWS2x.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_weakrefset.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyparse.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "base64mime.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_bootsubprocess.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "classobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "compile.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pythonrun.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ucnhash.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "queue.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "symbol.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tupleobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dictobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "queues.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "setobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ssl.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "textview.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bad_coding2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "numbers.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "copyreg.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tty.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "trace.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "run.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "classobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1140.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "contextvars.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pystrtod.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "runpy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "osdefs.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bad_coding2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "encoder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_parseaddr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "modsupport.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "gdb_sample.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "selectors.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sndhdr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "smtpd.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pymath.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "selectors.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "imaplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "patcomp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "decimal.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "zipapp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "scanner.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pydoc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "history.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "runners.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "netrc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "patchlevel.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tooltip.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "code.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "socket.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "warnings.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "koi8_r.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "errcode.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "HISTORY.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ieee754.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "koi8_u.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tarfile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "patchlevel.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ZxcvbnData",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "FORMS",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pystrcmp.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cgitb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyarena.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "audio.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1256.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "wintypes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "image.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pytime.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "wave.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "keyword.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "unicodeobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "errors.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pystate.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "exports.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rlcompleter.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pymacro.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "descrobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "enum.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "text.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "cgitb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "bitset.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "history.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "descrobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1257.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "traceback.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "configparser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "NEWS.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dis_module.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cmd.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "gbk.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "locks.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "replace.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pipes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shelve.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "getopt.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "code.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "osmodule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "subprocess.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "graminit.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "posixpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pystate.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "symtable.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pyexpat.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pymacconfig.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "longintrepr.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "grammar.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "badkey.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ast.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "core.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "platform.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "history.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "zipfile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "README.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sidebar.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "genericpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "queues.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "text.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "imaplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "keycert2.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ascii.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "netrc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "trsock.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pprint.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hz.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "uu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp856.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "imp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "types.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cgitb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tempfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "gzip.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "imaplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "this.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pygram.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cellobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "codecs.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyconfig.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_osx_support.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "re.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pymem.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "locale.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "euc_jp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "listobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "struct.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "query.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "encoder.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "import.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pytree.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "io.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "utf_16.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyclbr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "main.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "asyncore.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "feedparser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pymacro.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "chunk.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "streams.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "gdb_sample.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ann_module2.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Grammar.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "util.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pydoc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "http",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sre_constants.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pymem.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Grammar.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pipes.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "antigravity.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pprint.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "fractions.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pystrcmp.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyarena.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pymacconfig.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dump.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "fileinput.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "mailcap.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ascii.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "quoprimime.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "format.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "crypt.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "token.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "core.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "weakref.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "wave.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "quoprimime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "quopri.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "longobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "audio.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sliceobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pystrhex.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "stat.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pymath.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "moduleobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "optparse.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "undo.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "opcode.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ceval.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pstats.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "nntplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp874.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "entities.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Outlook.pst",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Outlook",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "codeop.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_weakrefset.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "palmos.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "allsans.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ipaddress.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pickle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp037.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pty.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp864.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "log.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "argparse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "utf_8.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "help.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dis.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "keycertecc.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_parseaddr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "rpc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "calltip.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sre_compile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sre_compile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "typing.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "smtplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "config.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "enum.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "refactor.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "shutil.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "code.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dd_SetupUtility.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "fileobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "streams.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "context.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "audio.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_pyio.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "frameobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ceval.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pickle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "odictobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "server.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1252.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "spawn.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "list_tests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "nturl2path.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pythonrun.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pylifecycle.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "fractions.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1254.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pipes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "debugger.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "smtplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "crypt.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tmpjnl2abyncacert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "eval.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp852.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "patcomp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp857.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "osmodule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sched.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "getpass.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "antigravity.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_aix.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "extend.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bz2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "mailbox.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp273.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wave.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dd_SetupUtility.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "listobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp866.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyclbr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "functools.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "subprocess.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dictobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "asdl.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_parseaddr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "unicodeobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "shlex.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "keycert.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ascii.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1006.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "genericpath.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_bootlocale.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "client.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "compile.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "final_b.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "idnsans.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "gbk.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "symbol.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp856.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "grep.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "autotest.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "traceback.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tooltip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ipaddress.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "opcode.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "parsetok.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1250.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pymem.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "mailbox.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ann_module5.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "asyncore.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "frameobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pystrcmp.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyexpat.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NuGet",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "floatobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "README.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "warnings.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "linecache.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "threads.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "client.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "imp_dummy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pickletools.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_sitebuiltins.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "cgi.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bisect_cmd.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "genobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "feedparser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "zipfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "longintrepr.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ftplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "errcode.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bitset.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "encoders.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "generator.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "replace.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "hashlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "iomenu.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "random.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ceval.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "genobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1257.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "keyword.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sequence.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "setobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "abstract.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "schema.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "uu.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "log.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "longintrepr.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "base.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "complexobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "spawn.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "enum.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bz2.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Common",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "context.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bad_coding.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "log.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fork_wait.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bitset.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "io.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp932.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bz2.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "objimpl.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "copyreg.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "configparser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\collections",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "aifc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "fractions.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "9",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache\\http\\a\\1",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyctype.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cProfile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dist.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "locale.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "core.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CREDITS.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "has_key.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "hz.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sre_parse.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "run.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pyarena.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ann_module7.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cgitb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "io.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "difflib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "grammar.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "final_a.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "locks.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "imaplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "message.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "cmd.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp500.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp866.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "codecs.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "modulefinder.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "textpad.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_compat_pickle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "mainmenu.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "contextvars.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "reprlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp424.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sysconfig.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "rot_13.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "site.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "idnsans.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_bootlocale.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "structseq.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1006.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "longobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dis_module.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "graminit.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "symbol.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "utf_7.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "encoders.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyhash.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ceval.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1006.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "utf_7.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "argparse.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "object.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "schema.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "zipimport.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "squeezer.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "fnmatch.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cmd.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "doctest.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "codecs.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "this.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "selectors.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "mbcs.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "filelist.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "gzip.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp857.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "patcomp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pydebug.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__phello__.foo.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "image.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "fileutils.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_bootlocale.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp775.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "functools.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1257.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "io.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "browser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "types.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "format.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "asyncore.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1254.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "code.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_osx_support.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1125.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "johab.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "calltip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "opcode.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "graminit.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "funcobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "rlcompleter.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tasks.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "typing.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pdb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "extend.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pkgutil.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp866.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pytime.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "classobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pickle.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "selfcheck",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "abstract.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "fork_wait.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dumb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "listobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chunk.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "complexobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "code.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "base64mime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ann_module6.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "longobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "utf_7.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sre_parse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "badkey.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pty.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "help.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "textview.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "stringprep.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tabnanny.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "typeslots.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "py_curses.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pythread.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "textview.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pymath.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp852.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "stringprep.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_weakrefset.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "os.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "marshal.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cookies.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "re.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "frameobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ieee754.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Grammar.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "debugobj.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "statistics.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "gnu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dist.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "re.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "schema.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1258.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "patchlevel.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "enumobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pystrcmp.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "rpc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dataclasses.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pickletools.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp857.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyfpe.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1006.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "HISTORY.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "final_a.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sre_constants.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "errcode.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pycapsule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "opcode.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "configparser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\NuGet",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fractions.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__future__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pdb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cookies.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "code.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "selectors.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1252.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pycapsule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "decimal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "boolobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ann_module.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "quopri.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "webbrowser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sidebar.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "warnings.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "mainmenu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "intrcheck.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "traceback.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tupleobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ftplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "antigravity.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pdb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "keyword.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "grammar.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "traceback.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "odictobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "euc_kr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tokenize.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1250.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "iomenu.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "boolobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bisect_cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gnu.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "log.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "badkey.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp869.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "utf_32.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1258.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "modsupport.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "asyncore.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "node.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "runpy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "config.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "header.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "audiotests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyerrors.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "methodobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "zzdummy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "grammar.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "audit-tests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "debug.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "textpad.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rot_13.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sequence.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "methodobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pydebug.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "trsock.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "methodobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wintypes.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "utf_8.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "imp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shlex.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "CREDITS.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "getopt.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp855.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "contextvars.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pytree.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tool.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1026.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ast.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "shlex.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "eval.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_bootlocale.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "methodobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "shutil.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "linecache.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "socketserver.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "iterators.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "decoder.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "macosx.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "traceback.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "johab.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "keycert3.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bad_getattr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "node.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "site.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "compileall.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1257.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp855.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ann_module3.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "big5.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyport.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "asdl.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyexpat.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pythonrun.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "allsans.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "odictobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp855.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "longobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_strptime.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "text.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ftplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__future__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_threading_local.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "zipimport.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "string.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "longintrepr.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uu.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "timeit.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "textwrap.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "filelist.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "memoryobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tool.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp720.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "secrets.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp775.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "NEWS.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pipes.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "codecs.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "quopri.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "codecs.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "bz2.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_py_abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_pydecimal.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "chunk.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ast.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ann_module3.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "keycert4.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "gnu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "base64.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyshell.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_strptime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ndbm.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ann_module6.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pyerrors.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1251.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fnmatch.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pycapsule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp949.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__main__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "runners.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ceval.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "webbrowser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cgi.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pygram.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "wintypes.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "filecmp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sndhdr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ast.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "NEWS.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "token.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "marshal.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pycapsule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "random.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "audiotests.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "rangeobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "lzma.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_strptime.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp875.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "argparse.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cgi.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "xdrlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "utf_7.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "glob.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "token.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pyhash.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "allsans.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "colorsys.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "outwin.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dd_SetupUtility.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "binhex.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_collections_abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dump.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "README.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyshell.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyshell.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_compression.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tree.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyhash.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp857.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hashlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ffdh3072.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "errcode.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "site.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "profile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ntpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "zipapp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "header.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyfpe.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pymacro.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "zipfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dis.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp860.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "text.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_compression.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "unicodeobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "keycert3.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "inspect.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "memoryobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tty.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "euc_jp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "charset.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tarfile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "refactor.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "py_compile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "structseq.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "imaplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "graminit.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "base.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "secrets.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dataclasses.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp869.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "LICENSE.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "config.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp874.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "mailcap.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "grep.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "weakrefobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__main__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp950.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pymem.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "encoders.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pydtrace.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "osdefs.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "log.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1140.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zipimport.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "typing.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "autotest.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dictobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "hz.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "csv.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "aifc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1250.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "runners.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "opcode.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "keycert3.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "datetime.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "audit-tests.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyparse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "rangeobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "contextvars.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "panel.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "autotest.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sndhdr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_threading_local.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "textpad.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "keyword.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "editor.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "asyncore.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_pydecimal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "idnsans.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "mbcs.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp273.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "typeslots.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "setobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fileutils.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ast.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyerrors.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "socket.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "spawn.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "window.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tty.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "difflib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "exports.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "csv.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dis.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "numbers.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "spawn.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "dictobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tasks.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "generator.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Python.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp932.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "CREDITS.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pydoc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "window.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "header.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "outlook logging",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "idnsans.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyparse.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tooltip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyctype.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "handlers.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_osx_support.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "plistlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "grep.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "token.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "funcobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "utf_32.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "descrobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tabnanny.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp500.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "gettext.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "uuid.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_threading_local.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "statistics.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Python.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "string.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "structmember.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "keycert.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "log.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "funcobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "floatobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "decoder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "signal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "keycert4.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyctype.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sched.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "moduleobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "textpad.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "doctest.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "final_a.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "floatobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pylifecycle.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "formatter.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "turtle.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ann_module.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "object.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyconfig.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp273.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tabnanny.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pprint.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "hashlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "koi8_r.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ucnhash.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "marshal.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp932.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "py_compile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "refactor.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mbcs.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "abstract.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "grep.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "keyword.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "complexobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sre_constants.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "handlers.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_pyio.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pystrtod.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "search.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "squeezer.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1251.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "profile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sched.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "difflib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bytesobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pydoc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bad_coding.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Python-ast.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ucnhash.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "window.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp950.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "graphlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "codecs.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp861.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "threading.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "colorsys.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "complexobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "intrcheck.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyexpat.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pty.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "util.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "types.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dumb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "datetime.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyarena.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bdb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1252.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "1",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache\\http\\a",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "symtable.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bltinmodule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "queues.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "events.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp775.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "patchlevel.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_osx_support.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "main.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp866.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyframe.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Outlook",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "imp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "README.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_bootsubprocess.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sliceobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sidebar.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "LICENSE.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "util.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "idle.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "threading.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "filelist.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gettext.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "socketserver.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "calendar.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "token.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "queue.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "errors.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "rlcompleter.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sidebar.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "audit-tests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "parser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ceval.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "search.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp720.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "posixpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "smtplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bisect_cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "types.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tokenize.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1140.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "parser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "telnetlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tempfile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "asynchat.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "charset.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "dumb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "copyreg.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ieee754.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "locale.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hmac.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "unicodeobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pymem.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_aix_support.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "utils.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "imp_dummy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "intrcheck.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "util.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "functools.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "random.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "feedparser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "typeslots.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "structseq.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SafetyTips",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__future__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1256.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "classobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "turtle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sysmodule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp852.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp949.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pycapsule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ann_module.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "signal.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "koi8_r.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "string.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp869.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tasks.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pythread.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "gbk.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pyclbr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pytime.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp1026.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sysmodule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "opcode.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "outwin.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "debug.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_pyio.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp861.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "codecs.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_endian.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ucnhash.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "getpass.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "rot_13.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "iterobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "debugger.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "gb2312.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tokenize.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tmpjnl2abyncacert.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_aix_support.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bz2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "has_key.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "euc_jp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Outlook.pst.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "getpass.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyparse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_compat_pickle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "coding20731.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "object.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__main__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "nturl2path.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "struct.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "utf_16.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "oem.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "iterobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "editor.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "runners.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "intrcheck.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "server.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp437.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_collections_abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cgi.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "warnings.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "operator.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp865.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp874.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "colorsys.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "chunk.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "zzdummy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AutofillStates",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ast.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "keycert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fractions.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "context.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "nntplib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp852.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dumb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "glob.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pygram.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "run.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pydtrace.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Outlook.pst.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Outlook",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "netrc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "refactor.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyctype.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "symtable.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "mailbox.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bytesobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "binhex.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "asynchat.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dbapi2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "structmember.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "base64mime.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cookies.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "squeezer.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pytime.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "config.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "fileutils.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "keycert3.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "fileobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "rangeobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fileutils.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "tmpjnl2abyncacert.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "funcobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp850.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "argparse.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "sysmodule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "genobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp500.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp437.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "LICENSE.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1125.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "stat.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "turtle.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pymacro.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "memoryobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "memoryobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "NEWS.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "platform.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "configparser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "threading.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "import.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tracemalloc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sequence.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyshell.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "errcode.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "TODO.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "iterobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp037.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TODO.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "difflib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_markupbase.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "this.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "config.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp720.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "token.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp855.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "audiotests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "keycertecc.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyconfig.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "macosx.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "editor.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "warnings.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "descrobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "wintypes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "os.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sslproto.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "node.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "modsupport.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "doctest.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ndbm.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "quopri.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dd_SetupUtility.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "contextlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "imghdr.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "node.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "py_curses.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_weakrefset.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sre_compile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "unicodeobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_aix_support.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sndhdr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pystrtod.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PKIMetadata",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sysmodule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "lzma.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pystrhex.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "replace.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1256.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "hmac.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "utf_8.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "copyreg.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp860.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "mainmenu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cProfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cProfile.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sslproto.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "palmos.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ascii.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "compileall.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ascii.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp949.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp720.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "smtpd.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "setobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "code.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pyctype.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "zipimport.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "setobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "copy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "optparse.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ntpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "objimpl.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pickle.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyerrors.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pylifecycle.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "modulefinder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp858.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "argparse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_compression.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "macosx.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "util.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "opcode.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "symtable.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "idle.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_pyio.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "getopt.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp737.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "genericpath.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "help.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "big5.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pydtrace.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "code.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ascii.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "smtpd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hashlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "debug.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_endian.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "csv.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bltinmodule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pystrcmp.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "main.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "scanner.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "scanner.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cookies.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "fileutils.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "gettext.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "Outlook.pst",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "parser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyframe.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "hmac.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tasks.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sysmodule.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "extend.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tooltip.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "structseq.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "os.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "py_curses.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pytree.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "gettext.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pystrtod.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "feedparser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pythread.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "_bootsubprocess.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "decoder.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "nntplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pty.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tracemalloc.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "outwin.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "subprocess.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "parser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "scanner.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_aix.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp437.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shutil.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "getopt.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "longintrepr.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1026.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "imp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "handlers.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "inspect.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "futures.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ucnhash.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "asynchat.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp862.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "quoprimime.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "weakref.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "badcert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "webbrowser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mailcap.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "tracemalloc.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ann_module7.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "funcobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tree.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "browser.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "linecache.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "autotest.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "iterobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chocolatey",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "history.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "main.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "gb2312.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fileobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "reprlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pymem.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "stringprep.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Python.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp737.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "sre_constants.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "stat.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "plistlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "utils.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tree.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bad_coding.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp1253.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SOPHIA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp869.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sliceobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "poplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "debugobj.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "final_b.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "HISTORY.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp850.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "hashlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "panel.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fileobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "platform.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "koi8_t.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp861.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "trace.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "search.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ceval.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "boolobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "node.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NEWS.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_markupbase.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "colorsys.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "__phello__.foo.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "graphlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "dis_module.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "osdefs.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "weakrefobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bdb.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "textwrap.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "futures.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tty.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pip",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "antigravity.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "code.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "ceval.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pyfpe.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "grammar.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pyarena.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Python-ast.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_parseaddr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "functools.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp1254.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "site.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "browser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp861.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "code.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "configparser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp863.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "shlex.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "audit-tests.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "client.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "asynchat.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "HISTORY.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "iterators.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp856.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "FORMS",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "contextlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pkgutil.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "streams.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_strptime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pstats.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "npm-cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "this.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cp862.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "inspect.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "TODO.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp1254.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ssl.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "weakrefobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dis.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tarfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cp862.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "datetime.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "formatter.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "structmember.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "codecs.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ann_module5.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "compile.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__future__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "koi8_u.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "exports.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "header.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp862.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "formatter.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp860.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "calendar.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "import.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pystrhex.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "tempfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "tracemalloc.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "statistics.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "telnetlib.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "errors.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tracemalloc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "posixpath.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "trace.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "utf_8.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "83d4f33bfdf82e45",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "socketserver.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ascii.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "debugobj.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "koi8_t.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "iterobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "warnings.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "codecs.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "pathlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Files",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tool.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "utf_16.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pytree.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "__init__.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "filecmp.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cmd.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cp437.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_pydecimal.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "_aix_support.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "fork_wait.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "context.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "symtable.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "base64.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "cp850.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "crypt.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "datetime.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "mbcs.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "enumobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pyport.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pymath.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "locale.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "core.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "handlers.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "keycert2.pem",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "list_tests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "Python-ast.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "glob.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "mimetypes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "threads.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "bisect.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "object.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Programs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "locks.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cellobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "_bootsubprocess.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fileinput.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\collections",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pyport.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "pystate.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "badkey.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hz.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ssl.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "NEWS.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "keycert2.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Crowd Deny",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "calendar.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "message.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "sequence.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "contextvars.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ipaddress.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "bitset.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "util.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntpath.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sysconfig.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "pystrhex.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ffdh3072.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "locks.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "runpy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "odictobject.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "ndbm.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "cgitb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hmac.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "token.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "typeslots.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "signal.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sre_parse.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "compileall.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "antigravity.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "uu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "server.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "a",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache\\http",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "abc.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\collections",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "trace.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "modsupport.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Reader",
"file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC\\SOPHIA",
"status": "success or wait"
},
{
"action_type": "file_read",
"file_name": "pythonrun.h",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "copy.py",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "ceval.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "C:\\Windows\\SysWOW64\\oleaut32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\msvcp_win.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\SspiCli.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\RPCRT4.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\WS2_32.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\USER32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\combase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\win32u.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\windows.storage.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\propsys.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\OLEAUT32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\PROPSYS.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\iertutil.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\rsaenh.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\KERNELBASE.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\FLTLIB.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\Windows.StateRepositoryPS.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\apphelp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\IMM32.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\CRYPTSP.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\imm32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\kernel32.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\kernel.appcore.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\bcryptPrimitives.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\powrprof.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\bcrypt.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\msvcrt.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\CLDAPI.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\rsaenh.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wow64.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\bcrypt.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\iertutil.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\sechost.dll",
"module_tag": ""
},
{
"module_name": "unknown",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wow64log.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\apphelp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wow64cpu.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\edputil.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wow64win.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\clbcatq.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\UrlZonesSM_user",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\shlwapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\ucrtbase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\profapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\KERNEL32.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\cldapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\GDI32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\cryptsp.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\WININET.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\wininet.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\WinTypes.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\urlmon.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\en-US\\propsys.dll.mui",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\cfgmgr32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\edputil.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\uxtheme.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\shcore.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\SHELL32.DLL",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\SysWOW64\\urlmon.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\apppatch\\sysmain.sdb",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Registration\\R000000000013.clb",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\CRYPTBASE.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\gdi32full.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\ADVAPI32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls32\\ole32.dll",
"module_tag": ""
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex",
"status": "object name exists"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5252:64:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5252:168:WilStaging_02",
"status": "success or wait"
}
],
"process": {
"name": "rl_file.exe",
"parameters": "C:\\Users\\user\\Desktop\\rl_file.exe"
},
"process_actions": [
{
"action_type": "process_created",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
},
{
"action_type": "process_queried",
"path": "C:\\Users\\user\\Desktop\\rl_file.exe",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000323-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0000032A-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\rl_file.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AllFilesystemObjects",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{75847177-f077-4171-bd2c-a6bb2164fbd0}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE\\Diagnosis",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{1649D1CF-DEAF-4A68-ABE8-5C9F68572FD1}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\AppCompat",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1649d1cf-deaf-4a68-abe8-5c9f68572fd1}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InProcServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Folder",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\feature_localmachine_lockdown",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InProcServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\internet explorer\\main",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\shell\\open",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\DebugInformation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000323-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Application",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000339-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{75847177-F077-4171-BD2C-A6BB2164FBD0}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\TreatAs",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler32",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\internet explorer\\main",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\rl_file.exe",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0000032A-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}\\",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000339-0000-0000-C000-000000000046}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc\\Extensions",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Directory\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\InProcServer32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile\\CurVer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\Elevation",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}",
"status": "buffer overflow",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\NULL",
"status": "success or wait",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\Folder\\BrowseInPlace",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_value_queried",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER_Classes\\exefile",
"status": "object name not found",
"value": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
"status": "object name not found",
"value": ""
}
]
}
],
"classification": "MALICIOUS",
"configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11",
"dropped_files": [
{
"classification": "MALICIOUS",
"file_name": "Tox.exe",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"md5": "3133c2231fcee5d6b0b4c988a5201da1",
"sample_size": 636416,
"sample_type": "PE/Exe",
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "odictobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "3412092fc220a39ec4b4c1d533ae2c84",
"sample_size": 1384,
"sample_type": "Binary/None",
"sha1": "eb16fa73d98ecc868c92231fa192bb54c45e5ee2",
"sha256": "ae029452ce82c44e53360cfcc89ca05ae52217d189b10d9c748cc3606e7872ea"
},
{
"classification": "MALICIOUS",
"file_name": "test_hmac.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "f261a5bd0bd375bee4b0062fe63815b6",
"sample_size": 26216,
"sample_type": "Binary/None",
"sha1": "08ba0b7446110fc8ef5a31feb831c8008dc65b5b",
"sha256": "759074fe4748e7f3499358cfb71d188841d1f9ae9cd960f353cec5b586e2da3a"
},
{
"classification": "MALICIOUS",
"file_name": "optparse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "3a53e441fa28fd3963e999722188b68a",
"sample_size": 62088,
"sample_type": "Binary/None",
"sha1": "c6b56469c904ed9471d612ac73f0189f01b6823a",
"sha256": "71d217728583495d032a5a92313960b0a8157e7c00e4eeec60cdbaed15fa77b1"
},
{
"classification": "MALICIOUS",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",
"md5": "17f96f772a1f0252d1926217c6e75238",
"sample_size": 174248,
"sample_type": "Binary/None",
"sha1": "ad15da194887ee846a37ce01c4afbe45c68b7d06",
"sha256": "12c7ced0659d6464ff1b8a418f0901208a0f1da4f8254476a8f6a331ad523d51"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ann_module7.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "1e8a3761bbd1df7937b782c41b95e113",
"sample_size": 344,
"sample_type": "Binary/None",
"sha1": "a450497ee7e6043d02e87c0800ff4c6c3065a154",
"sha256": "c6e4bf45ed7fdc512a052949440764d1a66a7b9bbb0a3635e509ad79118f099c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "config.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"md5": "6e8b8eb2cb962b299f40d5c2666b0223",
"sample_size": 5000,
"sample_type": "Binary/None",
"sha1": "bd9fb2a9afabbb0ed316bced48b862246350f436",
"sha256": "837b10f1a929cb9a0f4910b745e0a2221dbdd57906667673b6a5987c735d1487"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "sysmodule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "c57c905d2db879b64ae473a1a6606c02",
"sample_size": 1320,
"sample_type": "Binary/None",
"sha1": "61863d1a1b2f83064067187f7723195e8a17e3f1",
"sha256": "c52889dfb203d4f5f591bc81132826a84ca3550df101f31d9b4ef2e8264ad371"
},
{
"classification": "MALICIOUS",
"file_name": "Python-ast.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "9566a0f08c40e26128d70aefd0c3b171",
"sample_size": 26928,
"sample_type": "Binary/None",
"sha1": "f836741c794920552e44496143c1f626207417ec",
"sha256": "239979e48c0ea4c1853ebaef305cacd2b9340ef2e0d44d00b40a41e43cd36ecf"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "crypt.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "a9f1f6a649680786f943e038aebad4a7",
"sample_size": 3976,
"sample_type": "Binary/None",
"sha1": "fc989126594345c61e902683488e6523ebb1548b",
"sha256": "4d3fd020771b0cbee15d7a6510b1dfb6271f293301a8bd185a591217670a3cdc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "grep.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "f1a02c2294063ff194372ec4df161616",
"sample_size": 7744,
"sample_type": "Binary/None",
"sha1": "5f5c290c91df881436bf9f0e0026a191af9e88ec",
"sha256": "504228636a38b270a970707fa773f83f9617c01e5cf372ad835fa6663f717778"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "life.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "e55b94bbdd553ee65f17c31bf99bec08",
"sample_size": 9288,
"sample_type": "Binary/None",
"sha1": "e5f54fe7cae5e07b2c490a9a93489dffaa47d646",
"sha256": "81eeade43b61db361790edda80095fabc31980ceedca2da4ebecee3c5ffe335e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_index.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "69caf5b809edfdd8121e26eebfaa0a61",
"sample_size": 8888,
"sample_type": "Binary/None",
"sha1": "542ca492e3d12cce69af522bebc3891b448ae15a",
"sha256": "60e8ad9d7ea6945fc26fc43ddfe8626d3e96f7f16eb8ea3c9c778f5216e998cf"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "types.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "aa91f21061e904d0ac11bdf5e80c89a7",
"sample_size": 10128,
"sample_type": "Binary/None",
"sha1": "ddf45d460dfda0121f8b820bb5f4a0bbdafc8ad9",
"sha256": "6a84fd532c6e54b8368741c4be54540327035a151a9bfa485e34c3cc6ff0d33e"
},
{
"classification": "MALICIOUS",
"file_name": "compileall.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "7aed7bc548c2b6ccb5e862d4866872cd",
"sample_size": 20608,
"sample_type": "Binary/None",
"sha1": "2132f0781cfb765e9e7624b2073dbf578ceb8bf8",
"sha256": "08021d994fc6a753995efd1c348d53248681e5cdf02a9aaa85b978445cd98668"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "rlcompleter.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "1fd9bd53e1d19f5985b609936b6f4d28",
"sample_size": 7904,
"sample_type": "Binary/None",
"sha1": "88a086e6620940d8fee36b903b433485a86f17ef",
"sha256": "76e891a19766c9558064f541bbbc214d3c964c53afb42117176bd831c1003300"
},
{
"classification": "MALICIOUS",
"file_name": "mailbox.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "a2a83788d1ecb65fd54d9a38cda077bb",
"sample_size": 80984,
"sample_type": "Binary/None",
"sha1": "ea91f4ceab77d85799ee28628d3c7076997e744f",
"sha256": "fcb3eb3123f6c699d63d471002beaa94b196840caa5195e9adca4f6d7634cba5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_glob.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c6aaad71ef48383cac045fb5e6b42da8",
"sample_size": 13720,
"sample_type": "Binary/None",
"sha1": "f1956ff72c3ab9a31a1d2da012677d5010e64b4c",
"sha256": "3e2eabced61e713d8281dd0332f352176e7f5dc40536f8f646cd23e69a486c98"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1254.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "e4786b5ab8611aec26acd351ffffe8a5",
"sample_size": 13848,
"sample_type": "Binary/None",
"sha1": "e2f79998765a905f39f1cb827f2f90814908d2ac",
"sha256": "eae5a3400e292091b55edb96cda546618c9ff45c67cae8baaddde8696383e737"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_flufl.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "715ecdd8edc7896fc93bb5a946153b48",
"sample_size": 1744,
"sample_type": "Binary/None",
"sha1": "6aaefdb390edc578db6b6ef4d3537f6f5a184f96",
"sha256": "9df31be7853e0b954e07ae9e553b891dff55bfb03f1459d5d0a6ba5df8cf9df5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_cgitb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "fa95501b68ced5d56bfad4fd1e79df40",
"sample_size": 2704,
"sample_type": "Binary/None",
"sha1": "23c8ce7d1062d43e727047bdb91f9205b93eeecd",
"sha256": "0057f6013d9f20a1bda0a1552343199a1a2c094d750a425dc70d1d382b3cc0e2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "keyword.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "58f23a24a99ad5ed49b87ef6cc4e72e5",
"sample_size": 1152,
"sample_type": "Binary/None",
"sha1": "d07ae2e8c068ffdb771534142c41393b09c282a0",
"sha256": "e476107c39da3ade0bb7b5596b1334a61a10ac498090d1d7650d3ee6812a8dbb"
},
{
"classification": "MALICIOUS",
"file_name": "message.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "a1822585de59421400a506ff4a0f77f4",
"sample_size": 48272,
"sample_type": "Binary/None",
"sha1": "55adb9a724e49a3220a17a17198083b5d6e2b382",
"sha256": "61b18872a724e1edc38272ff3a6c024eeab0e51a9ae20fb76f8495fbfe811e4a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp949.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "1953005bfe38b2e9b5cb427a25ff0926",
"sample_size": 1104,
"sample_type": "Binary/None",
"sha1": "28ab4156acd49b1ee49e74dad4b57c6526321705",
"sha256": "44cbb980acad98a4bc2759f37e95bec531230f66ef9a994012a3f281a1023a72"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_ctypes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "91c292b226eb7f28bcda6028d23da313",
"sample_size": 232,
"sample_type": "Binary/None",
"sha1": "90fcb690c4a857f8cda5e64e4dfe6bb224165ef8",
"sha256": "326b422636f59d3f96d41bf2aa6023b0955e404603f0b42135ae3b7fd8a3b6bc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "list_tests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "48122189b6162945482583ef27470217",
"sample_size": 18080,
"sample_type": "Binary/None",
"sha1": "5635d117c3455d2a19b5cdea060b06a55260f111",
"sha256": "dbd58c2b359b04591729b191d17244e06647fa3b5bb834e0e6b8e0558f9c9bce"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "osmodule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "2515d8a5958b1f7428379a10f1f53c38",
"sample_size": 352,
"sample_type": "Binary/None",
"sha1": "0a8103966dcd8116e1790c9397804959ebea48d5",
"sha256": "a387446860c0f75598035d9306876e19ca4440d0d22e02c1096710441e331971"
},
{
"classification": "MALICIOUS",
"file_name": "refactor.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"md5": "fadf8adb3de58f5a7a9875680375a063",
"sample_size": 28280,
"sample_type": "Binary/None",
"sha1": "46d3d649350d05400dd74cd54cfc9933792fa90c",
"sha256": "ac94a83d76a14388d36847da30a07536424672cc4b5ec2c130a9e74d6089a202"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ieee754.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "faa1501bdc9f63dd7e1ee95e0c192dee",
"sample_size": 3512,
"sample_type": "Binary/None",
"sha1": "0fa9cbf5ebaca670ebdeba4315189de2d56cadf3",
"sha256": "58c49ba733b7122ac44e83f5cbfe7bf9392a9e1e27bfc078f6d64dd172cac3b1"
},
{
"classification": "MALICIOUS",
"file_name": "traceback.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "01d894e8ac8afa8b8df5345a113cd602",
"sample_size": 25344,
"sample_type": "Binary/None",
"sha1": "fd24dc7aceaabe8c5002e9d59b96c983af554cc1",
"sha256": "dcd71c15a5f646fc0c84231cffccd45242377fc4e765955fc28b839ef8c80217"
},
{
"classification": "MALICIOUS",
"file_name": "test_time.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "d3a396057220daec13948937fdd02c1d",
"sample_size": 41960,
"sample_type": "Binary/None",
"sha1": "bdb547e8d9045d17600135e5b868270d0fc96af4",
"sha256": "29a6d0f410380f2139eeac85fec07319c1ac7182188598eded298930c01512fc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "0b66c78eb0779c515dadb7c71e129f19",
"sample_size": 80,
"sample_type": "Binary/None",
"sha1": "3ea61edbc512e7f45f05f6f2c1d2b432eb97baaa",
"sha256": "a6fb14d10ae7acd0ea355bc6554227e2d2b8a9ddf702cf6fa723c3e9072cefdb"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "versionlist.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
"md5": "d2c7d6d0a6d9f702f6e3936589a41ee1",
"sample_size": 15888,
"sample_type": "Binary/None",
"sha1": "6df1d1a5b93e6de37723c77db4e99ce5634f168e",
"sha256": "0b0946af895639845c342b648b93c9ea664011b3b6378385b2c47f1979e79312"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "palmos.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "1c9b481d20baa29974e3ad97abee89bb",
"sample_size": 13864,
"sample_type": "Binary/None",
"sha1": "608314aa13fce5eebbdcb46ad81544474002fad2",
"sha256": "755a43d498461631fdf69c9802b3e66583c6dfc94f44be4ea72035748d535e0e"
},
{
"classification": "MALICIOUS",
"file_name": "gettext.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "f5824e7e554cb6d16fe72bb86ba69439",
"sample_size": 28096,
"sample_type": "Binary/None",
"sha1": "060187044018f9faeb9e982c3a28699c9fd47325",
"sha256": "f38122d0bf630cb6c5560167fe77901a44bd43b390f1cf822d24cb463921597c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp875.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "ae3340651634aa04bbcfc192adbc88d9",
"sample_size": 13200,
"sample_type": "Binary/None",
"sha1": "648f59444af950a7b302d7c32a2e4b4f1ce6b4fc",
"sha256": "0b99c9133a0a5ecc073ab9fc1121139e098aa2d8f8d1dc878c3ca4a50f876c4f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "imp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "88049f4c626c035185813d76427e8f36",
"sample_size": 10920,
"sample_type": "Binary/None",
"sha1": "edcbc7fd9b171a16674f09906134ccf9b1853c4c",
"sha256": "68eb0cf4faaac6d68ce831fc813e882a52e7b307c83ae21d2f5e6c835f8522fa"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "utf_8.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "22eddf8ea527b7c3fa04526ff5293468",
"sample_size": 1088,
"sample_type": "Binary/None",
"sha1": "733b3ba484e28dd859eeb55e272360a683db228d",
"sha256": "bb40a355f6471f3379534dc7ee7f10aa25ef9d608dc2bc602ab0fa336a8f6066"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ssl_cert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "f21346295be38ca5fe8aaf947be6655b",
"sample_size": 1640,
"sample_type": "Binary/None",
"sha1": "33e928929d24251295d47c4fb165a1aefe05f309",
"sha256": "44cb7bc967a1aa78b1b4cf19424acb91067316dc16c16ca1dcb267d53db3dc7e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp424.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "cf1b79349fe8adb644c130e4fa19facc",
"sample_size": 12400,
"sample_type": "Binary/None",
"sha1": "3fb8aae4df0c693a93561a5b7c0727e2dfb9ccd9",
"sha256": "9223e3aa5afc5105aba5935c36a35bb986b4f7f189aab69e979c37fa7c838755"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "search.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "bda64b0ab9a528aa95ab68b1c24bd38b",
"sample_size": 5768,
"sample_type": "Binary/None",
"sha1": "8658e11ae9875b73bb13740a0452c11d4bc7cbe9",
"sha256": "f0dd599d0d9310e0a28a0c355601668c1e7c816ced8f903338cccaf64067c392"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "node.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "02b1f0f7f0f3b09abfa43ca7fadbe350",
"sample_size": 1368,
"sample_type": "Binary/None",
"sha1": "ea25305df71d306e3c8ccf03b48bff9949ab71b4",
"sha256": "f93fd8511aa7e43b1237b320b585bfdb5c7ffd342f650e052b02947b5f5174e0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",
"md5": "0426a70e5c32a1c7f2c92a30b525acaf",
"sample_size": 648,
"sample_type": "Binary/None",
"sha1": "50d1cba79a9db6a3f1e7e85e9240f758409ab718",
"sha256": "f5bd8778e4a570b9d51cbad09758fcd34178a2c450c45faccbac0876870877a2"
},
{
"classification": "MALICIOUS",
"file_name": "test_pydoc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "0436c847cb40a7ae6bfab114dac9d3e7",
"sample_size": 63048,
"sample_type": "Binary/None",
"sha1": "5f827356a1a6d55c61133a85f83c3f2a8c755ab5",
"sha256": "a3b08652a6d1337dcccdd164efc3643be419fdb44980123c38ab96f79ff954a2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "has_key.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"md5": "2739b58d7dbdd42032eb2e43846c89af",
"sample_size": 5864,
"sample_type": "Binary/None",
"sha1": "db3820d780edac3eab83f616d87e67c1d5db392c",
"sha256": "afa15efe6dcf18f7c8c16460bd89d09d6567c1486c38548062b3307d2291e2ff"
},
{
"classification": "MALICIOUS",
"file_name": "test_bigmem.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "6ac9ae12395538d9aef260c68d920053",
"sample_size": 47152,
"sample_type": "Binary/None",
"sha1": "d8eb27b21e3b2e8adc5526d93be3addaed20796c",
"sha256": "b25a6dd0a1e3ca5db6fded68a917c016955714067269b3ef0d6fa90fcb916d26"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_compression.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "09c2a84ba47f6ad89de4b83a54b0e4c1",
"sample_size": 5536,
"sample_type": "Binary/None",
"sha1": "e487bb5affae4cb8a856aea5f6ba8612540a1580",
"sha256": "6b6597c03313ee132ca3a84cd16052d42a8cfc5d54db197d173f69f243941529"
},
{
"classification": "MALICIOUS",
"file_name": "test_pdb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "874847379a64bf64b850eacab378866e",
"sample_size": 63696,
"sample_type": "Binary/None",
"sha1": "a0f0e5b6463b8502e44e2a1efe7f02bbc3908555",
"sha256": "4a9ae47bd21f0afdba3260f4d9c941654e090fa4d56c040f5e8ec33ba52e48ee"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "textwrap.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "3c0a914769c28bb0ad5d8282b396f2d7",
"sample_size": 19936,
"sample_type": "Binary/None",
"sha1": "7675235e4935ce77a0355c9c1c725a9306b70ef3",
"sha256": "4e4fb8b39e63cc3bc9f50166ad4769f591fdf9fb19328638d5613b0dc5ea2031"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ann_module2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "806eae64922b1b49eefbb32728bde83e",
"sample_size": 592,
"sample_type": "Binary/None",
"sha1": "d9785dff76a3bc509d0953afc2a82f6ffe386b29",
"sha256": "3677ee2e05f68da8bbc0738689b942b6983dd48144ccb48bc222e168497c6a1b"
},
{
"classification": "MALICIOUS",
"file_name": "test_gdb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3f5a8acd3a41219ae7ed3bc8349b9e91",
"sample_size": 44648,
"sample_type": "Binary/None",
"sha1": "9a873a174c475ad3984b682a7971f45142ddbc97",
"sha256": "04b40b6854508fec5300cd3ff245e2719d165ea0376adc3c3d619b2d238ffe03"
},
{
"classification": "MALICIOUS",
"file_name": "site.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "468dbab4ac2a0db0636b84a491757583",
"sample_size": 22248,
"sample_type": "Binary/None",
"sha1": "392bfbd8acc016263338a6865fb5217d2de40841",
"sha256": "47eb6c5e39791fc5e70cc54d81c90c24453ced167641a485398940238af3d1b3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "help.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "1b38301097b7a00bc2e1f33e727daa22",
"sample_size": 12184,
"sample_type": "Binary/None",
"sha1": "57d37a1f3b674eb2dec5ea70ed80cbfb67910d13",
"sha256": "aeb1bee0d15646a143c07e570581aabf332dde7021e9abd1374c31b522b3c79e"
},
{
"classification": "MALICIOUS",
"file_name": "rgb.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\pynche\\X",
"md5": "d3e9abfcd7c5ccc5ea1fea1c758674af",
"sample_size": 18168,
"sample_type": "Binary/None",
"sha1": "5f79be09b41bfb9aec5478d55581255df87f2346",
"sha256": "bcb2b7fd69e25a2e7bc23ab087f6e474ef1ac6f252212f913b449fbd4411be72"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "21d4feba3519c30e149fdf62432f198a.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig",
"md5": "2d146083c1a3c4013d5d446a4f10d7f5",
"sample_size": 2168,
"sample_type": "Binary/None",
"sha1": "f29c4b146fc6889be9670c2d2e951c9472902224",
"sha256": "b6e8969b95ac44915fa0eb479fdda926b1bd727f87872e08d7f876ba0024126e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "asdl.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "e1d9a79c12632dbf3411a83cdc528a68",
"sample_size": 1312,
"sample_type": "Binary/None",
"sha1": "5509a15d8d40512e524fb9dedca8488c080d0fac",
"sha256": "63586c2bdba98757348dc61f656becc2c75ba1f6d39281a043610d0631358ced"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "bad_coding.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "a2237c8c140eef72b383d307f63c4867",
"sample_size": 64,
"sample_type": "Binary/None",
"sha1": "6d73ea51c2e8b3a6fe5d0514404316929ee760c9",
"sha256": "bd6dc63d6492772a01583bdf35e714d73952598366b5144a2ff6971e4d455967"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_tzpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\zoneinfo",
"md5": "511be2dcd551a40451264a5ff628ef92",
"sample_size": 5296,
"sample_type": "Binary/None",
"sha1": "43990a2a99d73aabc6ac9090b53a05bd74c843fc",
"sha256": "f154af54bae028885aaff76f70b26fa79f17fd635b9f06c78b87e24b2afa6885"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "funcobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "29ca31d1eba36a5ed07cd7ef8e1e9b72",
"sample_size": 4192,
"sample_type": "Binary/None",
"sha1": "1a34081326ccbdcab83ab5b73e12df4c421332a9",
"sha256": "7441173ec24f5cce065992be43358b11aa18f114131616a90ce0f0ca6578e5f3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pycakey.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "45528037bec338cc533d2b4491d3f880",
"sample_size": 2568,
"sample_type": "Binary/None",
"sha1": "69c76af80ca1c262f84dbac20eb4566fbfd69e51",
"sha256": "d41b52332dab3e55eb96948ee888a4a49cf03306886e2d62c4a46ea01917ed26"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "oem.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "23bf9890d96475f939864b760b229b82",
"sample_size": 1104,
"sample_type": "Binary/None",
"sha1": "1dc2f93e767e5f21922781e00821c7af61e9b06f",
"sha256": "892cb42dd291316b38f46ac25be60c294d540f3153f6b796ef7d56ddd449f3e1"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_hash.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "5fae8ea103b79ab9e3fcabc5f4e99ebb",
"sample_size": 12112,
"sample_type": "Binary/None",
"sha1": "d60cc7ad5023661c5cdfc8d50099a2e89464d758",
"sha256": "d9417a4f45475818a83633037390e6c8bed0ec69082d71da6e49c05767b45f2b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "nosan.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "f9d9c7aba20ef821c8f21e4c40b71a30",
"sample_size": 7888,
"sample_type": "Binary/None",
"sha1": "ac6dcc9b5fe28d3cdbb069db07f790e909abab66",
"sha256": "24db772e81b7496c2590aef4882cc84e4e20a52ce463199846e9d5401bca151e"
},
{
"classification": "MALICIOUS",
"file_name": "test_range.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "a06fc0291809bcac2aaec3946c849f8f",
"sample_size": 25656,
"sample_type": "Binary/None",
"sha1": "7e8be70aedd12c785213bc1c832a781206103749",
"sha256": "3907f55da5e48fd85210f0e739b9eb4675976c717aa1025b2db7cab4a0aefcd0"
},
{
"classification": "MALICIOUS",
"file_name": "mimetypes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "d970139acb7fabdc24657adaa08e9dd5",
"sample_size": 22216,
"sample_type": "Binary/None",
"sha1": "0a6a563abe9efbc1150548872ae5e68c0fb68708",
"sha256": "e6914937ecd57492121b9cdce72d92506719ad2b432941790651ea9d5ece7243"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "iterobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "d0b1451eb82831ff63a604c115f65f8b",
"sample_size": 584,
"sample_type": "Binary/None",
"sha1": "cfacf2f0852ebae3e37d09699ca79537d8a0ab14",
"sha256": "8e741c7670df9caf24158730dbc2e440d4de5f18547cd3939699a442b1dbf2c2"
},
{
"classification": "MALICIOUS",
"file_name": "asyncore.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "a1e389796688969c4153ef385ecb6d99",
"sample_size": 20784,
"sample_type": "MZ/DOS",
"sha1": "3b42b184df1d638e48eb8a814fa7509d8dda7fc1",
"sha256": "5b43d6305571996b3b6756b3309b79c98c27e5627f6cf28b91345087713ca133"
},
{
"classification": "MALICIOUS",
"file_name": "inspect.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "ab42fc8057d97aeb626f6e0a0252d06a",
"sample_size": 121448,
"sample_type": "Binary/None",
"sha1": "41ec7190d2a3e156e934aba192f532e2abbce555",
"sha256": "e623ec3a9fa5fd0aaf7cb13ce3ea96fca35c158d777693b85085b950b7e6e7b5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "intrcheck.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "6be212cc6a022c3491e894ca94bd462e",
"sample_size": 936,
"sample_type": "Binary/None",
"sha1": "13dd4cd171827fe5c991952428b685f1d36fc01f",
"sha256": "0356847870bd90e0dc8ee47e9b59cca8acae9532f74ee314d3b44548c7a30018"
},
{
"classification": "MALICIOUS",
"file_name": "test_deque.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b1c33bdb9ffe813ddb34f922c3885583",
"sample_size": 36480,
"sample_type": "Binary/None",
"sha1": "9766e2fcf6f0bf5056b12d8030d1d0307279c189",
"sha256": "978faccb7752a8ff21b5a2c5481d8be309585a325ed82e4d9924a9ebe215b721"
},
{
"classification": "MALICIOUS",
"file_name": "test_sys.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "5926a6ea2ab1e33430c6b2eb5616f08f",
"sample_size": 57632,
"sample_type": "Binary/None",
"sha1": "9de125893099a684154125148bf4a199d4a3b7a1",
"sha256": "5ee19e3d218c847f94d1b3d6f3acd473a7c5516d099a882dddc3247a9bd8e6d6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "lll.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "ad7fc598c9b28c282bf4331620f2e0c1",
"sample_size": 816,
"sample_type": "Binary/None",
"sha1": "abc187688d88596322d48738070511604f0cea03",
"sha256": "fdd42e2a29115427e48387c4f2a96e617eb13ed10639958581845573701b4383"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "colorsys.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "96b862c2ee48e4fadc8eabe8f5ae7d77",
"sample_size": 4272,
"sample_type": "Binary/None",
"sha1": "99bb3573ff1e909905cdc78885b30fd6dc25fb76",
"sha256": "f201e68ac10ea4b17f2e87ae1f3d01dd7f5b597ff0fcec24242156067000b8f8"
},
{
"classification": "MALICIOUS",
"file_name": "unicodeobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "db3c9ea5c9262124df1b1861e1b706b4",
"sample_size": 36496,
"sample_type": "Binary/None",
"sha1": "7330876ed97a00d8c307aa27f1e480293f34a3de",
"sha256": "6e017e5108dec71db4a30e68c49ba71a5a3525d99621c84b94da6e27cd22bf60"
},
{
"classification": "MALICIOUS",
"file_name": "heapq.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "c6d6fdd7138baafe32f23dd2b5d610cd",
"sample_size": 23520,
"sample_type": "MZ/DOS",
"sha1": "21c1cc43af3c74a62c5023ae9c85902b710fd6ad",
"sha256": "21a4433eb21789bc6b83d78531b9d1d50ceed26ee3632d20528d38743db7a5dd"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "OneDriveMedTile.scale-100.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "f4aeb984224e155ff2044c28a147d9c1",
"sample_size": 696,
"sample_type": "Binary/None",
"sha1": "0d10103661ec7bbdec56180c562a3f9f6b44b30a",
"sha256": "e642022a7548826a8935b5dfb70262b09d3c3792bae20d4653c73ad1b2e511c4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "dutree.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "15304a28cf88654d79b708abdf304bb6",
"sample_size": 1736,
"sample_type": "Binary/None",
"sha1": "c111b8136783d8eb396ee945ea7125bbc7c3b7e3",
"sha256": "cc995dc2f0cd643262257fcd978880d75805906d4bb8f658f84e18748b42944b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "methodobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "2dfbe1573e891b5b767aa3c026f9f1b9",
"sample_size": 3928,
"sample_type": "Binary/None",
"sha1": "337095093a283029cbda6eb48bfc805d424ceaec",
"sha256": "3b3ac3a391386984960f94fb31ca27ff002eecfdcc61359f831163f697cd14bf"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "graphlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "87063bc782da3f736632536d6799bf2e",
"sample_size": 9856,
"sample_type": "Binary/None",
"sha1": "0d1870d8d6a5e5516bc113e32629080db760b982",
"sha256": "e37cd60947f953757701b1cd13466bff483318bb090715e70ffb8de9d64219ce"
},
{
"classification": "MALICIOUS",
"file_name": "request.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",
"md5": "a52631c7a7504d1caef54eca4d656f12",
"sample_size": 104480,
"sample_type": "Binary/None",
"sha1": "80dad4d4990dea35860737c974cec5e6abf18d03",
"sha256": "64de40be74c13b1c974592ded4dfe6e04d61e244f2c58996b67c857d2c71f752"
},
{
"classification": "MALICIOUS",
"file_name": "cp858.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "a30b8cef211c8952723edf51575e8951",
"sample_size": 34752,
"sample_type": "Binary/None",
"sha1": "67ff2ce62f94b4b3642e67700a8d47852744db5e",
"sha256": "74e0bf72830fa11ea4ad7590fd0e4643944d6f097645a7f170e210c31a0325da"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "utf_16.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "b378315d8db81822878301a176b65d34",
"sample_size": 5432,
"sample_type": "Binary/None",
"sha1": "27d18e3e36fda87245e8ee0d80d23cbb4ddd7543",
"sha256": "f955a1fab1fb74d582a1f5959935ae14e2f7e9c575348827295e224716607ec4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "mp_preload.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "127ac14ca6b3c47b732edf3cc06d2393",
"sample_size": 408,
"sample_type": "Binary/None",
"sha1": "cb361c8e03ea62f84d743b69b32664ec7a96ac4b",
"sha256": "827ef63ccc432d45ecc30d9dd8bf5fc8ed671f7c99b88371c807c8b9c5add008"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "stat.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "beb6824fd597c5213f0f11c89f02b5cb",
"sample_size": 5720,
"sample_type": "Binary/None",
"sha1": "d8ba469844b27f90f0b0b10c72cb23d6e4534338",
"sha256": "f4caf2fd411df4325887299810a54be22120665d2099840f717c8e321c92cc6f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pyctype.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "2beba29918db50da15ab0af409d9325b",
"sample_size": 1464,
"sample_type": "Binary/None",
"sha1": "59381523b01ea259cb914817882b8b1e67d61d53",
"sha256": "39fc6724c1a37fb1070f4cc7dff75e84d554bc074a594264d3d8b13d90f8d97a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "image.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"md5": "ceac0890352945d3a21c155be4e2d208",
"sample_size": 1920,
"sample_type": "Binary/None",
"sha1": "7357a896eee2312c5542e8b0c2b210de61fd351f",
"sha256": "f1caa48d364c7a9729269ac3ee972e0eb3e823c4e05989f4c935782afcc8dac2"
},
{
"classification": "MALICIOUS",
"file_name": "_pyio.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "c44009246b73337baecd41c47ca9b754",
"sample_size": 96048,
"sample_type": "Binary/None",
"sha1": "fd96f894775976271ba86018ce478190a5d44091",
"sha256": "c13ca72ec976993feebeb27dd249e8b42112253b0b1b307d1fdf393b07137e1f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "testcodec.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "a40a66f1c69fbb05b67cd370dbb58f27",
"sample_size": 1136,
"sample_type": "Binary/None",
"sha1": "d4f3098a7892b3edaef0926e3f3be29340fdc781",
"sha256": "2ceeee7bf456b693a2c58a9335e2f12c1c31611c58c19a43ec4c3396b5b56196"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "py_curses.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "432c00b59bfde7ffbeeaff6bf990d110",
"sample_size": 2616,
"sample_type": "Binary/None",
"sha1": "74d7a861759ed252c814c650fe365b0b96dfedf0",
"sha256": "a5515e6f6f1db2af7a4bc493410b5d016dca772b2d7b836cf27a7d34b94006bb"
},
{
"classification": "MALICIOUS",
"file_name": "pathlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "9e7c8d7316fa9863e9315212467eb265",
"sample_size": 55704,
"sample_type": "Binary/None",
"sha1": "751de1b67f271c659fcae9597bf5a5c6132c1766",
"sha256": "32f8016123fd0c3e4fe3fc603cd806a5f081fde78106e3be8ef6e9246d1f97e5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ucnhash.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "b811a759052825666b897c889bb7fd55",
"sample_size": 1136,
"sample_type": "Binary/None",
"sha1": "c9a76bef9558f88b4850781f264e599a538c3fbb",
"sha256": "daf458f9c07c3136505944b03c72ec657b41afda9611459527073910a1aa82b9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pulldom.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom",
"md5": "e37c70554fdff5536e793abc05cccb1e",
"sample_size": 12384,
"sample_type": "Binary/None",
"sha1": "3ab2dfb45db543e041758f61480c42edb6a7bb10",
"sha256": "f5f3416f309700d33c762444846cdd9ab4c690c6c4af6aefba3252a358413598"
},
{
"classification": "MALICIOUS",
"file_name": "test_descr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "90e03709541bed9c6e7f05e132af58b7",
"sample_size": 201632,
"sample_type": "Binary/None",
"sha1": "2c0a237d11dbad9c9b415ed18ce6f31c128b1985",
"sha256": "f16b15e7d92f508808214fddd2e93aa75389449ddd0585c4393f5c4a72c98e16"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "descrobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "639bca8fc1b2c459a7ce79a5bc6994ca",
"sample_size": 3168,
"sample_type": "Binary/None",
"sha1": "e9ed1b10380aa8f9430b712c78f0721ec3f90701",
"sha256": "3cf3a37d2a7087a5cb17b82f0ed39b6cabddb7916d3081e2ad3caf671011f612"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "fileutils.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "ef812e94517e26060c88f5c8fd5f21ad",
"sample_size": 664,
"sample_type": "Binary/None",
"sha1": "58bd06e7b0ccf6ddbd2b846b51ca2d671968cfe8",
"sha256": "e97152ce1a3beec6728dfd9bd84394ef2d1b7a4bd208971ce4273d43ab80fff2"
},
{
"classification": "MALICIOUS",
"file_name": "test_trace.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "9c37968c5bfa1ee0f82966d1865c3663",
"sample_size": 21048,
"sample_type": "Binary/None",
"sha1": "72eb8234f8436e68e0d0591389ac1f13437a90b6",
"sha256": "0ad0526c5af092a2c6367cd848b6b112f438b790cd5c6f684eb22fac8c07e26d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "ba33b01bf7a4a17949cc920e72645f40",
"sample_size": 208,
"sample_type": "Binary/None",
"sha1": "b83092a41d84552d408acedce04ed0b6f4f2c4e7",
"sha256": "67d3c69bdf6ec625ee91d2d6465f2770e86ecbe6e4c50385a746e82f385af141"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp874.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "60ef65f4d0d13494b42ad353c649c6c1",
"sample_size": 12944,
"sample_type": "Binary/None",
"sha1": "e1b83259cd4576b4680f412a6bd142a4e3af0aca",
"sha256": "3bd037554825f8874c62b07f68b270d2ab1001b853ed2db2469cf768feb546d0"
},
{
"classification": "MALICIOUS",
"file_name": "cookies.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"md5": "e376884a0a6851741389d1c2a09a3d8d",
"sample_size": 21136,
"sample_type": "Binary/None",
"sha1": "6396fa4474c43dd1b60648fcc5094fae4a5097bc",
"sha256": "7a36118441d557615a2ed6c25fa223318cfba5bb3c9003d52e8b0a76db036fa9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "b4f36fb1ddce9cff6010ccd834d799cb",
"sample_size": 1368,
"sample_type": "Binary/None",
"sha1": "59dc845d2a06e5aac9e4e72ea6d13c6321c69656",
"sha256": "9ecf59246ff5de4aac92c53e26d3aa4e1cac391a6b2aae420d7e3f16b47aa67b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "queues.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "9413468505d48d099f7738bc50eb80fd",
"sample_size": 8600,
"sample_type": "Binary/None",
"sha1": "b0554b92476dcbc87e4b0f3dd27bb930eff7415d",
"sha256": "90b0bf10693d027502c3366e65dadcf469aec1f516ebbf45aa37c25e33b79454"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pydoc3.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "2289fccdd130388114df7b3b274f0ca9",
"sample_size": 128,
"sample_type": "Binary/None",
"sha1": "0242ea6afcf0de19a736594883533ba3aa48bd77",
"sha256": "e60a6137e3a54c0b1acc11c281c4609efffdcb7f273b59d3d4fc0bdd321ee0f3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "log.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"md5": "e2e497ae520f0929870b11db3456bfbe",
"sample_size": 2088,
"sample_type": "Binary/None",
"sha1": "0058fc93ae183ad8ded96ff22f49890136a09224",
"sha256": "fa8d800eded09207f085bee25a7c08ad232313c96e69fb4d8fac5b93d398d386"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pycapsule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "5147a1fe2cda56a3eaca3244882ad583",
"sample_size": 1824,
"sample_type": "Binary/None",
"sha1": "f68c1597b2a127d2303c00f8c00d07d419235bbd",
"sha256": "aa3616afb06c0842ab85a82eab070dc9868fbb41d818bbca2ad61a8198f00d08"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "datetime.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "463943789335006c73a385e1958cab76",
"sample_size": 9552,
"sample_type": "Binary/None",
"sha1": "8b99aaa6ea169a6bfbcc06c1ed39cbb57370a0b7",
"sha256": "0b47e0d40424dc12f49818a57eb47ce4f199bcf91ab451d8d354f4253a12c9ab"
},
{
"classification": "MALICIOUS",
"file_name": "test_types.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "4de91b9d3a0e35297635278579870162",
"sample_size": 63040,
"sample_type": "Binary/None",
"sha1": "34d2364f4f4141746151b4014c6b860d026173c4",
"sha256": "3d4af3e66f5a83f870b6c68ab653fe46165d1788b77dab24a6d04e79423ef609"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "msgfmt.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\i18n",
"md5": "ec31205c053d9e6de5fae9682393a3c9",
"sample_size": 7880,
"sample_type": "Binary/None",
"sha1": "1cf2a8251de1aa15d994d5a64b9d98699b235649",
"sha256": "2c969afb2effb746737cd8c445cce399aaafda3d6eecc0a7c44b42608e88fc57"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "token.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "4049558267aa4a9db7fb26372958358b",
"sample_size": 2776,
"sample_type": "Binary/None",
"sha1": "a0827ed264a89663b9ee706ba93eeeb45f42fe70",
"sha256": "bb3c4552a09a6069c1125dfdc1e93cf28d4424911777bc9792cc5553040a5f85"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "fixdiv.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "0377a9fffa490df7b11443cb5bf50280",
"sample_size": 14656,
"sample_type": "Binary/None",
"sha1": "c6377cfd705485be28e531f16077e828a349e797",
"sha256": "146062f156161938024016cb342c4f138096b9c53fbfe0396b5ddcb83e625025"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",
"md5": "6fa33e658cff1f14b4cf336ef318ab83",
"sample_size": 6064,
"sample_type": "Binary/None",
"sha1": "972dbd8f1aa89ca577516ddbaf36625bf66e36ff",
"sha256": "cb7d538a6517390e819edd4e4b5d3afebb28a40d039c2ea79267143b0cdc0171"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "validate.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",
"md5": "e0fb79d45012836ef4f566e214ddbdba",
"sample_size": 15584,
"sample_type": "Binary/None",
"sha1": "08fb66e158ec27b9c0804d88ff8a0419234d7e80",
"sha256": "b1eeb5d4ef8c8abbf49f51c2fb9c9b99581416e22c614ecbbd2839f47b30c758"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pdeps.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "3bee533adc2c7d58fd36b8ddc3048da0",
"sample_size": 4192,
"sample_type": "Binary/None",
"sha1": "b8d1e1606071b1eab5db118adb12962110e9b580",
"sha256": "eb00ee1ec3f0b56a8504325478a8e2f9a23e6fecec00e657d7d8bb6de2fcff09"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp500.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "3e9379761095aad118d631e477fa2d32",
"sample_size": 13472,
"sample_type": "Binary/None",
"sha1": "c13c62b1f84cfb9638e913f83f2ad02eaedcd33f",
"sha256": "a95698398ba57a9718b9ca17eb1f1d022f647511049ce0fb2f7233c1132cf39a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "tree.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",
"md5": "8b47e68baa273e23c4e528bd21c0fc56",
"sample_size": 1504,
"sample_type": "Binary/None",
"sha1": "180aa1ad20c9a66bf6e1247be38859c5ab7c2a17",
"sha256": "cc829c500a9be961bb5598c35633819a51dfa2dc13569849ac0a3934e0da7461"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "bad_coding2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c822e40270e9e8232b8f1cfb8e310082",
"sample_size": 72,
"sample_type": "Binary/None",
"sha1": "6063669a2f2d79b9eb7f145efbe3d7c53fd0478c",
"sha256": "e93125785a7547d863a0bd1886f042b4fd55ab87afc74b12b2341d8a6a455de9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",
"md5": "fcb45868f52229c37da01195ff8b9e78",
"sample_size": 192,
"sample_type": "Binary/None",
"sha1": "19af777d30aa6833b85c27ee5dd6e80bc33af4e5",
"sha256": "09af3d44939ff50de752bb4ad36d2f6af546aa07cb704361325c73ebebbc5c61"
},
{
"classification": "MALICIOUS",
"file_name": "platform.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "2443d653bf5f09b67a65ef60c2cf4e1f",
"sample_size": 41912,
"sample_type": "Binary/None",
"sha1": "94e75f806ba4f098631393b09abd618097a9302f",
"sha256": "aaee38dfee7737b9fd28b74d013773cc066ef9a14b8eb727041a1106fd0c326f"
},
{
"classification": "MALICIOUS",
"file_name": "os.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "dfece8b09e598b6c0a096d087e2c848f",
"sample_size": 40224,
"sample_type": "Binary/None",
"sha1": "7f042f159284150d3159167796b0e2429e2f11c5",
"sha256": "7c4c604a1b84fa876e9d6deef70223b9c5ad541a7e59864ba61acae973e94b71"
},
{
"classification": "MALICIOUS",
"file_name": "test_socket.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "e7b9d4b2001fe721da77fe07fbc1eca2",
"sample_size": 256856,
"sample_type": "Binary/None",
"sha1": "a1d323e5a1480d11ef2708c44b221a5380065216",
"sha256": "1a4e931e958a0a16774072e4511eb831c8b30cd14235b4b7283ec87dae000075"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1026.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "2fe5c7d813be03f4b50b8d44187575c4",
"sample_size": 13464,
"sample_type": "Binary/None",
"sha1": "f532dd3e44b2af0a2b1994885d8f97bffbc17862",
"sha256": "81b9fc314b5d1026ec098c9d1e5e5c94c3cbfabccbf2ffbc932fbed55a582fa0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1252.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "ad71af69b7e5a19e4feb4927223ba59b",
"sample_size": 13856,
"sample_type": "Binary/None",
"sha1": "ed2b7eb1bb4b53b5720a0fbc653b8eabb0ea8d80",
"sha256": "5d00afcb13e5ae2e5bc72d87b62863e8c4bf8dfd7e8bc25bde9ecfccf470e082"
},
{
"classification": "MALICIOUS",
"file_name": "test_embed.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b94ad25eaf057fcf681c5ef1e58e76c6",
"sample_size": 54160,
"sample_type": "Binary/None",
"sha1": "1176d7a8b6a5f6835d0d7f038744a5f479db7ff8",
"sha256": "ae294427988143e56a439bff8ffc8a8a19de1ef6dd06de796c27d6d534057740"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "weakrefobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "b45f0f2e139ffb91b5cf7c4749e90d5e",
"sample_size": 2992,
"sample_type": "Binary/None",
"sha1": "427b9ef8436420628f67130e63a8e206687f433c",
"sha256": "c43152c6d16c7b2e9691089325662e495c650034b6758419a6cb3be0e6b821b2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "py_compile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "4c2c7f22c09ff58db5613a8f86e8649d",
"sample_size": 8400,
"sample_type": "Binary/None",
"sha1": "a3d44fd4ae89e06757b796a736dc5260e0073f8d",
"sha256": "cdd3c0b42a1efe504d872f01d868c778ccdd4a9ba28b12b1ac002ea5a511800e"
},
{
"classification": "MALICIOUS",
"file_name": "test_ast.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ac7168741a56d7c65e23825e795756fb",
"sample_size": 103024,
"sample_type": "Binary/None",
"sha1": "d3e98d5e07ab3f830e048c56d37dd10ab0815586",
"sha256": "88aa5184b917cf9df79d4eb28ae00645e5271f6aa0b93475248dff773b5314d4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "which.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "0d4bcd15242583cf1f6133a16d6c97dd",
"sample_size": 1784,
"sample_type": "Binary/None",
"sha1": "188678eaf72668c0cc4ca8be849b026ebaab3563",
"sha256": "d6e0c3791becfef6a02281f1553ff6cfb4213002fa89606fe03ed0f58d277f6b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "iecompatdata.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",
"md5": "e9b79bfd19b685919696608d332437bd",
"sample_size": 3088,
"sample_type": "Binary/None",
"sha1": "6884c56614f1605f4942e81ecc9a37d49fc8acc9",
"sha256": "adc8b88eedd11bcfd1804d20e695d700f2622fe45be60326bee4bae30556159f"
},
{
"classification": "MALICIOUS",
"file_name": "functools.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "1e612b0f8a4173385fa0d0d480ddfd77",
"sample_size": 39928,
"sample_type": "Binary/None",
"sha1": "fc6b143f9f6bf0bf4f0afff5f0e9f15958f2cebc",
"sha256": "ddf63bd7f8a1c939e66f0e12975ff2fb6eaa59b7c607f0cc31e846520333c75c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_select.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ae039e0d7af9e9b42888a7dbb305e524",
"sample_size": 2880,
"sample_type": "Binary/None",
"sha1": "112c4ee127085278972c8947e3f7a873c6af1107",
"sha256": "1794e14e30eb9901ee34ff6ad394cafbb8fad6b7ca14502a554efa466c0d7a81"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ColorDB.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\pynche",
"md5": "d4f9ff96b939e5e16cc42b8a229c89bc",
"sample_size": 9112,
"sample_type": "Binary/None",
"sha1": "d07147c9eaad5f8f186ef2d832ad1e7fee169c37",
"sha256": "4b46b6ca550ddaa8267026e29aa1431ee5c66204f13bb57f516ee215a7578da5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "textview.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "6a5171b56cf56906d9c98b048cd2d035",
"sample_size": 7048,
"sample_type": "Binary/None",
"sha1": "55667872317142871db80a70354d2f041a64cc95",
"sha256": "94f068ed4ef68c25be38a3c50581e0a9a859ee93cb84dc6e3b492352bdd01de3"
},
{
"classification": "MALICIOUS",
"file_name": "test_scope.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ce979f84d8bc3f80f47e9a6c37d23ec2",
"sample_size": 21112,
"sample_type": "Binary/None",
"sha1": "3073e32590c2a5cc8bebd90f44e914038e965c03",
"sha256": "525c2eda03cf23e07e251c672fd1f5c2b87735e94ce08fc25c1524ea5464210b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cProfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "fc8c685fcefe4ca51a1bfa889e2c6c5e",
"sample_size": 6568,
"sample_type": "Binary/None",
"sha1": "b62c05b1ac08cb129523f86a5a56c1b68072e3cd",
"sha256": "bcc3f948f0bfb7d48c2f84758562f06e17d3142474e39b73ddaf524cd8688230"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_heapq.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "38d777df2a99a8603c6e32bcffa2a53e",
"sample_size": 17304,
"sample_type": "Binary/None",
"sha1": "0f67761080f5cf0fbd3bddd05201680728156c97",
"sha256": "8768ca8681d0b3b541c1b395bb076f5173e141dec6e816b24e997d5e652af0b4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "signals.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "597a680d24773a70a6488ba4b110909a",
"sample_size": 2512,
"sample_type": "Binary/None",
"sha1": "0eebed14396ed3ed4d0532b476b5b84984fb2b5d",
"sha256": "75e3747762ce81dc3e634fcd6a9f1c6e68478d7dedae0e279232ca4b455bf2d3"
},
{
"classification": "MALICIOUS",
"file_name": "threading.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "1533d5098af337d82a94bca1ccc8f918",
"sample_size": 55768,
"sample_type": "Binary/None",
"sha1": "ea32209e43277db2868cc1f09d8cc410d9959cd8",
"sha256": "04bbe7752f6447dda1e4dc24dc714a3324205453fb48b39cde2b8c90eeb7af38"
},
{
"classification": "MALICIOUS",
"file_name": "test_zlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "30c7c104c7bd9578a7cadbbc6a008cd0",
"sample_size": 35736,
"sample_type": "Binary/None",
"sha1": "53ffa623977e6b139cfe3ea3be74ee18d9a995c3",
"sha256": "21ff64a5db6dcbe5e29d41ec6821be3f074694028fb7f8973fd666aa5f8449dc"
},
{
"classification": "MALICIOUS",
"file_name": "test_fileio.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "bdf91f1d7b5c14ff8af75df0584b65e2",
"sample_size": 21016,
"sample_type": "Binary/None",
"sha1": "9cdaf9d46391e0ea806c69bf04ac404900f96f38",
"sha256": "5c318a51c280a38d5bcb2e669d6d485a28905f32ef98540d3b34c59633723a76"
},
{
"classification": "MALICIOUS",
"file_name": "test_cgi.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "2e91740be7969e1841f52210e46ef122",
"sample_size": 23352,
"sample_type": "Binary/None",
"sha1": "864f765aefca591d2503348a5a6d5f030b07f5f7",
"sha256": "260cf6ce3e72697562313a669ccae7f57a5c7a82873c5b5f313e6c6d82b85076"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_pow.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "673d05d7ced7ba9070fa748121f92f3d",
"sample_size": 5760,
"sample_type": "Binary/None",
"sha1": "b51c642f8780258c25fdeb314a247e9e9136d1dc",
"sha256": "3fb7a7e09fcd9821222c99cfa221fc771927f6d12bbea1d13f5a5af3a1105df2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_wait3.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "67b36b3d4130549cee4fc8db5883a812",
"sample_size": 1944,
"sample_type": "Binary/None",
"sha1": "f2cdcd6caf9f89b0b3ae4a7e5856f3d05b25cddc",
"sha256": "f6980b470c72dd361fe27ef1423597b60fb2707727dd85e205e07322a729828f"
},
{
"classification": "MALICIOUS",
"file_name": "telnetlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "58fd2fe47fce1c540a275c60b436be9d",
"sample_size": 23968,
"sample_type": "Binary/None",
"sha1": "8011754504d58c074fd02187d9ff7cb2ccb32399",
"sha256": "07ac88b7ac6f66e01c153aac872ed8d6b40162549f4c8a38800ec89cd3ecccdc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "autotest.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "09584e97f56a86b0841afe364f83e1e7",
"sample_size": 256,
"sample_type": "Binary/None",
"sha1": "9035f31cb0c1af464b19f2de556f832c9eca3eb1",
"sha256": "397dee4708b913d97b4a93d5975d750fec0fc2164b55e34aaecfe670372ec42a"
},
{
"classification": "MALICIOUS",
"file_name": "test_ftplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b5c7a4150ed564d8e006f6aab57787e4",
"sample_size": 43944,
"sample_type": "Binary/None",
"sha1": "1237afe8d1d22c22d9d11751edbec94c50430c51",
"sha256": "90f15e1ba80ee6907227b1f0f903b822772b1fd30aa555585eef7b6dc86fd0c9"
},
{
"classification": "MALICIOUS",
"file_name": "abstract.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "9f661204496e0fc274bf1d3ad0869fb4",
"sample_size": 31368,
"sample_type": "Binary/None",
"sha1": "3069444588553408183f62de6b6eaff921853612",
"sha256": "4c0cbb6df347fc57ffc2e5557b991982a5c2f287f3bc64f89d88d923a7f83bee"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "chaos.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",
"md5": "f7ae526ede12db546e9a9c066de31ae2",
"sample_size": 1048,
"sample_type": "Binary/None",
"sha1": "8c026d94efd29b4e51a3e9ade7bd3a6903da22a5",
"sha256": "ecb836c39463a7f44e1e7ccc54905993698e27649be4df274eb2ae25f649d76c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_aix.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"md5": "9088407c4128dd3722aa5240f82a5ba6",
"sample_size": 12944,
"sample_type": "Binary/None",
"sha1": "fd6899a95e9dbec59500078da4be4a2f9e52cd48",
"sha256": "e266da49ef7afd42bbfed57b1020a6866ce26411b6d44a2a3e8a1fff0583d3a4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "tree.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "a351d0999391cbbbe69fd4697df9a705",
"sample_size": 16912,
"sample_type": "Binary/None",
"sha1": "8996d05ab569c55fbac0ffff065f9c02f97f460c",
"sha256": "5f5711ac692894860fcf51a5a29c6e5809fa84a0ed3a80a597dc0258ad639b06"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pipes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "7f0530f2c1755279c93ab56ca03337d1",
"sample_size": 9200,
"sample_type": "Binary/None",
"sha1": "2233db5c43b073c1775814572a7668b12442c4fa",
"sha256": "1f6c2b5db58efeeffb47e2fb41f1964f5ded4b24120f8b4454c00904f27c228f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "3d5fb36411e5d879713a90559b09f580",
"sample_size": 784,
"sample_type": "Binary/None",
"sha1": "8ee30e546c97105b0852a811ca30d4b2974ef759",
"sha256": "f9b48594756c462db49ec588ea6634291f6a2d56a6bae9fe6790c538367148db"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "chunk.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "fcc443c51d2cdc408bcfa6a5203fa6ac",
"sample_size": 5648,
"sample_type": "Binary/None",
"sha1": "730582f8a1cea2ec13d4a2881eea67a6f47e512a",
"sha256": "2d9496a023fa823f227b1d00c82ccdcaf428e413eaaca1358b833cdad51127be"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pyarena.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "fcc0757a40f603ace9542e51a4ff395d",
"sample_size": 2848,
"sample_type": "Binary/None",
"sha1": "a12163e30bbe5695daeba26b9ed776c921ea8bf3",
"sha256": "3eb5970ff284265fcd0ee37dd15c6bba40b518f95852f7a6315cde65ab3b4c50"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "domreg.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom",
"md5": "dc62da81ce1beed1d4fcea7ac667e6d9",
"sample_size": 3592,
"sample_type": "Binary/None",
"sha1": "466d6f7a9e209d2e9a341cbccf991f771730bcbf",
"sha256": "fba7dfd284f1a66abd141f1df95fd7164b8f513d756cb8f231ec0b7cb8512dab"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "mcast.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "5450ce5ba5abfc6290fbcf7fa781ae1c",
"sample_size": 2344,
"sample_type": "Binary/None",
"sha1": "243628c423ddf92def75e7f50080e834f39f6163",
"sha256": "3736e6ed2bc2eaf8ec91629a2ea8b6038427a6d7793571350bf58b15d437c334"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "exports.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "33ce00e3af1e792a38615bf5255c8d05",
"sample_size": 1168,
"sample_type": "Binary/None",
"sha1": "e5a300cebe4a50c26a22a34b65f457a7d24ce6ef",
"sha256": "806e5c4d22bf096a84a465b6a40d80fe4f9d956032d0829eaa664018ba7527d7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "sortperf.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "6bb0d99963a60fb18e3f69a19dafb845",
"sample_size": 5016,
"sample_type": "Binary/None",
"sha1": "76d208d9a15b88de36aa245cad9c6be55d3d8317",
"sha256": "e92d08f8a06f599cf287428728f5ffb05c1c2ad2b820b243e17b4bf8ae94df25"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "gb2312.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "37d3e883f282af9e0e55b07d4485bf2b",
"sample_size": 1104,
"sample_type": "Binary/None",
"sha1": "3fa3d6a33c8d71b3d71761f73abb7883bd212d7e",
"sha256": "093b2740074accfeeb67d997882c137ab89ad52abed59c8de859def9853ddb4a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_grp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ec9eda32da881c2f1ceabd7f9284e33c",
"sample_size": 3776,
"sample_type": "Binary/None",
"sha1": "1d512ccb33c4f6512fd91248dfd3ab09c71cf278",
"sha256": "3f342ef9691707f9e8cd3a9eeb3fbee7f6294e7c96591457c10071f6b03e4799"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "memoryobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "5b534f65f5eb7dc9531df77fc7e0a311",
"sample_size": 2880,
"sample_type": "Binary/None",
"sha1": "e68d1c7dd169a171cab4c0a823a0af077364c13c",
"sha256": "ac6d0a4ace356981c6c710811e3a9c0c1de2aa1903faa2f5b0fc9590eb7bc8e0"
},
{
"classification": "MALICIOUS",
"file_name": "test_venv.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c56ae86292becdbf89f0f65af5c46a60",
"sample_size": 23136,
"sample_type": "Binary/None",
"sha1": "a0ed49f93f7808ae83c51cfa58551d50e2a5edb5",
"sha256": "b43222b100f7a13f5331de9707a56adc694d87d99182c74a3dc929bd20e01cf1"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "handler.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\sax",
"md5": "2859e962c5f50aadd8c5ada726d404c4",
"sample_size": 14304,
"sample_type": "Binary/None",
"sha1": "c6fe2596d89c7f545e62fddc04e7a535c597fa7f",
"sha256": "dd3df584a8d038605ca48cacffc2c88f7a38c6a40ca061791105d1144e83adc4"
},
{
"classification": "MALICIOUS",
"file_name": "sre_parse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "c3b490ee3098d6e6562749deb1635c1a",
"sample_size": 41896,
"sample_type": "Binary/None",
"sha1": "80386f9a638fc5eda7987bafc919f1aac6589a7f",
"sha256": "d0adc47c334942f661a86ed6175ad5f593a7eeee9a8b74e84f4c7bbf2f4e1c9a"
},
{
"classification": "MALICIOUS",
"file_name": "test_parser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ea9d710a1a9e88860f885681cd56b4e4",
"sample_size": 39800,
"sample_type": "Binary/None",
"sha1": "226b084c17373ffa7038ef6eec932dcb6c5588ed",
"sha256": "9e52c5c65cf4b12cc18f8f5a939c9ba58eae6fa45cd508f4ac3327a679351c7c"
},
{
"classification": "MALICIOUS",
"file_name": "test_sax.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "409b3aebee89245fe10743668a07edc8",
"sample_size": 49080,
"sample_type": "Binary/None",
"sha1": "fd77219067f5a6ec0ce2c9ebd3c235eee0fbbb91",
"sha256": "8055ce99f4e6fc34712d9d8e6cfe715383e253f58e4f9f10c107c994c4be79a3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "debug.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"md5": "c2ef13c7f1827dc0ece9543141006d7a",
"sample_size": 184,
"sample_type": "Binary/None",
"sha1": "01dfeb4725154def9acaf9c32e80aaa12e5a97c9",
"sha256": "d1f37b4ce125953a06e3058c814cdc27aba9211d25d6a71e12d02eef9f62c904"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "johab.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "e41dd224e89d72bce3b3d3a318aa828c",
"sample_size": 1104,
"sample_type": "Binary/None",
"sha1": "fcc0db20bf4c409db9772a100ddd0f3d14f8e2eb",
"sha256": "3db078ff2db3c9a01210fc661da3ae243716e0c0d0552155d58e65fcbf006229"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "byext.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "54d7a66d9188a7bfdf9e62c606157718",
"sample_size": 4080,
"sample_type": "Binary/None",
"sha1": "aba8de50d4f12b2bddea40100a1026e6bb0b8d9a",
"sha256": "eea1183a9e4aa8b778bcbb5f75b8c37cf135521bce0f9b33d322d9450f14fcb0"
},
{
"classification": "MALICIOUS",
"file_name": "LICENSE.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",
"md5": "d8cb21b989dcaec04d482206fa9fb421",
"sample_size": 32800,
"sample_type": "Binary/None",
"sha1": "8266fee0b58b113a8dac6b46455a56e2ae404595",
"sha256": "e7e4e65d7f2f19384587fb24a4c10159dce6fe1c9ec59849d1f3afa409488c55"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "binhex.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "ca4b3844535760a27da100aede9a0e58",
"sample_size": 15328,
"sample_type": "Binary/None",
"sha1": "9c87a2e994bb0650fdc367f08746dd812931445e",
"sha256": "28d3f039dcf2a39ee98318c25d60e03edcfd36958dea6d0959e55f4a7c86a1a4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "genericpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "9f472529d22005ce558619ef63e38ab8",
"sample_size": 5168,
"sample_type": "Binary/None",
"sha1": "cb1cb11f0218d7de0d11e6f90861f135ce8b2819",
"sha256": "897461d5740a62b5e7ca4ade205bc1d6a8381eca40bfae6f83d372b7f8ba1aee"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_threading_local.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "41640218095ca6a752bbd794c9cbe349",
"sample_size": 7504,
"sample_type": "Binary/None",
"sha1": "446aeb5562a1e1352c9e18ddab65f6858e5eaa44",
"sha256": "c7dc45bc8ecba584dc30496fbfeee7aeada0a4bb3f3caadcd558dbc22a500694"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "[Content_Types].xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp\\chocolatey\\chocoInstall",
"md5": "d9acc1eeb7e15c55607146459201ab97",
"sample_size": 976,
"sample_type": "Binary/None",
"sha1": "75cb2b18e787b105ac0041b8894b8e6e99859f43",
"sha256": "532a142e3d9307e3688e5652118cd8814a0f6facaed670847f3689eb412cdc10"
},
{
"classification": "MALICIOUS",
"file_name": "zipfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "2b29a8a1f34b339e6fcb553ad8191a9e",
"sample_size": 89968,
"sample_type": "Binary/None",
"sha1": "8bb635a6ca3492d490c8d86fd6a86de2af5f5926",
"sha256": "76b4e9f1e2a73fa512e35250ba1c3c63a35eef9a1094fb8156fcfc0a9153da1e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_weakrefset.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "4b742c0bfb6edf3e59c6ea38597953eb",
"sample_size": 6168,
"sample_type": "Binary/None",
"sha1": "3f57fd5a28d784e748106e495394becdf3545f51",
"sha256": "c4bdc0470c91a2dbbb0770e5379e150f10746eea8fc1cd1c415abc790d5d8f17"
},
{
"classification": "MALICIOUS",
"file_name": "config.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",
"md5": "6fe82253146058894de540a25888b94a",
"sample_size": 37368,
"sample_type": "Binary/None",
"sha1": "c654b8f56b0e368f37becba1be75ebcba26e8fad",
"sha256": "46ea30ed105a4dc71c6c27ee0c25053e85e4e8e71d473b60d40dd4b53406b6ab"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "codecs.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "5fb243f0c42b05f81bbde3a55252aab3",
"sample_size": 7072,
"sample_type": "Binary/None",
"sha1": "2c980d63a71ae937b5a357b0a7572bf784a7022d",
"sha256": "1c7320d69b1afc80299b4183136c5e17c895aa7215c50b9265a943dab644aab6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "contextvars.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "934851ebc01913a9a58825a1dbce3453",
"sample_size": 176,
"sample_type": "Binary/None",
"sha1": "bd0df87d8e15cd064a0d80440b2d9751c045f11f",
"sha256": "c2fe745455588b7e3ea8808f04c283dd1b85117518a17fa2b1b26873f5cc281a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp273.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "24a26996b1a680000ab163706c6da0df",
"sample_size": 14480,
"sample_type": "Binary/None",
"sha1": "2268d341ae93059238d139a55de23d15fadafc88",
"sha256": "7c39179ea290be8fc1f66ca017f310f589548db26459414be59f81cfbc538b40"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "code.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "1aaab50e4d41ff3ab12c7d9510281146",
"sample_size": 10976,
"sample_type": "Binary/None",
"sha1": "6e5674cd15494869945ee84756d4ed80da241310",
"sha256": "2a2e5b80d6ee44895473c2953916a6a23321c0f41994661030b2ff456bbb64b8"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "struct.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "190daeff86c2d5e9ac06f8f3904ead16",
"sample_size": 312,
"sample_type": "Binary/None",
"sha1": "000ec72c4a391923a783f17e032f37d4c31855c9",
"sha256": "0f1689036cf469de43ca9ae9795e9c586fd1caeb9c4e2c31ade1743aaf7ba458"
},
{
"classification": "MALICIOUS",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",
"md5": "1ddd6ecb9b38601388da1e6e4135483d",
"sample_size": 80864,
"sample_type": "Binary/None",
"sha1": "50a97eaf86bfc130f05e16ca5a31ed1676b846b2",
"sha256": "7bd8d6d7b9f28c7bbe84ba28d2b0cfb66c7b825949cfcaddff4d5d2dcf33b27d"
},
{
"classification": "MALICIOUS",
"file_name": "events.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "59463001814d83b298045c5ee3bf3d69",
"sample_size": 27288,
"sample_type": "Binary/None",
"sha1": "774820047565046fe863b411033b99a44bb88e6d",
"sha256": "bd9823b9ba4e78c3ad0989fb159ed705cf89b63f59465a71a93a385b671bb464"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp856.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "0ac1a66b464217f967e8bd3d9921fbb6",
"sample_size": 12768,
"sample_type": "Binary/None",
"sha1": "1f9b84c6cdcce5bc1e71666a68304033b572e0fa",
"sha256": "495520b3f68ca5dde3f7baea56696390b3e51c2b39b3c00ebf414f6be8964da0"
},
{
"classification": "MALICIOUS",
"file_name": "bdb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "a7b43d38668ea30b5edb9b28eaa4f643",
"sample_size": 32296,
"sample_type": "Binary/None",
"sha1": "0e317560bbbc511a96d7ddeb02027f8df67086dc",
"sha256": "5c67e764bee8233ffab5e2f96fb434e4610fbd0fbb9d4366e1a02f560f37fee5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "signal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "a46b567feb508e26cc34a89a0c97d259",
"sample_size": 2568,
"sample_type": "Binary/None",
"sha1": "37d9378cc0fde172945a0be6f08c2641ae63e573",
"sha256": "29fe343ef3fc3d2fbe115371c0110296c63a5cb40d499d3e45165e3d734b3bb2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "bitset.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "b76d21dfebaa559eb2bced70de50981e",
"sample_size": 528,
"sample_type": "Binary/None",
"sha1": "275db74666c8960fc1efd3adbd2bc391533de63a",
"sha256": "e37fb4860f77c12e533feb8fa0740f2a742407903586856442218540562e16b5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "wintypes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"md5": "4c1fb4c78069f7ca75708beba376433b",
"sample_size": 5872,
"sample_type": "Binary/None",
"sha1": "21752240c8ec2c2be789c6a3abeeb88a7bdde4fa",
"sha256": "732ccc4ad60fac08e350960d69ff4fea075f4f0d90675377aceb9b48b1c5621d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_sundry.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ffc3cf965a5edb79e6f5ca4276d515d1",
"sample_size": 2224,
"sample_type": "Binary/None",
"sha1": "b58dec1ebbd22095783363c6597345c559989f7f",
"sha256": "05171557c4ab3b11e1ff3d52d09375869bf56374400ff103bb66b45954088709"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ascii.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"md5": "e909c04768e395db5ae037f825ae01f9",
"sample_size": 2688,
"sample_type": "Binary/None",
"sha1": "57aef8c64cda98662cb69db48f85405c836b5788",
"sha256": "6ae5768a4b9d76fda58959222e364134cfd07a0d686820e0829d6dc5622d2fe7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "futures.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "85d092ab94f19a5a0deaeafb617abc13",
"sample_size": 14504,
"sample_type": "Binary/None",
"sha1": "38f890578c76972df80f653eb92d62f83f5ea5a1",
"sha256": "d71b244aabe2c465790138c9f3d6eb0580501f758d3d848b3495bd1c169f27bf"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_spwd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "dbdf0d00e3bbd597a2f2e241fc24b66b",
"sample_size": 2888,
"sample_type": "Binary/None",
"sha1": "d56d43f625d72d12a9eccb5b4c9b94aa67541774",
"sha256": "c54de1f777b81d6bd90290d52b809c24973f73897526125a5dbee7fc9a995281"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"md5": "b016764f240d4dbbefd915e4482234a5",
"sample_size": 6920,
"sample_type": "Binary/None",
"sha1": "7e7ed3aff20570ce660babd67d617e32370a2f4d",
"sha256": "de34fd6a203ca9b97a82ca775ca290ef2c4a5dd0078979917954caf02ff13144"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ann_module6.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "f00b13a488f40087518472725bf9c81e",
"sample_size": 184,
"sample_type": "Binary/None",
"sha1": "cd56f2a1aae4de7534de6cdedbbcde69d2a2c925",
"sha256": "33d3244a39ece9210297c735f2413433f4a42d281a94b6b232be519fe92ebd8e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "dumb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"md5": "f269c5230683af15be562a7e7db43fd5",
"sample_size": 11896,
"sample_type": "Binary/None",
"sha1": "a23d351117c3cab7f636d88e7516c55ddadd826d",
"sha256": "ff38adcec95b89fc8d93e25fa16b7c6349deadecedfbe234fdffd618630d98a6"
},
{
"classification": "MALICIOUS",
"file_name": "cp861.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "f6093bcfd3b416cf8c419eb35ee14bf3",
"sample_size": 35368,
"sample_type": "Binary/None",
"sha1": "35b6cb8cd27a0097de1b4fe67fbf9bfbea3b6c02",
"sha256": "5309df2b47d16cdcc14e596d5ac96592ae15ae4c14e866e9d7ecb2dfc04a0efe"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pystrtod.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "bbf098a0e33cc94149273822fb7de061",
"sample_size": 1568,
"sample_type": "Binary/None",
"sha1": "8dcaf4772b692e246cfce7836c0c71d25aef1c51",
"sha256": "8392fc0ad9bdc99c128d96d63bac403b236af3371b4c9877b4bff9accd41a95a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_repl.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "dc31304b545ad20afdc3af46179c3aa6",
"sample_size": 4200,
"sample_type": "Binary/None",
"sha1": "157c758977c97a43b4348f317d9666b06b287948",
"sha256": "6caa14c10d4fb843f28ba94928dca36282c67c3937691bbf769a9fc7b3244878"
},
{
"classification": "MALICIOUS",
"file_name": "test_posix.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "1bdbc5c481209ae486a60ce2f8012d8f",
"sample_size": 89424,
"sample_type": "Binary/None",
"sha1": "c4b31b62121c4f4e4dae5dce96fecae76c85bc5b",
"sha256": "54ae76243c0f7431d453ca5d18b122dfd73b8e49bafb0131bdf49b6ffe18cd52"
},
{
"classification": "MALICIOUS",
"file_name": "tix.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",
"md5": "feddf2c4c15e4c09e3117dc9dd201c09",
"sample_size": 78824,
"sample_type": "Binary/None",
"sha1": "04bb32400fe2369589c6e3e033063afba428c780",
"sha256": "6d196f5b8d9ef4e9a09eafe860cb38965e105c4eeb77568614306ed5d3244068"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "337840b970c29645487a73f670020887",
"sample_size": 15304,
"sample_type": "Binary/None",
"sha1": "26022da188bb90c1924d1fdcf1c5a70fad2f8ef0",
"sha256": "22a054679ab697b0b5e8b9c79c7594c6c779165074dfefc3e0f6c90ec6f23092"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "tool.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"md5": "5ad09c48dc1db0a8c1a90da83454d888",
"sample_size": 3464,
"sample_type": "Binary/None",
"sha1": "9ae54581b7244a689bb6229014b16c9bdce6df16",
"sha256": "78ab6b59dd530605aa9ba16fd769ca644fdd059eabf3f19cd53968925f0b8c91"
},
{
"classification": "MALICIOUS",
"file_name": "enum.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "b1383138ac56ba612596e5df33c68a86",
"sample_size": 40528,
"sample_type": "Binary/None",
"sha1": "45fb8c381618ceebb9129ac5e462439558370f16",
"sha256": "5a5c9f0514363a94f3d8f20af59706708078a6293889c058a77bf3ee5f44618b"
},
{
"classification": "MALICIOUS",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"md5": "64b9f4fb28d839568a4fd72d71ddd794",
"sample_size": 18112,
"sample_type": "Binary/None",
"sha1": "c1e77bec85d534f59b001d81506c5bc4dc6281a4",
"sha256": "f6f463a153617d469aee14dc14b11e312f6d3b357777923ad90f250be7c3adf9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "CREDITS.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "8c917479ea47c1991167cacefde059a0",
"sample_size": 1944,
"sample_type": "Binary/None",
"sha1": "be8235b3dd79ccee15318624d2c07fd80c10f2d4",
"sha256": "159b5de20fb0f254ed9f92774c8a44fae4889feaa2e51999e13f25c42d1b5c96"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "keycert3.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ffe774a123fd79ec08922f062ca587d6",
"sample_size": 9656,
"sample_type": "Binary/None",
"sha1": "cc317770f58bdf370b8697d076556a38aa40e0ff",
"sha256": "d38888c71c7942a9a160e5fe6b02c693fb07d2b3ffcf069be0b219890e958a22"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pymacconfig.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "e2bd7d1477449a1bb55fe3dc0b1b5560",
"sample_size": 3128,
"sample_type": "Binary/None",
"sha1": "a35c6c625d62491f57ee7fa8ee9c207abd1946a2",
"sha256": "d3e590beece30b98e342f1d5b0406a130c589ed0637a352ad05229a4306f4f60"
},
{
"classification": "MALICIOUS",
"file_name": "test_queue.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "927a18db1c158d22b73563688806ea40",
"sample_size": 21592,
"sample_type": "Binary/None",
"sha1": "1a774cae748d48038ed205dd899112775afb6713",
"sha256": "15d998a273f4a16a5b8245204080b080056627e4bb95805a9db3690950b556dc"
},
{
"classification": "MALICIOUS",
"file_name": "_pydecimal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "930d15c6adbf23ac6cfee4c932c50eec",
"sample_size": 235120,
"sample_type": "Binary/None",
"sha1": "58e09924e6a25ed7a2e1da5f9fcabd9e1fad016c",
"sha256": "376119b6517ad0e306e81ebcb84a77082be17b1679706e335abb8321e01d6649"
},
{
"classification": "MALICIOUS",
"file_name": "pickletools.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "bd03dffb3b03644d76b3c518893acd60",
"sample_size": 96416,
"sample_type": "Binary/None",
"sha1": "2c5372c89bfda5fda3f46a94e3d4e38c57c162f3",
"sha256": "1cb0e57c82cb6215a4a23ac7063fca5ce7d79465003d82f8c2f9e037a3ea26f7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "error.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",
"md5": "03ce90cbb6abb07359ca68e09f170797",
"sample_size": 2752,
"sample_type": "Binary/None",
"sha1": "6e5b80fde7a2c1ba20201e9f454519c8ed13779c",
"sha256": "237afe68b02727991c0e45553aaa737404db2bfdbfd64ccdc83097ecd253eac8"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_quopri.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3bc4af4b0409c56bd25a68b2078aaaa2",
"sample_size": 8216,
"sample_type": "Binary/None",
"sha1": "19f77efb1930425363d1dddfd00ebe7ec357d9ef",
"sha256": "6ed7135699d36893f5be2f9e8bbd4dd1aa202782314c6fa202ab4b1c65fe8386"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "decimal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "dd01e7dc9cddbacefc3a292b1b843b22",
"sample_size": 368,
"sample_type": "Binary/None",
"sha1": "5b5d5d486169b4144c14ab0222ced4bd6951dd96",
"sha256": "470072198b11bdd708364ac0598b1dc5bd3844adcaafad731ed5e4c654fb9f5f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "chrome_shutdown_ms.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"md5": "ba895b335096ce366200354a1a81c8d1",
"sample_size": 48,
"sample_type": "Binary/None",
"sha1": "76685e4e5e99df3286102e7fa655ec7bad99a60e",
"sha256": "587576197204b771134784a0892404392e6c60831349984f49baee171062ff56"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "smelly.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "c2b9a9d6e69c086736269a9948fe1691",
"sample_size": 2352,
"sample_type": "Binary/None",
"sha1": "7c2deb8c68b25bec01965f4876422c9a9ec6d306",
"sha256": "7eb6ff7d417c9c943bde38678fea129962107329f8d1c3da16cfed55fd1fb548"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "suite.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "4947bc91e903ecfd922120ea98b0bbc8",
"sample_size": 13928,
"sample_type": "Binary/None",
"sha1": "9e6096d47c6e047e9197e61aa8da6b1078dd8f11",
"sha256": "f033a73835d523ad7cbe3c6fa5eda7cd174e3d9892dbd7f945c8c22a7e7f18fc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "regrtest.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c2345212f4465742100e3177e03da30a",
"sample_size": 1384,
"sample_type": "Binary/None",
"sha1": "4edaae39ddd15351ca401e2d311340f2e931abb3",
"sha256": "62948c55718ef8038ff4ac4f3b9127c3fb2613552d2744ddeda0cdf2def43754"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "this.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "042ace1bbf7c313a60c7f9114fe02441",
"sample_size": 1072,
"sample_type": "Binary/None",
"sha1": "55e67420344d2034e986c3d89025722f5830309e",
"sha256": "84f2abdb9c477031791998b343ff4e545c2fce63b35737c1a0f99f0d15bb77e5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "text.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"md5": "e77a92895fab71d5aa844da820a941bb",
"sample_size": 9184,
"sample_type": "Binary/None",
"sha1": "328d7b4aad7c8800a6e1909f83ef8b58050aa9d0",
"sha256": "b4ba31c1730f7273deacbb2afce7753eff2bf420b455bcbdf21fb8048e4fdeb3"
},
{
"classification": "MALICIOUS",
"file_name": "test_string.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "85f131d9350a9fb3a585daf6979b89eb",
"sample_size": 20792,
"sample_type": "Binary/None",
"sha1": "39291c5865a8752863bb50975dd17545a349672a",
"sha256": "98a89581cbe3748680c819714f5884d7b2976840a2ee769c455df68a78b1a586"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1253.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "ea3c190a27fb5cdf5fc4f94822ef6d4d",
"sample_size": 13440,
"sample_type": "Binary/None",
"sha1": "f813f41277a5c02c9a0fa03a453299a5fbee1dcf",
"sha256": "dd457cb3606dffa13aac5a123e23e93dace1231ec683220480b7dde4db63e2af"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "opcode.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "f638cc0ece4b3fbeb03c732e1d3eabf9",
"sample_size": 5920,
"sample_type": "Binary/None",
"sha1": "6a5007059f0b502ca458b0a7ebbfb29132c608ec",
"sha256": "5bbcb2646ec9fcdb4891be9c425e68d2d8a7ebded357dedf0af129bd93673a03"
},
{
"classification": "MALICIOUS",
"file_name": "pydoc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "2d777d7544fcc4758c0160400cba9a6e",
"sample_size": 112480,
"sample_type": "Binary/None",
"sha1": "b8d9c8d4e48d8a83593d7166a969aea098e08758",
"sha256": "244b34c6e85060245e970e540b55927563e9158ab17eac629ac8fe0b7d1f2232"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\venv",
"md5": "d5eca958afcd6eb523c943367557bd1c",
"sample_size": 192,
"sample_type": "Binary/None",
"sha1": "5f8fdf4ad2d624fd53306bd321496578d9089c33",
"sha256": "fca300fa39032028342d7e8610e27d77595fc0542506a8b3baaac4b3f8796c24"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "spawn.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"md5": "8147403e9147e57c4972ccbd0d7c3b74",
"sample_size": 4832,
"sample_type": "Binary/None",
"sha1": "5b108c51ffbde4acf63cb113167ae29ea9e78e4e",
"sha256": "f3fd06bb77707bd47d48073388f8fd8fc7a8be9c0274304e796d6fc8c7c9e055"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "a85276be7c5fdd33ca1fcfb2610355cc.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig",
"md5": "c3efef4c1f9d9f8511fda0f5b593ce83",
"sample_size": 2168,
"sample_type": "Binary/None",
"sha1": "401b373a4896aa3746d00f38cdfd8d4637e0144a",
"sha256": "2885502415cc30c28d97063740aa3d5920c3c2af8a11f8cfb877c444e5711176"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "mainmenu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "9d82d8a91bd61202cdf1b786fb0479f3",
"sample_size": 4096,
"sample_type": "Binary/None",
"sha1": "bafe6e5e67b39071f5cf62932f88ce635f7759e8",
"sha256": "64b5a9659b383a31369472170faf4818849a73b1f13c622bf8faceeb913d1981"
},
{
"classification": "MALICIOUS",
"file_name": "pyconfig.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "33a8fdec3a1a66ae95b973efa8d9d63b",
"sample_size": 21008,
"sample_type": "Binary/None",
"sha1": "ef86f9810b0918869d49b279645f55b11574f76f",
"sha256": "a48fed147b7fee6d8d70aed9397558dcd8407ad1654a3f060a400c8fc4e6e100"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_fcntl.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "550cbd6e02d4065a0472ad34218aec86",
"sample_size": 6880,
"sample_type": "Binary/None",
"sha1": "940bfcacc097edea1e988b4f47b4c2c1233539d4",
"sha256": "f808fdd26d671b9505102dd391339ed960b3b6b22ef4a84dc230a4925547d2bb"
},
{
"classification": "MALICIOUS",
"file_name": "test_pprint.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "771ce1ebbb3291563d545f9f3effc56a",
"sample_size": 47552,
"sample_type": "Binary/None",
"sha1": "25920eec6acb3f183a45248797263216032e44d0",
"sha256": "5f651c91746ae05c49cd3c4dabc98104fd62cafe6dc45d64358c09af323ceaf9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_bootlocale.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "8ae49f651d1317e43c213589da3ea64c",
"sample_size": 1888,
"sample_type": "Binary/None",
"sha1": "30b9c9d45918f5ca4174b0159142e03d891da4a2",
"sha256": "6ea0db068df4788a7c1110db4181d324ea39aecd70a0b1a645ce4076a6430a71"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pymem.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"md5": "20bec4519cf7a6e98829d42113c53dd0",
"sample_size": 3656,
"sample_type": "Binary/None",
"sha1": "36134d8a1bb9b8d132654ff18fd1f8790f40b70c",
"sha256": "29707826d9ee7e74aa2143a2bed537854e4ed22c8e7ac922e40d138d7beb0580"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1250.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "0b82e8e23793591da8a8299800d98f28",
"sample_size": 14032,
"sample_type": "Binary/None",
"sha1": "94ded9449ed184f4f8a3f96b7777d073a9e085c6",
"sha256": "c70dc57f57fd1963eba95a3f28573bb6a537144568e9feef8a270244e4accf52"
},
{
"classification": "MALICIOUS",
"file_name": "test_locale.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "8ae1592ed2d18ce5ef59b402977c9a9b",
"sample_size": 25072,
"sample_type": "Binary/None",
"sha1": "db650e3470c1f81d6536394b5bae5b2e6b9846a3",
"sha256": "475437ae07b4e7a045d0a8c7dc9faefa0bb6c38002ed02d893c113f4bc01c4e5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "response.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",
"md5": "2d93aaa1a2636338d8c3210f8082fcf0",
"sample_size": 2488,
"sample_type": "Binary/None",
"sha1": "5cc3a6e08be16fa2f7496736c90771675f1c9245",
"sha256": "5b171dc41062c48e6c11b9282a94f5734e4ba5c574ce98e4cab62709c37cfef0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "OneDriveMedTile.scale-200.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "42f8edca65111b7bf42a7c0418f1960f",
"sample_size": 1432,
"sample_type": "Binary/None",
"sha1": "9e25c9b504e5abe9bc53003ce9972468d69afb6a",
"sha256": "4d0968d18e2b10db136b8688f00321f5fdcda43089da8dab267d133a8e652f60"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_syslog.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "060e249be28cc6752f72e0ce91809448",
"sample_size": 1256,
"sample_type": "Binary/None",
"sha1": "cbbb695706ab16df21fc3b394c4d33e5bab76a48",
"sha256": "f86c3d7c527b8938fb19bd9d5e0925a9ec343cb280575d166d90b15cc2a891d2"
},
{
"classification": "MALICIOUS",
"file_name": "test_urllib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "65a851d4260f24398066e994924a9b2a",
"sample_size": 73336,
"sample_type": "Binary/None",
"sha1": "81c564fa8765066b1c47ee450e463034663954cb",
"sha256": "ec8dd435affa35c572a49e99290476a7e56f0815a15f3f0b8338b77e63b1adaa"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "runners.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "ac13ee2570c6013ceccdda9abc2b88b5",
"sample_size": 2240,
"sample_type": "Binary/None",
"sha1": "083cc9893f6aa11b0856a17d8a00c4fcbde76caa",
"sha256": "cc2570f523ac6fd49b6998ba20cd1887b2b84721adc07410c3cfeb58652845b3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pygram.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"md5": "77b36060181e133f44696ca7645ffe23",
"sample_size": 1392,
"sample_type": "Binary/None",
"sha1": "f3994b1b8f40039090b4f2af8122dace0c772e61",
"sha256": "a1ff8806f4b7f216df9386c36e02a865f92a8bd9c474993a2752b4336964594c"
},
{
"classification": "MALICIOUS",
"file_name": "test_set.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "efb681b55c3675e6c463b2f0c028aa98",
"sample_size": 73976,
"sample_type": "Binary/None",
"sha1": "36fcb2aa1201e4e99287778508a1d7ca4b01c447",
"sha256": "d27f621aec2c85bd9fb307ba6617163da091086411cbff1fc0d4aae9cd1aaaf8"
},
{
"classification": "MALICIOUS",
"file_name": "DefaultLayouts.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
"md5": "1b788da41d97ffd566055e304bc3971d",
"sample_size": 117984,
"sample_type": "Binary/None",
"sha1": "8438e0b406eb98b131e0d361415f5f5b98eb0e73",
"sha256": "8526fdd76e1dd266b18234e3ce0c586454999a276950495b06f4d4d25fce5ee5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_kqueue.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3a0d6a1aac28067fba90ade5e2a5b68e",
"sample_size": 9264,
"sample_type": "Binary/None",
"sha1": "52deae9ed7a0a989719c83cf176615fcd35d20e9",
"sha256": "c96e107ab74b65bac24510a8d11547a3e23e06ccbda1d34ba74489c486623cf1"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_sndhdr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "7bf24847fbf6186b5a98d8dddc3daad2",
"sample_size": 1536,
"sample_type": "Binary/None",
"sha1": "515b8be6afc598e5567926fc1907826acbfdf3d5",
"sha256": "0b285d6ad485feccb9157243743d9ba98c64857d14d614a764905ee321bc9d2e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "hmac.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "3673598e614bb6ac5dd3931ae954b02a",
"sample_size": 7248,
"sample_type": "Binary/None",
"sha1": "1e9f0e80884f28baa7904ec3802d77bef62aa489",
"sha256": "14f25585d5050d9b8e307144746ae4cc7f958bf4e41fdecdb6dd8822fa55efcd"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom",
"md5": "de647e7d039280e5a684db0206334dbf",
"sample_size": 4200,
"sample_type": "Binary/None",
"sha1": "b184b4a792c2e08bdb742b24b924036bea1813f7",
"sha256": "a8c5f4e1c3cb194565d3f0028e7d4c11a814c58f19cb42b42cccfac002c96600"
},
{
"classification": "MALICIOUS",
"file_name": "cp855.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "22619b7935e66eddeb15ff57c7be3d63",
"sample_size": 34592,
"sample_type": "Binary/None",
"sha1": "26026537a6d2227d774de7566bd94880ffb8ae32",
"sha256": "c0c9242d54b5baa1a5dee32d97c0686e439564ad82622ed367aaee55ebb1d9a5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "symtable.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "8542a1beabcca630524b175ba38264b1",
"sample_size": 8200,
"sample_type": "Binary/None",
"sha1": "87b25dc170137b6f517f1f2018441bb768a26d99",
"sha256": "c133200e4f37d54bfd6a51552646682d3a7871aa8954fce3c99212b0b5f952ef"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "nokia.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b8b9a116a89a043ce5b68215255d5453",
"sample_size": 1992,
"sample_type": "Binary/None",
"sha1": "6f0cdf96642bf3c814ce0fd801e62d0fc7f451c5",
"sha256": "46821058954c52dff709fc5bb6217ada5ea4da2baa7e4e4c38e86328f04d6706"
},
{
"classification": "MALICIOUS",
"file_name": "subprocess.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "905e745c43cbaa066658899ef520679f",
"sample_size": 84768,
"sample_type": "Binary/None",
"sha1": "705323ffb97cc3a2061cb538193dca3f81d290b5",
"sha256": "c5575e1f4715a3c5fddbe74dd41b8e1461ef2f38f6874fa9a7aedbfa3f967bb5"
},
{
"classification": "MALICIOUS",
"file_name": "test_winreg.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "4b276055548553d4a32662713ad5acf2",
"sample_size": 22312,
"sample_type": "Binary/None",
"sha1": "74ea531e2981a19d73ffd69b25752dcbe74f02f5",
"sha256": "07c64ea9a006f38621acba80691e43e2541d601c143051a47c386a2bd52b99d0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "nim.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",
"md5": "6c13fda54c749a3c47b0dc224c15a82c",
"sample_size": 6776,
"sample_type": "Binary/None",
"sha1": "3d32988f254872b26b3c8edeaca7a761e57f9011",
"sha256": "f3f239e493b0b6f14b138a8318fc1c3bf37f9c533e2c027f58eb749d56b4200d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "crlf.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "9247b53422c28a808f2cba8b86378512",
"sample_size": 696,
"sample_type": "Binary/None",
"sha1": "0c2cb3c53a822b3a8289a3b92c37a025ee02030c",
"sha256": "2659b04dab901f9ec04b6d699e99a7c178a21cace2771a804d689db287d31b32"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "rpython.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "eb67d6c60d4e6dcd4136b2470fe1ce81",
"sample_size": 888,
"sample_type": "Binary/None",
"sha1": "ab8009952a67a55f3847d87d7dcfa5e6dc9c0a73",
"sha256": "f6fbf846e11b8dd431339648bcc9786eefe52094b6c27beeac82fd8b2ed19ddc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "encoder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"md5": "46286a6a6bfa0f07fdc426d2e494e465",
"sample_size": 16552,
"sample_type": "Binary/None",
"sha1": "b0cab5d7fa833d0fa8162bfb8f8ad4e90c6ced05",
"sha256": "e5da3ca80d0c5909b37531343b9500b582e1691b83ff1ac9783aea08b54d1097"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_sqlite.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "78dfdccf37ed1daeee18c259d636dfb6",
"sample_size": 1016,
"sample_type": "Binary/None",
"sha1": "992760e459d8c2f8cc5e9112fdb45a1ca969ea09",
"sha256": "d0e15eda514a3a5dbf2c0b16f22d0a542727877b5743f5e328ccea63dcb3508d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"md5": "6c1113ffd746261104eba4c76d46e903",
"sample_size": 18520,
"sample_type": "Binary/None",
"sha1": "1840494051a10b49b93da1cd081081ae5ef0c20a",
"sha256": "084077af713192f39d93357e1fda3c12ecfdf945b9cb97ad47c10862d4648667"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "coding20731.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "14a59ba98833a9250888a0c4263f447a",
"sample_size": 64,
"sample_type": "Binary/None",
"sha1": "da43cc9e8bf359504110032946c23f934d6c4503",
"sha256": "dc8dafc47b64f62ebe0f8a51a66e768b2a5b2223c200aa2b1378568d44e11747"
},
{
"classification": "MALICIOUS",
"file_name": "typing.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "955c72d24463a2f53e126fb9aa61a901",
"sample_size": 79344,
"sample_type": "Binary/None",
"sha1": "c54201d52c68480f7358a5c660db217e9f0e9ee4",
"sha256": "c560a2552f59f7a0d82ea4fc270258d276a4f64e3186dd51c0ed2563a723230a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "history.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "7286c5497e47bc484aff4818bf5ded77",
"sample_size": 4192,
"sample_type": "Binary/None",
"sha1": "d238cc9e5489e8886b8213392aca270573a85d21",
"sha256": "79534496e5d85b1f3f162889900d2a54719f0527f4493c87462471add16b185d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp720.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "6dd12ba7b4f67450099b1e8edd7577c3",
"sample_size": 14032,
"sample_type": "Binary/None",
"sha1": "eea745ee93eaf20ced689b250fc86437cdcf6b0c",
"sha256": "2f91028c5cf7cb96e16bc75a33214a686b84074254ce8500d90fd3f3f9ed1183"
},
{
"classification": "MALICIOUS",
"file_name": "tempfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "036d2399f06258baa1ce8b2671005acf",
"sample_size": 28552,
"sample_type": "Binary/None",
"sha1": "ee89dee5fccfcdbc647b5b535ef9c68130a041d6",
"sha256": "f68583e4da88322ba94e420474c42cf1191dc239b7028603566d4e53ac074458"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "relimport.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "007c21713f69ddb783d658201eefaabc",
"sample_size": 72,
"sample_type": "Binary/None",
"sha1": "b99e800ea448ecd10775ae66a34ca09580501b8a",
"sha256": "7932a7c3e0e65440dd417d274aff997e45e705b5935026417b6cccb586508493"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ptags.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "98b325981eb867fc2f64d6e74f5a244c",
"sample_size": 1408,
"sample_type": "Binary/None",
"sha1": "bbcb205b49347a62e93abf078586901ff83c9c05",
"sha256": "9c0d455c98a979431abd956fc6247f56400e1b0dc613e15f555fc207bd569a79"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_unpack.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "6b061fc62bc15d5d2f55fc7e9fdf93e8",
"sample_size": 3280,
"sample_type": "Binary/None",
"sha1": "01908b88800cfbec6a2b28481eca324adda197a5",
"sha256": "d01a41ec6a8acb7bded8a710afb56deeb415276fb5d693920d6ded22ffc5be75"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "secp384r1.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "70122c74599fb634efef7ae84aaef6ae",
"sample_size": 304,
"sample_type": "Binary/None",
"sha1": "10782fd734b3497878ca40d208762465fa459e99",
"sha256": "eed31ce91e2bcbbc26f190ef81f0693c41e0edfeea23ab25c223abe39bd2216b"
},
{
"classification": "MALICIOUS",
"file_name": "pkgutil.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "6f03dff662d3b9a530e7af42e8eb5466",
"sample_size": 25024,
"sample_type": "Binary/None",
"sha1": "1878a91ce469207044ffa963fd8b6bffa77e8233",
"sha256": "29ee1b14f3fae319826709f96c2854ddf71138fc3692b5eec88b04b8318dcad2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "main.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"md5": "e2dfc5db2eaf9fc87d343bfd47bf0800",
"sample_size": 12168,
"sample_type": "Binary/None",
"sha1": "c69e7b1d6132e7c3231dd4f9c081f2cbcb5daa90",
"sha256": "53d032b8a4907b8e95cd0030b7c591ba21aa5575132702129f472d740227ccfe"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "errors.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "5b9d9ada59d2b7729bfcdecdef9f9881",
"sample_size": 3800,
"sample_type": "Binary/None",
"sha1": "02f57b868f83782275c5cbc3599d93d689e8267a",
"sha256": "6525423da1edf825c94d14034d1c071d410c46b192209bd7fcef302f9585bd14"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "6526086852568a34bb5fc3d8ebe13b1d",
"sample_size": 3512,
"sample_type": "Binary/None",
"sha1": "3a369ac1c78bd08eb48daee7d0539eebed3a1b78",
"sha256": "3016fa4544ed5d5f87a331e0e4f00ef4461a4575d42b0168ff6610fdc88176b0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_code.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3aca1ca4f16065ec950092503b09de81",
"sample_size": 13256,
"sample_type": "Binary/None",
"sha1": "23d6c6a504aaf72ff430b7744ead5ce856d96fe1",
"sha256": "a64228798e7755e65b65da5f7b9c661d85e964288f619b4314a66a2d48b5a8ef"
},
{
"classification": "MALICIOUS",
"file_name": "dist.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"md5": "6c50004cb74f64ba2acd7684fdf2a5ec",
"sample_size": 51680,
"sample_type": "Binary/None",
"sha1": "c85655e16e98ea642bee486fb7ddbbd6da07da4c",
"sha256": "059a46200565b849c4cd778860a52349709ee52687be78ca78732f8137fb83b3"
},
{
"classification": "MALICIOUS",
"file_name": "smtplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "3c54a04ad405c4d352649d40096ebb1e",
"sample_size": 46584,
"sample_type": "Binary/None",
"sha1": "66e8ad136b191c571708c512140368f0e0f12192",
"sha256": "bb50d47777609ddf4c60fd376448f4ae59cb7f1f511d37ecc0a9648bbd3cea86"
},
{
"classification": "MALICIOUS",
"file_name": "cookiejar.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"md5": "be7e8f5e5b9270049f8c5cc2b685de5e",
"sample_size": 78992,
"sample_type": "Binary/None",
"sha1": "c4dc537dee3c90b766fc79f1deab044b55f49f4d",
"sha256": "ba177f6abf32316d1ab683a21ad437107eff6946a057be369dace69c6e84e917"
},
{
"classification": "MALICIOUS",
"file_name": "test_capi.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "8f614c250d7f2ed27f78a7b549af0ebf",
"sample_size": 38776,
"sample_type": "Binary/None",
"sha1": "1fe13d4d2370da15f79d963c060a38fb1a5645d1",
"sha256": "1d17b6fbdd29fbb88245b3938cbddc9b45cb96f6b03897dad2c52c1ab974c0ce"
},
{
"classification": "MALICIOUS",
"file_name": "test_with.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "faca21e67fb51fb35774b99dcf65175b",
"sample_size": 27408,
"sample_type": "Binary/None",
"sha1": "c1349f2eb8fa0743eadab0da81d4374e9d517102",
"sha256": "9fd0764e4619d282dc1e99049042ec89975b23ae0c4dee981c51dea147694a3a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "eptags.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "f8de45c97a5591dc9bd1b8d408047da1",
"sample_size": 1680,
"sample_type": "Binary/None",
"sha1": "41143218f16d6284ca4d7b8d7a21ed5fff9cf949",
"sha256": "212190de75af852266135aac6c4f91ac53e90930a71fa3afaec798d4dceb0587"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "rpythond.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "536013a65b9700c0d743bbdb302d00cc",
"sample_size": 1424,
"sample_type": "Binary/None",
"sha1": "15add61c73284c86e68eeb5115129b862797e3ee",
"sha256": "68a6de19444e81c045a8111383c46ea9827fb72f4959c5e95f57f4b17cb5c553"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "saxutils.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\sax",
"md5": "9377de7b99379e9c17edd9daaa1fa502",
"sample_size": 12664,
"sample_type": "Binary/None",
"sha1": "2b55c5802ac869c1c01207b8d53a8f907036f563",
"sha256": "594f4b9586989973c35b6b8090f75a54df112d5263fac0faba7e09055a912dfb"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "enumobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "e58dd9b41592ed3b9901223f6e326a6a",
"sample_size": 312,
"sample_type": "Binary/None",
"sha1": "6a126f0e6f472eb527da53cd57911c0780a42a76",
"sha256": "b548967e73244f954608d3cad184f2c726b463db12c111a7de88f3eb875abcef"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "typeslots.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "0204f21f79dafe1b925a5d0d9cab03ed",
"sample_size": 2480,
"sample_type": "Binary/None",
"sha1": "2bf262413368a312fcaac3f493b683558230d15e",
"sha256": "23436f8a2251431b0a1e97bd5c309d8f622b2495114d202b92c1361b218084f2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "dictobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "88a4bc235c0800f0fd24c12c28c57e83",
"sample_size": 3848,
"sample_type": "Binary/None",
"sha1": "2ed0fc3c3a874a59032685ca0aaea1693c902555",
"sha256": "0598f61729af1bab474c11c259c63abdbbc20bd176a085ed8eb7f396302a0e56"
},
{
"classification": "MALICIOUS",
"file_name": "test_long.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "2a6fda1296f2515355a4cbb607866270",
"sample_size": 56104,
"sample_type": "Binary/None",
"sha1": "50bd867fb2798e7719ba58f68a9433821cd0fdf7",
"sha256": "d81405635b2eaba0e22b13752f732309de1f7b84a3b2ded92622177cef5d003e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "rangeobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "6c5522995d346928e1d88ecc23e7d3ae",
"sample_size": 696,
"sample_type": "Binary/None",
"sha1": "7b167683321dc530749d4c3939a005a80a99a931",
"sha256": "2afbfdaccdeefd988e0e1e0fa5ee5a76f1f62eece18441b51272cb605796e7ce"
},
{
"classification": "MALICIOUS",
"file_name": "test_random.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "4ac6a48b6ad3620e34457f6bb91ab682",
"sample_size": 54104,
"sample_type": "Binary/None",
"sha1": "d14731b3fe53a215b35576aca68dc3692b3b072c",
"sha256": "05656449601c282c77c8a0de0d0a546605541c95164da113b00ba499f233f5f6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "antigravity.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "0ae28f49543a65694bef01b74840a8b7",
"sample_size": 560,
"sample_type": "Binary/None",
"sha1": "143b9441b2449039612b4b19206a7064571d3a02",
"sha256": "817a14e28aff90509809f93d6b71e836a21b216653fbfbc3591e2720446c6954"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "threads.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "50d1e85d713ce25be803217e233405cd",
"sample_size": 856,
"sample_type": "Binary/None",
"sha1": "0695e083e266a43d5fdf0e024d94b120e6cc7f0f",
"sha256": "70748378b2ccf3184e2f8578f75bf344b05ad0fd9552a43eee93134256ef80c1"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ann_module3.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "8c6cc0bb9cd23bd8ffce7bae8b3e25ed",
"sample_size": 504,
"sample_type": "Binary/None",
"sha1": "3a43d397d420f7924e3148709e9e48a53be96321",
"sha256": "dd7f4e047e05b9b6c799338d2b19d2fb14e53433ae79d4f7f46fb50dacb4c9b4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "tupleobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "69f13ec570dc450c70cf24ce0ebabd36",
"sample_size": 1704,
"sample_type": "Binary/None",
"sha1": "0086bb4864e36ba8dbae02b0846ed53a0408dce9",
"sha256": "5792f42ff251b16e2aaac505342e4e917029ed45294366d9c9359b282c7e0e04"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "nm2def.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "f6d6500f17a03523c3dda3cbb93a9d20",
"sample_size": 2624,
"sample_type": "Binary/None",
"sha1": "b43dc17f5df62cdc359578dd75db97f1de7e2286",
"sha256": "cfa8e3f004d369d85714b10e71ebb1e544c1619e6d84c9988afadcdbb91ef243"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp037.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "1d2fe9de34a75e22c14ef5746fc5b3a5",
"sample_size": 13472,
"sample_type": "Binary/None",
"sha1": "00d68dea9d9268a1e0121febaec3bd5168b80ebb",
"sha256": "6fcc7e00e6f54bce95f5792645cd8f3e366c172f0e29b30549f9d82bd060a29f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "tracemalloc.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "f6335423e19ea8df5c7df508a7192777",
"sample_size": 1192,
"sample_type": "Binary/None",
"sha1": "7eb2ad31240062a1e7141b18e3ff865323be6f07",
"sha256": "5d97c24c51abb680f8f98e76e37ec72fb3999880e550aa6fd3e00fc5fc161ebb"
},
{
"classification": "MALICIOUS",
"file_name": "nntplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "3ddf886a18b21718ce22541a9cf04e58",
"sample_size": 42152,
"sample_type": "Binary/None",
"sha1": "cddab471ad8f8f9445bf8c8fc3702a3ac4718583",
"sha256": "8540990a6425acbb4d885c5fda29e5c7c2beec2fcbfa53ef409e6157946a3306"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "warnings.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "37c48c7801e514bc93bdebf2235c8b00",
"sample_size": 1880,
"sample_type": "Binary/None",
"sha1": "a9b0ee5ec55f7509a7891a2e99fa06770958f1d9",
"sha256": "4696e14b3e9c080c9e2332e71fab0fab3bf062a8968965d89442f953d99aa360"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "locks.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "637c0a34583332073b92b58627869001",
"sample_size": 15672,
"sample_type": "Binary/None",
"sha1": "26deaae3962bba97d7da53759ea80a5c39286bbd",
"sha256": "7142b22335ffa6036d9b3a84e0916ca4795f6f30bfb2fbea3450b70d15e3709e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "setobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "97d69e652ab7b18ea6f8c5169b4f46fe",
"sample_size": 3472,
"sample_type": "Binary/None",
"sha1": "aa57a444cf1ee7b325c095337fb5a1320a94d468",
"sha256": "3b1ff61737b2c7db49d0fc8c334b5ba8bf5390a0efedb5b71b4fa06e1fc7f459"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_pty.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "447c4fff57213ccaedba535f70fbf977",
"sample_size": 12648,
"sample_type": "Binary/None",
"sha1": "a77b57e1f459f1539730ebad204276672341efd3",
"sha256": "210bdf0d533237aa2e73cdbbfd3c2d5fd01cad4c482005ffd2b81a91a6563e14"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "euc_jp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "3865dafad7247438c6852b0a470fc532",
"sample_size": 1104,
"sample_type": "Binary/None",
"sha1": "ddd0a12c8b8fdd76bfafff53c4939e3fb28cdc3e",
"sha256": "0c1710612066c8bc6f3b3b68aa9125cd9138ea2bd37cdb009f28ed587005f811"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "euc_kr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "406c6eca2597b6ec541c8274d2f9d53e",
"sample_size": 1104,
"sample_type": "Binary/None",
"sha1": "8990a7ac6c2c1af0d98253716e39050e6d095cf0",
"sha256": "425bb126fc158030d86066422ec32c4e85b8df0f68537ed4303c44ffa2cc801d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "base.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"md5": "d17ba44bbe6e6361c18bfd9c2687ba7d",
"sample_size": 984,
"sample_type": "Binary/None",
"sha1": "c7032418e3a8c4b160789705d60c182c2c98b621",
"sha256": "8a68f359a398aba84f6bd92053e41f8e5effdabc71b1455c5c3faf1ff783a8c1"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ifdef.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "e8a0f91fc696a86c2d828183eed28a9c",
"sample_size": 3856,
"sample_type": "Binary/None",
"sha1": "f18bccc4c8c2971a7c31b639c247ee4f992ed8a8",
"sha256": "e0af55f553f6e46cae7ee78511bd15bf2065cca21f4870db9ba6ccd41c21d156"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "modsupport.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "d2dca7f063e8fcd6b2ea35859c78f025",
"sample_size": 10256,
"sample_type": "Binary/None",
"sha1": "409621a82c6ad2130cca24d02502a8620c5335b3",
"sha256": "d1fe6d0cdafd20b20bfc62e452a1e4f43a869490d360748f500a82d53d4bf260"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pystrhex.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "e1bb1756859262c5d969fc31c59ca90b",
"sample_size": 912,
"sample_type": "Binary/None",
"sha1": "ee9c9e460fbda8cddbf1ca742587239c864d7a11",
"sha256": "ca800d249b217b29c54141bcf8767b08c5d866320971bfd6d46b42767b86bb76"
},
{
"classification": "MALICIOUS",
"file_name": "test_re.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "32156293eaf124448d487e607d891016",
"sample_size": 116920,
"sample_type": "Binary/None",
"sha1": "87015ed8dc378ccfe654199681d9a1703271fe4d",
"sha256": "c404052b700c9d35ed1c32474bd1967da039f54a1edcc126ba47e5641bf3080f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "rgrep.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "967e655f7a08826f9c4a2714d43c4fec",
"sample_size": 1688,
"sample_type": "Binary/None",
"sha1": "6bfbbf413ec05544c64ee95ee4d004047fc31a1b",
"sha256": "d61589dc52817bc7824cc62e57509608b7d48000967e4ffaf98249b78a4d563c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_frozen.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "e126104ffcb71fdb9b4aa460c37902f2",
"sample_size": 1016,
"sample_type": "Binary/None",
"sha1": "a34d8851ffe974a7868124c10dab8f0175b4635e",
"sha256": "033ff3bce254dd6f28cf9b85e36cbe0af1af3805651e5f1946762595c9bff1df"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_aix_support.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "763076198a33247f3792b2d9f55de0ba",
"sample_size": 3520,
"sample_type": "Binary/None",
"sha1": "526392a6e1e30fd311be31214069b03adfeb2c17",
"sha256": "fee4243538392a7271f4eec4f7b7702635fa7ff55b38db2913e0595e627f6b9d"
},
{
"classification": "MALICIOUS",
"file_name": "socket.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "89a1818bc2a9fb306a439f69f3e46995",
"sample_size": 37696,
"sample_type": "Binary/None",
"sha1": "f3a9eeae23c047641abdfbaef37e8017345155f6",
"sha256": "b529761360b6311474817c4cbf05654c04ed32507c8baf9085eaea39a72e983b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "floatobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "442f0c0feafce2b2d74c958791461d29",
"sample_size": 4520,
"sample_type": "Binary/None",
"sha1": "7cfd93bdfdb91685f3a95a376f8b4024acc67860",
"sha256": "73cf646da17fbad60020ba678d2da8d4093462d7fd74aa13a05db80f842b161c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_symbol.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "6d0d7bf1f13dd43c89426e4bf246fffb",
"sample_size": 2208,
"sample_type": "Binary/None",
"sha1": "db8a9cb3b1ae4a2ef07ac46a629d9ad75a7720ed",
"sha256": "def642fc7c9976296b0c205333d7b7b35dab3b5c57e2fb52a3efa5b3c092f07f"
},
{
"classification": "MALICIOUS",
"file_name": "pdb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "32538c439a2ea428ff970426359380c5",
"sample_size": 65032,
"sample_type": "Binary/None",
"sha1": "4ca4bb1548e37c153b86bc0ab102d499fb416eae",
"sha256": "8289c1c275b227d3f2be64389830290d68beaf0d2aa216759e707bd056b3e8dd"
},
{
"classification": "MALICIOUS",
"file_name": "test_base64.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "79b6d49d59fb57051bb1a068a4fed68f",
"sample_size": 31328,
"sample_type": "Binary/None",
"sha1": "c99a596abcb2347b52e343972976f4627cbc5640",
"sha256": "700a8c041ce10d0125cac4d2d246702339d227ccd02f348836d72e02fcade0e2"
},
{
"classification": "MALICIOUS",
"file_name": "cp775.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "4fca96573bc8701cf8eceb7423763d55",
"sample_size": 35216,
"sample_type": "Binary/None",
"sha1": "7a9bc72f3a8ab6ecda07d9e1c6a8e6cfdcbccc45",
"sha256": "8d511df04d2e0f48e3649d9ac5cca2b53f5eea09da002b998057498c25247c26"
},
{
"classification": "MALICIOUS",
"file_name": "test_bytes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "131cf6df12fd50ffe7088b3aaa9e5338",
"sample_size": 78472,
"sample_type": "Binary/None",
"sha1": "2e4f27c773c221efbbe6023089d4fa036547a146",
"sha256": "0c52ff650db1aba90bb14930c560eb7a852fca26019780086ddd0dcb08b3ef06"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "getopt.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "6dda199570dee28d0106efdadb8e5882",
"sample_size": 7744,
"sample_type": "Binary/None",
"sha1": "c67ee23b868f05c2dcf315be6b7c1098b0a13bc7",
"sha256": "a8f3b77227a40d2fe41e5c3d69dd48a5d19396eed6134ef0e74b138cec48bb98"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "marshal.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "bb56c65866797432ec1efe797334475d",
"sample_size": 872,
"sample_type": "Binary/None",
"sha1": "8656b6632955a92cd63d2da0acd59d1ecb5248f9",
"sha256": "df347fb65861e138e675171c42d8dd9169de637a445517df1e810814098ad84d"
},
{
"classification": "MALICIOUS",
"file_name": "object.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "053224b3a05ce2664232806b2588fdfe",
"sample_size": 25320,
"sample_type": "Binary/None",
"sha1": "ba07ad752aedd3b24c62e29a751191c45b207946",
"sha256": "fee9fd4e51707ff48003c2f51aac158896f027f9b7c14c74709ec595b92e0bd2"
},
{
"classification": "MALICIOUS",
"file_name": "NEWS.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "b7720f1efe6a1ac096034ee9ac817806",
"sample_size": 53256,
"sample_type": "Binary/None",
"sha1": "db7d2a354a78c4a13027377b80223f16c3dcd373",
"sha256": "81466e226b4ada88449a4caec832d7fd601dbae744f1672b3599d14ed82ad4b0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_binhex.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b866f7455c0ead4c33c62cd97c43efc9",
"sample_size": 2120,
"sample_type": "Binary/None",
"sha1": "6698532d394ca1200a207c640848985c7bf7de1f",
"sha256": "30c5fc728078ce3afbebaf00e9142274fa959b3bbcdfea2ed859241b8d219db7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1251.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "cedb685f92aff3580a0090883b7dc69f",
"sample_size": 13712,
"sample_type": "Binary/None",
"sha1": "a9d8af6ba51aff0bbf3e5041250b8431af6bdb56",
"sha256": "deda35c9a4fb31e3a9974f1776653a7e8b7a750ba6212401a68919a38ac5a130"
},
{
"classification": "MALICIOUS",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\venv",
"md5": "af93ff17a6600aa6eade509a3dfc3c52",
"sample_size": 23760,
"sample_type": "Binary/None",
"sha1": "b55b8fb553b1d685d95490944871421c3f037b8c",
"sha256": "99b41c0a6ae29c22a64d7c09e4d767d702adda589754295a1c80fec3a2988ac9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "sndhdr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "f95f5b05f62497eb1f1a1a8794d3514d",
"sample_size": 7400,
"sample_type": "Binary/None",
"sha1": "4a3c530a1c7098933383441c7b5a0b11efda708e",
"sha256": "46eb904c39c5dbd510426aa6580ce121da2c7cf817b673481fb17c94019fad01"
},
{
"classification": "MALICIOUS",
"file_name": "test_iter.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "30df9a468832d9d661fbd4cbc241dc21",
"sample_size": 34312,
"sample_type": "Binary/None",
"sha1": "ec973643ea0f2a604dbdd87ba315c5187dde936d",
"sha256": "a66c976d4fb7cfd4d7a165d7c086e5c66cc0ca65aa8d31cd1e7221490842c62f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_sunau.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "89978a6c4c38fa02cb6f2795e64071be",
"sample_size": 6320,
"sample_type": "Binary/None",
"sha1": "ec09eb7c4965806418aa2203384de5118c041091",
"sha256": "281b2b54be5732faf5a1db1744dfff4e154f8535d731059149f8ed2f6f7efe10"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "keycertecc.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "d97d08c82d38eef40ab285b780b36e44",
"sample_size": 5784,
"sample_type": "Binary/None",
"sha1": "8308f0138643050a0fe532a3e0d5507a66283ded",
"sha256": "13e3646ed13b6385df51577362f1e70cb86129d2cbacff266ef5fd34208ef283"
},
{
"classification": "MALICIOUS",
"file_name": "lock_tests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "34ae104c49960742fd54c2e32034b36d",
"sample_size": 31848,
"sample_type": "Binary/None",
"sha1": "726cc27f11440b382717549773aca87d5e681cc7",
"sha256": "97b765cad8173018d16182dd6826a402d3c298c26d30ae6ce10f38891c00b314"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_audit.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "5eac77aeaca363a71e4e3810fe4515d3",
"sample_size": 4432,
"sample_type": "Binary/None",
"sha1": "f7e2c5796a0ca133ff70759df2629623e66cc9dd",
"sha256": "ee776f6c2b6c1e6b9505968f2defccc13c0e2940081e18f9d4bfc3561294a415"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ffdh3072.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "f297f1d20bf7e20863c4927b335e2b75",
"sample_size": 2296,
"sample_type": "Binary/None",
"sha1": "77cb24426a5ecf77d9ff76275f4d3efe7a96f7f6",
"sha256": "d754b1d2363e4e51751ec2179b01d87a2c322d929302d9ea5d9f1948cd9ec19f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "grammar.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "637cb26cffb3a35bb1cb54888ed9ce36",
"sample_size": 1936,
"sample_type": "Binary/None",
"sha1": "bf49664f8c110b5e5ae1e455d48a061a6f89dd37",
"sha256": "2c57a622e7567b025c2b691a23d1490a9113fd68f0c736fed48f83163060163a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "opcode.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "af2ebe539760c6c4147a6892f7dbba73",
"sample_size": 5080,
"sample_type": "Binary/None",
"sha1": "fe3fae83451fd7fe2cc027baffde414946d35f8c",
"sha256": "535ea74715f94f34d3ba44608036da6f06c7122b5fb23dce03f59d28becaba21"
},
{
"classification": "MALICIOUS",
"file_name": "test_bz2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ae787ff9a14ac980e900b84b2429679c",
"sample_size": 38888,
"sample_type": "Binary/None",
"sha1": "573e552f2860f32ce18e7e56210171282b3a8f48",
"sha256": "b0765f4e6afdd1b39cf0f70e4db05016282c1f1c1fa36e2b3edcae8ef42b86b7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_raise.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c70212afdcbc0a66d108275ff49eefed",
"sample_size": 14312,
"sample_type": "Binary/None",
"sha1": "3b26b185a2022a91327b7ac7a2a2916efa36f827",
"sha256": "7002fca5ce377239a47dfffaa87e2574865b0edf547b845387c9df165f23462d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp932.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "2ec75a1bb2f3f60b44ea85310ca3326c",
"sample_size": 1104,
"sample_type": "Binary/None",
"sha1": "531f3e8da6d916d867ffe0429020f0713c168bcf",
"sha256": "252ec1085d49a2d123f5aa83c74186856404a20a73593d0b40bc817e6af773dc"
},
{
"classification": "MALICIOUS",
"file_name": "dataclasses.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "b035a655316c7f0b78d69d741535ddce",
"sample_size": 50912,
"sample_type": "Binary/None",
"sha1": "ee7fd09dc897cb9e39f743fd043ad9b319e36624",
"sha256": "086dfc2d55f85b531cf0dc5bb835569ccd305b689d1e094b9561b3d768bbce0a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ascii.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "1b8c3adc428f944b08fd5b9246230033",
"sample_size": 1336,
"sample_type": "Binary/None",
"sha1": "fe917315a408bd8d21acd891e29dba9b5e59a76e",
"sha256": "4dd9362749281c341272f6eed789373937683b707936ec0da5484e7f3f13b33b"
},
{
"classification": "MALICIOUS",
"file_name": "cp865.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "3bef7798050af77fd9bbd59c181b9f6b",
"sample_size": 35360,
"sample_type": "Binary/None",
"sha1": "44cf774723126449aabdc352343f6df2368ba5ed",
"sha256": "34f1e349317d35f55b19920a9c50f4758e719ae420ae1aefb242f96fb9fe08f1"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "fork_wait.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3e9a7ff9b0eb1837fb5178b8f6523c1d",
"sample_size": 2352,
"sample_type": "Binary/None",
"sha1": "d6b07bf01f37612c7145d7585a03e3b987918283",
"sha256": "34d6a93c8dc6b8c99ff0f5a26fe6e7c9229e1b306186a5788c355306c14da615"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_markupbase.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "e287befe23244f719f9aad6f58ef92de",
"sample_size": 15056,
"sample_type": "Binary/None",
"sha1": "3153f5862d63c29af2ad857f412de2b7d3c377f9",
"sha256": "b6aba95fe6f844f434a70563bcdea56fec1af9e22dc79b5fb7d45b2115954ac5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "dialog.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",
"md5": "c77716cb4ddb35f10e2db9eea637b033",
"sample_size": 1632,
"sample_type": "Binary/None",
"sha1": "a251d442fe1799d144024d841c7a58f78f2baa71",
"sha256": "85ea01c90c0114139776463be60eaff03d6355c65c18b98a105ab130d9c3e27e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "charset.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "f976732b40bd90bd60ba5c03a3e8f604",
"sample_size": 17576,
"sample_type": "Binary/None",
"sha1": "2c2c70517bfdf2bc2267d511c43df1381692bccb",
"sha256": "72a838834b36a76c63769b1fd9704d1fa3b945de995a3802201b54d2c6d59d90"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1258.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "80fb8470ef2a0d1f8563b658d875ac05",
"sample_size": 13712,
"sample_type": "Binary/None",
"sha1": "045040eb6e77660961a7e82cfe4cace55e64f542",
"sha256": "4b2e44a15d3b1a9a91f38717f6552ed77c6b3df1050f602b8a1179d75e60eaf1"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xmlrpc",
"md5": "1336fd81c8877b29bce7c64d082ec47b",
"sample_size": 80,
"sample_type": "Binary/None",
"sha1": "929bec86b3220dc08c54d93a2c1d0ea49f2384db",
"sha256": "fccf29dfb18310ad514b3d198ef8d07a6d1e5a5abe893fa4a6bf586508de36e3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "patcomp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"md5": "fcea4c5c64054117a4c9295e4a6196d9",
"sample_size": 7296,
"sample_type": "Binary/None",
"sha1": "5e624655229f671637c02980f3de50bef2a3ec28",
"sha256": "5ab8a6c0656989ddb4cac98715b7054804b25903b48e6cf177c60ff868b8d74a"
},
{
"classification": "MALICIOUS",
"file_name": "cp850.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "6ed3f35ec46914673a5896b12bdd4599",
"sample_size": 34840,
"sample_type": "Binary/None",
"sha1": "13f35c9112add00b5c1aaa2ef79805bb742b0917",
"sha256": "32dc684fe8697160f93dc4c664abd2b622cf3f7f278c4c83e0221d93cd40057b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "imp_dummy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "571910322eb6dda5dee70505523d92a8",
"sample_size": 104,
"sample_type": "Binary/None",
"sha1": "c7811144884a9db38b0c4cc2d34bc1f38321618e",
"sha256": "e10e9a2c87bc8e632eb297984fc209981829c5b885fdeb0c80de645a2447ca1e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "OneDriveMedTile.scale-125.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "389f464e3e60d3b5b80a1b3a655477e2",
"sample_size": 888,
"sample_type": "Binary/None",
"sha1": "dcbda158416d9c9841ad3de5d275059cd12e49cf",
"sha256": "52dda79726567ed2ae2cf3c2ea07089a5ba652eccf86e660df57244c0fcff0f5"
},
{
"classification": "MALICIOUS",
"file_name": "client.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"md5": "71deb93a46c2f97e5ddc1ef5fbe4cbd5",
"sample_size": 58112,
"sample_type": "Binary/None",
"sha1": "76941cc4dbfe293f3db5067122fd4924c518597d",
"sha256": "db53f27c48f1a1668a8c8d9a48f31a83cbb9bf60d2630aed9e5ce4d039f419a0"
},
{
"classification": "MALICIOUS",
"file_name": "NEWS2x.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "9b50e9fb20d6a2cea2d6d0712c1e9ef1",
"sample_size": 27872,
"sample_type": "Binary/None",
"sha1": "4e19d665fbfd3aff7742bfea6be5a71bc938adeb",
"sha256": "7ddbbbbbe0dc19fd0bf4a3f5ab946b233e0ab84ecd8b8ee9cfadf0b5fe2795db"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "extend.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "09104c4c4491c76eba3bef46d58b3cca",
"sample_size": 3752,
"sample_type": "Binary/None",
"sha1": "1cd746eb60fe8ea7c61744420fd4ab40f7494c2a",
"sha256": "10df4f8a39f161bea89285ec0f8f6f5ad35598835c6a39a36b14c0b7c5c36e98"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "2to3.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "08e98543d7808dea5c9efd9875017943",
"sample_size": 144,
"sample_type": "Binary/None",
"sha1": "4a418fc18e04bf6c216fed801a7a4cb6b8b81c3a",
"sha256": "ce997dec1b2ff538fd4375e7c58c358e5b21dab39a063c369779ef26d6d54940"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "lfcr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "146431d711eb49d92a0b9611dd45398a",
"sample_size": 704,
"sample_type": "Binary/None",
"sha1": "e1d0d9bfe337e248836950aa856d01bc57040ead",
"sha256": "f2f2a8b2c6eda56fdc95dea93e9530aefcb14b6a2e25edc425a78ab48888906c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "nullcert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "7df02e12f874adfe53efab4d9402c537",
"sample_size": 40,
"sample_type": "Binary/None",
"sha1": "649791b0eacb774edc70e6be7858f4d937f6a137",
"sha256": "b99f7a569222bd74e17f7b8215ba233150657e434ef38a74a17cc642e77fc8df"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_zipapp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "47f9544d30ad7632f7349490afb1eee7",
"sample_size": 16744,
"sample_type": "Binary/None",
"sha1": "e98afe05789cb9ffa7f0d5020494cf31c82f985c",
"sha256": "c9ad092fdc735691542c895161be7330fa88e7b09789f5a502e7c3767fb4868d"
},
{
"classification": "MALICIOUS",
"file_name": "zipimport.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "e0acf27f463efd9e4beaafaab0df07b3",
"sample_size": 31600,
"sample_type": "Binary/None",
"sha1": "8fb9c31c498f748fc9fa074892f0526d21fe2b1e",
"sha256": "f6d5ae42402c2f1ee927798602cbf965d0404177017a5045753098390642d652"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_sort.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "4cfd89961675f4c9206fbc31b0fc437e",
"sample_size": 14168,
"sample_type": "Binary/None",
"sha1": "7950951826450193932134665cdf45aed67a4a7e",
"sha256": "06626deb8048a31f1cda63ee2075342c8db7ef48376e0e2f58fcf46203f8cc52"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ann_module5.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "20d19215dbc051ca9e36d7db57e8f814",
"sample_size": 256,
"sample_type": "Binary/None",
"sha1": "b9a6755944ae68f177efa99cd1943e8dfb8325df",
"sha256": "f8c5f9918eadbebb4f5e4afce74a3daf49b248c286755991f0852626809cb0ed"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_print.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "adfd7c554214487d407385fb759bc194",
"sample_size": 7808,
"sample_type": "Binary/None",
"sha1": "2dcb869376bd1c3f4f047a818d178905197c38f3",
"sha256": "a1d954156990294c0eb6d136bd3d7f9100c22aa70091ed302458605338079b04"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "quopri.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "e2c64b2dc47ff403bb640d01f7ed08bb",
"sample_size": 7552,
"sample_type": "Binary/None",
"sha1": "205e3bf6162488f046cae720018d900bcd0c75a0",
"sha256": "af96aaa2acf4437451c4f9421e37149c025d7663b54c2d47ceefee5bc27cc14f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "scanner.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"md5": "f74b5a50309bfa097a0b4253636a1250",
"sample_size": 2536,
"sample_type": "Binary/None",
"sha1": "3ee22e8f6ac8bf33359084b9ffca43d2cbb4d3c8",
"sha256": "af6a98c25452e95fa873e0d0a0ff6da5f37e68892760edaad0f1762caf17742f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "moduleobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "b9d6572dfb309139aaef8e77e2a326ee",
"sample_size": 2488,
"sample_type": "Binary/None",
"sha1": "546b370fd927ac5be40f3076051f15cd6c55ce6e",
"sha256": "4930402f15ef3823bfab0e62e8598299b8ef904f34d4aef761ec9b42b8855171"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_eintr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "0572e96b88914ff23bbd3c20205a05ed",
"sample_size": 1432,
"sample_type": "Binary/None",
"sha1": "a8274e3e72620b9b84f8dcc646e334a7933a702b",
"sha256": "aefc3920371bec8e17b8ba611fbda2b952b5b50a452c8ef8093b070bfb04a74c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__future__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "3ad489ccad38b979221b71b405d00c98",
"sample_size": 5336,
"sample_type": "Binary/None",
"sha1": "2d324459f022c6b9ec8a6dbf02381566f7a3d2f9",
"sha256": "acfe7c727b5033e34a702c61a325ae29653773baf1abb50265afb5d58f99146c"
},
{
"classification": "MALICIOUS",
"file_name": "statistics.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "14bb2df9b841f33f0a95de5d0d417e13",
"sample_size": 39224,
"sample_type": "Binary/None",
"sha1": "d75a36ff8f9bd18449927e35b83ba36b3bca9257",
"sha256": "eb05eb01380731752d68e734f5b868556ce737baca03463bfd1e002438c8b785"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "parser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",
"md5": "854e913ae9f655bd5d392e0339d27865",
"sample_size": 17896,
"sample_type": "Binary/None",
"sha1": "f79bc8e11fc3cbff723d484dfd4a88a7cdcb8d4d",
"sha256": "46f7fbfa2ba01f36f19bb030ba2f51e00bd244bae233aa80a6c311148de1cd5a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_super.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c75300d0f62e5a02e888f34ac13f3beb",
"sample_size": 10192,
"sample_type": "Binary/None",
"sha1": "69fee78273f2c1e8c7bf9a2bdb118f7ce567a462",
"sha256": "c379fb3bd6c92c04c306a498f7f3a74fcd90dad4637c06a7061a27d9256e6337"
},
{
"classification": "MALICIOUS",
"file_name": "turtle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "c1fded0b5d2cfc1f832cc78bb39fb9eb",
"sample_size": 147976,
"sample_type": "Binary/None",
"sha1": "3a35bae93a51913ece7858f9f29a3d468f7a2740",
"sha256": "af1aa3fa1492ce0b2c3ba817fcd8977ab1326ef423976000f1e3c0d5a453c649"
},
{
"classification": "MALICIOUS",
"file_name": "weakref.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "0bbcbc567a5c87e9444d21f4fb0c3285",
"sample_size": 22272,
"sample_type": "Binary/None",
"sha1": "2ae7b57bf7d16ae01cecc313e2e6a09006a12d0c",
"sha256": "203fb7a37493935070916f962c58e87c419a7d0c493080dd02436ca1d96ee5a5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "dnd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",
"md5": "ec757599731aef3b8a4e70af4647a098",
"sample_size": 11896,
"sample_type": "Binary/None",
"sha1": "d289e26342c8e81f3e703edb59afeed456e0d1c0",
"sha256": "5b649d63efea556b686146ed3ec6c619a6cd6a63987b3c54270f9324ff30f77a"
},
{
"classification": "MALICIOUS",
"file_name": "test_math.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "f54beb542b56420da6734fe6ad409493",
"sample_size": 91696,
"sample_type": "Binary/None",
"sha1": "acf465745edfbad71162a058cd407230d16936ee",
"sha256": "e525e5ad6937f8aec2d94b13be2d5cf96480376d768175076a9420b6b71d428c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "brndlog.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
"md5": "1915baa033d1912e81ae60880429093c",
"sample_size": 6616,
"sample_type": "Binary/None",
"sha1": "6fe32dfba4daaa8c3d9f338dd6d4160e44f5c646",
"sha256": "81d796bb00b01238ec1dcef1b73c65bb58c1392cc0129029fa2aca495e8baa98"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "dbapi2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",
"md5": "5e3b75d66dacaf1067fea9c9361ebce4",
"sample_size": 2816,
"sample_type": "Binary/None",
"sha1": "4d47fd3eb1af0b499fded04f145b96ae5823391f",
"sha256": "6a9fc7958b4dd3f96f4b822b91b5618f91838e7ffc04d164d09b75426c70bc73"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "mbcs.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "00c32031127c30c3db11679d02b998be",
"sample_size": 1296,
"sample_type": "Binary/None",
"sha1": "255b47c3915dad244dbc1f4bb2fffa5b93e7664a",
"sha256": "f4b34475792d186316e60a7add8d7cba56386ab564608e02c5b15eb9f22d48d6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "sched.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "84efb2bf35cdcafa8a1b5ef1d173b89b",
"sample_size": 6648,
"sample_type": "Binary/None",
"sha1": "082b95ab73527f078f5d6cac729642459c281954",
"sha256": "c46c23e0349f59a82dc5e15f589add3a83007f74710cf3708b0de2975bbb7fe6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "getpass.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "b2059602ffcccc4ed07d19895d06636d",
"sample_size": 6216,
"sample_type": "Binary/None",
"sha1": "5c327d766ec72d62970fc06437c321e96ba75b0c",
"sha256": "ddec8d1db71f926b212ed3348eb28e1238fbe5fb468052b5a7ad2ef825cff4bc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_turtle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3874eac32d6feb347c3fd644a8bdfeb5",
"sample_size": 13448,
"sample_type": "Binary/None",
"sha1": "4bd0d922b3364d0b892a552a683144092778b493",
"sha256": "6dd4ca15906b093c2ba4c182cf6db1176bf7cb4b82f37cd8e4fdf12860ca8ecd"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml",
"md5": "4a9a9a32fc5fb8d30d3f5606061dce9e",
"sample_size": 616,
"sample_type": "Binary/None",
"sha1": "95c3a5a49c74a0643a7e54a121109335d89a6f12",
"sha256": "c48328f5c14ab84b62d59262e00bbc6302c57bed47607ea17df3ab8892dc8fa7"
},
{
"classification": "MALICIOUS",
"file_name": "minidom.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom",
"md5": "e6a45e247454243d800587c88be7b0cf",
"sample_size": 70120,
"sample_type": "Binary/None",
"sha1": "001c5b3f54cb0681a0c03fbaebc4d406f6ad9679",
"sha256": "82edb906b19b0e26767e169012e0619d40321cb9db07e2ac2404782e33b76240"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "gnu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"md5": "4cc3692e447461dcb4a04a53e894cfc9",
"sample_size": 112,
"sample_type": "Binary/None",
"sha1": "76c38918acf04bb29325b48cb718dbd2faaa0021",
"sha256": "22b7b16b0e0f93c659fd6f596f450518b9b025037ee75e45eaaf03f17c3be5f0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "io.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "16a0eafd3d71f9cab100781d316d08e8",
"sample_size": 3680,
"sample_type": "Binary/None",
"sha1": "a62fda6a3946af46580321a0536a90f7e35e71ac",
"sha256": "77ded55468899ad948c69428995207865bad09d65155a538923dfe4e8063cc6e"
},
{
"classification": "MALICIOUS",
"file_name": "test_int.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "a20ba19663c685388504bd66b0a479d4",
"sample_size": 21912,
"sample_type": "Binary/None",
"sha1": "b67e65f87e839dc48dafa12d996a6d155951978e",
"sha256": "2644355408e48173fb66932239bc5669047971e79a58d55d7278c179402c2d01"
},
{
"classification": "MALICIOUS",
"file_name": "calendar.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "59f68e814bde3287490ec949b85aa5da",
"sample_size": 25640,
"sample_type": "Binary/None",
"sha1": "9a5c326642450f91151fcde77f272bea93e520bf",
"sha256": "6da4eb12f433dd2e0bf1fba598986734671d8e4e5b598a34864d24e939caf97e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "policy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "35549a7f2c952f687ac9d35c3a152de1",
"sample_size": 10648,
"sample_type": "Binary/None",
"sha1": "b2b51c118c10924cc8c4780e2d1f60258e1ea066",
"sha256": "ff3126c2a0d16acf032dae8bd0f65127192a835848ed8e66fa5bcb953009ac6e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "mailcap.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "1406ba76da23c156fd258f4dfb4f6d0c",
"sample_size": 1352,
"sample_type": "Binary/None",
"sha1": "d1666025e37a9853efe8edb53b80385c36ee80cf",
"sha256": "ababa37626163c5cbae15b83ad7721ac774832089a16ac2765bc6fbb373a7528"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_module.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "1a2a557d238f7949b9b28f754e0a66b1",
"sample_size": 10800,
"sample_type": "Binary/None",
"sha1": "a355b51559afe870fb1c4d4d1659d0560d7b310e",
"sha256": "ba9ebe16180fe511523f0938ceb90b41d02f16b895dbeedb413e6332f679e4aa"
},
{
"classification": "MALICIOUS",
"file_name": "_parseaddr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "bdeede01604cefdccd3a234475b5eafa",
"sample_size": 18312,
"sample_type": "Binary/None",
"sha1": "bfe93621dfe525b46663d5af00cd4ab2727cb5fa",
"sha256": "b5458d5071e976c283180fb719ef0c01e93133ac6a6df33762b2e0bb7ae1f52c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "text.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"md5": "ab6485c56bf4086866ba43036131541d",
"sample_size": 1520,
"sample_type": "Binary/None",
"sha1": "7165068d2c869508a9c7363425f47052c796488b",
"sha256": "74f034dda8839203ce86a972fadf9cc9f4f8bcc831112b640731e0f49eb6fae9"
},
{
"classification": "MALICIOUS",
"file_name": "test_xmlrpc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c415058b4d8692d2c05785277a56ecae",
"sample_size": 60104,
"sample_type": "Binary/None",
"sha1": "6a302419b7f29bcfedb3ed492ce8a21d4c7ee376",
"sha256": "c0c7d1e066a477854cced8758f4cdad775859371edb855968862274b0d93ac91"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "graminit.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "772b8eaf52568dc431007584d4593cd7",
"sample_size": 2256,
"sample_type": "Binary/None",
"sha1": "73c86b471954ba1cc9c97e1b43273bfd5e48890a",
"sha256": "7df1b32ba1e9ab5f547d706e94788d700975b0b525701b4f48825d653293f5f4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "dis_module.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "1f1095b26f1fa07a879e09575f963dfd",
"sample_size": 120,
"sample_type": "Binary/None",
"sha1": "ad74d9e3f141fc87586a8e8796b9f8e165680a68",
"sha256": "66a5cd5f8c9d6e396c83762784a50a07fab0134c290103597567c0aefbc8deac"
},
{
"classification": "MALICIOUS",
"file_name": "test_syntax.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "301fd37908d3c2c39d7ec29951510b7f",
"sample_size": 35960,
"sample_type": "Binary/None",
"sha1": "5cdc71559b2aca39517f8199efc1c55c0fd5e9b1",
"sha256": "23ebedb73dabafe93f6522f0e3511d3982e5275cee0d909563cfe82f2528c276"
},
{
"classification": "MALICIOUS",
"file_name": "test_typing.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "59082522b347780aace84cdab59f3747",
"sample_size": 147848,
"sample_type": "Binary/None",
"sha1": "2ee8ba9d5aafe3102865f179d80d54c506499ac6",
"sha256": "c5d7588f82503b61927a7e61913cb6588d6fd7448d8cfa8c5c8dbfbe955cceea"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "fileobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "3024469e935f1d228bb70df7ab679fd9",
"sample_size": 1664,
"sample_type": "Binary/None",
"sha1": "02091011d261b11ce90bf23f53d03a15288979d4",
"sha256": "9d8bbfaf8ba44eeb53069509655cae7b0b4f115ad91e4ca657fedeeb78820eca"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "shlex.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "0b907c92f17acd6f33816b6a31f5c125",
"sample_size": 13888,
"sample_type": "Binary/None",
"sha1": "bebf58fc0e773f3f6228cc001b74b14fcffd4925",
"sha256": "9773003f815f2d28e2fbd1b5b9b210a5301d64aeccef4b33545a07bba57dbc18"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__phello__.foo.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "419a95edb628a40fb8ae9cabe7d70a75",
"sample_size": 104,
"sample_type": "Binary/None",
"sha1": "319ec899e1af20e503277b3b92e399a8bc976ec4",
"sha256": "0e1360dfd82b0045d1d48f5c588e203f4bf21ccfd68cb9b37570a772acc5b193"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",
"md5": "cec9bdb2b04b7844c36d7e81b2cac9ac",
"sample_size": 40,
"sample_type": "Binary/None",
"sha1": "de6abc27998f99f88fa150a86b0d041461ab3344",
"sha256": "a796a48eb3901bd65723a101ed02433af5fe686322541c4c2d8e3beb645276b1"
},
{
"classification": "MALICIOUS",
"file_name": "NEWS.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39",
"md5": "603a5fe3fd01c8c3068a1347497e4632",
"sample_size": 1128128,
"sample_type": "Binary/None",
"sha1": "10489d490e9e6da9427043891da39202f0db52b5",
"sha256": "a6627de09cc72ee3bef146faa655000aff0cb8fd6f6404626062cfeafe5f93e2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "copy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "d283bdeca1b74ab081ac7091661859bf",
"sample_size": 8992,
"sample_type": "Binary/None",
"sha1": "02a556fd4f5fce2892e90ecc1e763093d5239f5c",
"sha256": "9bfd80da299dafb79ab4ab932c0c230bc9ef1daa084dbcba4199c10ff8b46f4d"
},
{
"classification": "MALICIOUS",
"file_name": "imaplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "9a64b5a289d1aae27f1efde0ceb01fab",
"sample_size": 56592,
"sample_type": "Binary/None",
"sha1": "b5ab853cf1b629ac789e5f50459cf7b2f1c866a9",
"sha256": "6089e95054f17d3ec207f08ee82a05cd0878af009e5e17603d2b21fc5cef59f3"
},
{
"classification": "MALICIOUS",
"file_name": "test_codecs.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "5d5fca7e95701aea7845e490a2ce1f61",
"sample_size": 138360,
"sample_type": "Binary/None",
"sha1": "4b617a1a92475ab987915945efc0971fd03c82b9",
"sha256": "7576007fdb2bd1e091ab63cab56c310de27ce1ae99faded0c637e1bb0e21e52a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "copyreg.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "803eb04f7b43aaee675593c103be57c4",
"sample_size": 7528,
"sample_type": "Binary/None",
"sha1": "a5dcf94b9c9dcb86333bcd869aa650f98f8d9f6f",
"sha256": "786817dc83366d77c4df8938fadf82a0f29e4e1eecc9f562ef443f5b7da1bcbf"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "objimpl.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "19b78b6d5dd3487f0d39a277d1035931",
"sample_size": 8680,
"sample_type": "Binary/None",
"sha1": "ec729042751a8e179f053908f5366210edacba50",
"sha256": "2f2b15b905fbbedfe4f1a008fd741942e550798b98ae8869a3e3ace305d3edfc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_bool.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "64ecd0d65ac24f9f27ba3076c79ea51d",
"sample_size": 13144,
"sample_type": "Binary/None",
"sha1": "843eb0e2b7fd8ac5065e78737240c39e0a478c99",
"sha256": "63b87d9b93914930fa6efe97dcefa82abce79aa1c7f84daf99cba17578c38910"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "mock_socket.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "351bf7f6463e3776200c5771764cfcc2",
"sample_size": 4000,
"sample_type": "Binary/None",
"sha1": "ab55d87fd164f915087d237c920d92594ed242c5",
"sha256": "42ba26107f3cdb80b45f36a0faf14a0e16fe4f6b4b972a106e130aba371448eb"
},
{
"classification": "MALICIOUS",
"file_name": "config.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "e0176b5c804c63554ee5b763aa9266d4",
"sample_size": 39128,
"sample_type": "Binary/None",
"sha1": "157c073c89f64c61cb153459e124a1da50f286c2",
"sha256": "074bfa7f168a0ed336aa0b95c75bc1ea2c88fd5ed3e9351a6464d923a34bac18"
},
{
"classification": "MALICIOUS",
"file_name": "test_struct.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "1a6d3866f41637109edba58e787a480c",
"sample_size": 36920,
"sample_type": "Binary/None",
"sha1": "31cb71b2a6a981a10cad76c0faf355d34b9dcdfc",
"sha256": "ffd496c63f931a897c19f13c285114386bf1d07ed1b889c0dbb1f5898828a5c3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "trsock.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "69fa60534dc812e7c1db9871d2238b2a",
"sample_size": 6120,
"sample_type": "Binary/None",
"sha1": "657bd68fc30c64520c9211c293216532906b765f",
"sha256": "2079c96fcef6520be733145787d7771f1e418fe84791500f61298b7488210499"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_pyclbr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "a08233d6a5cc0be4e9131e156b7ec188",
"sample_size": 10424,
"sample_type": "Binary/None",
"sha1": "540c6e4afeae627e03e42c1214295c0041343e68",
"sha256": "fcbe107aa4aa769a501a5a2cd58aec0d79595a3237b5054ecb3264a02b849ee6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "result.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "e2f2b5d7ff9b48ef4a1aabe77ce53278",
"sample_size": 8648,
"sample_type": "Binary/None",
"sha1": "b7ee4e70ae85f63e5e62954ecd6ae18dec14695e",
"sha256": "dd9a18f8a3c8e1db5af5d0542d37b41bc2ace3e913be3c3a3de52352c7fdb7b5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"md5": "90c12c6b8d1df189e55a0791af16f88a",
"sample_size": 14416,
"sample_type": "Binary/None",
"sha1": "9dfe2d0ea8af71477865c4340d4a594a9597acee",
"sha256": "21c0bddfbf1bd94076d78c8782d6d9e0a13e59630a38520e42ef18f6f71a2501"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pydoc_mod.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ba561bf0724efc566b8aa1f67ea78b91",
"sample_size": 1024,
"sample_type": "Binary/None",
"sha1": "fe30ba351c198b3d73d846ecad00e6ef81346031",
"sha256": "464936bce9f33b544c226a79febdec8f418f259d8427bc0047c3f8f609a120d7"
},
{
"classification": "MALICIOUS",
"file_name": "test_strtod.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "af6478c51d9773ac90294eaae645e683",
"sample_size": 21008,
"sample_type": "Binary/None",
"sha1": "41c8a51b2d6d82d4d2178f8fc6d068a0b595af2f",
"sha256": "076c35eff357fd4047370ea898e5aad2c701e3d98b7622f986da79b776015e04"
},
{
"classification": "MALICIOUS",
"file_name": "_collections_abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "33446187c1bfebb8a33b40f59cce0ee1",
"sample_size": 30528,
"sample_type": "Binary/None",
"sha1": "d39792fd0eb2cbb244e55c4cffbf3227aebf1575",
"sha256": "2ebe2f6b0bf0d6ace528d6a0c4dd6f76ab0f0bff287ad5dd6d80eac94fd5e83b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\collections",
"md5": "afb04740450b86d9c91c6820c6c4f513",
"sample_size": 160,
"sample_type": "Binary/None",
"sha1": "36b8173c0ba27634299f824a4152ee20ed6a0361",
"sha256": "d4139383335a43b57cd2882ca24e9434088cdfedd8a0edf32533e65867e42f16"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "code.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "7bc4e58ec6effe3b7da5079dc8a57901",
"sample_size": 376,
"sample_type": "Binary/None",
"sha1": "d1768cb56e348ba81cedcfde17d8dd90d5863bb4",
"sha256": "d3323d5e4d76a5512600ccaa90f6824c97636548f16a43bf773d5503f71d0e36"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "hz.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "8bedf55ebe9f66fcb368d25273d42726",
"sample_size": 1088,
"sample_type": "Binary/None",
"sha1": "26ef67678665e87f4cb824666a5a04fcc755928c",
"sha256": "45e02030a3d642e2c222e332a0fd9046961d7b3a0e3d40fbf07c56e4d866838f"
},
{
"classification": "MALICIOUS",
"file_name": "cgi.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "0ae3f1aab5fb99c1714012425750a2b8",
"sample_size": 34976,
"sample_type": "Binary/None",
"sha1": "383f4344c1d90022cef1368a17cc3d98ff596041",
"sha256": "7e0064864a95dfa486eaa44608824cbc3c273e88657a1a84d4e2986d54732b41"
},
{
"classification": "MALICIOUS",
"file_name": "tokenize.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "9f9855f3cefa20102f99cb8a7b2a4b24",
"sample_size": 26608,
"sample_type": "Binary/None",
"sha1": "1455e52a03928ed7a79392b2d58e3b5af583bb98",
"sha256": "4f081061a633ee3d309d4d9726c8a1e41d5ccd54fce56d59959ee13a0b13bf8f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "asynchat.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "c582ddb0f5deff5cae8f1249541899a7",
"sample_size": 11672,
"sample_type": "Binary/None",
"sha1": "7f96fb666518cef966c8602f08e58531ec0f68de",
"sha256": "408a2ad407cf6531910df8784d92fa151721c70a8c10daca1fd3629b3e39fe53"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "2658c1d90c40e9c21488419fd37e8b49",
"sample_size": 5424,
"sample_type": "Binary/None",
"sha1": "6d45c279b1d5c761fbdf600ece8958a785350c59",
"sha256": "ae28f83ac9c8d63e4a85b1758c79bdc125fd6f3aa6e1eca319bfde78b7d30029"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "bisect.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "3b3b3a09ed8c4df48a46e3dc0cceab3e",
"sample_size": 2472,
"sample_type": "Binary/None",
"sha1": "855d6a58fa1b4c3a96a21fa6c838f280340638ba",
"sha256": "4400fdd44ac9e6302c51c9c26c74556c500ecc622ce0eec81d2040fd08956cc7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_pwd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "4c0b1b6896dd42dc7ddd26bb572225c9",
"sample_size": 4424,
"sample_type": "Binary/None",
"sha1": "065efb7634692af8d62c60f9e908c3a89e5a9ac0",
"sha256": "02ad2080a8cd8929a926d773fbd0c1a7cb13615a4c1dcedf2e0847c7f1aea2d3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "netrc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "e12379309fbd495b77dfed3d1624f424",
"sample_size": 5744,
"sample_type": "Binary/None",
"sha1": "f5491a08ccdd8d75bc4b9097a3e46d2dc7c38235",
"sha256": "904a6af2fd76ad9e2a867ae4ba3ceafe426463438cdcd4085c14751c86e014c0"
},
{
"classification": "MALICIOUS",
"file_name": "test_uuid.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c4477e89de3fb84d7ec44985bf1fbeec",
"sample_size": 41840,
"sample_type": "Binary/None",
"sha1": "e67bf563b4b0c63e72f43616ce56e00a51e1f13b",
"sha256": "713f2e52b1a036a95d5304a15c35a8b21ab97893263fe6eaf0d4930bc4be4b5b"
},
{
"classification": "MALICIOUS",
"file_name": "difflib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "ac87c7694a4af8dfb3573b511790b975",
"sample_size": 85400,
"sample_type": "Binary/None",
"sha1": "626bcd00e32315545ac031504483b14715ebf5c4",
"sha256": "1edda22f5f711c48f98606ab259e5ed6c3804e9edfa7b7b3f91288b94a5c4e97"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_ucn.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "82779106573c832f69d6546f59e680b9",
"sample_size": 10008,
"sample_type": "Binary/None",
"sha1": "95a62197f64abb4c9c24237cc1b09cf90418a136",
"sha256": "a00a40b67ef5ea10737d4f49668c2209291c1a65158b8107d69abe9259b0f42d"
},
{
"classification": "MALICIOUS",
"file_name": "_strptime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "51831ace09258f406a8f1994b3ef7e14",
"sample_size": 25896,
"sample_type": "Binary/None",
"sha1": "ed39f797e5a1940992345b4117792d356e0478ed",
"sha256": "d9fcc382755cff81e058bddf09033f1b5d8369b7875e303a1751da8fb766f433"
},
{
"classification": "MALICIOUS",
"file_name": "test_ntpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "985eeaea91050ac80677cdc970b0bc45",
"sample_size": 36752,
"sample_type": "Binary/None",
"sha1": "008c60cfec0c7cb6c73d1114edc7acee5b4d872a",
"sha256": "fd1ed6f8d3cc7297d75d90350c6697432e583043b0df1aacb3fa96aaea4ca4f7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "md5sum.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "fcb51262793214cf78a0bccbe4198aed",
"sample_size": 2648,
"sample_type": "Binary/None",
"sha1": "96a89873d6f31a9d19082ed54d28ddbf619d94c1",
"sha256": "989d1e45d29fb82b161271fad2dfa6ba0e5b44c62e86a373017823458ae4c7ad"
},
{
"classification": "MALICIOUS",
"file_name": "pyport.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "f5b36e69fd60d45f0f07ba9384803a09",
"sample_size": 32192,
"sample_type": "Binary/None",
"sha1": "fb37113e3203090e1f4253b29470eb60a7bc93c3",
"sha256": "21436f22befed7eebe016fdb398aba2f113dcb94526a8e817930abe7493c100f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "runpy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "9b51bad4bb5f07f144a5b6689da69489",
"sample_size": 13448,
"sample_type": "Binary/None",
"sha1": "cbba87749bda3b85156dc3eb757e1d9c7d02f4d8",
"sha256": "de1b808512c20b83166bf7ab193765ad8ba2da300caa079493562aacbde86e65"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_poll.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "27b6e21d3b6dc2ec9345d2cd10b6b7d0",
"sample_size": 7624,
"sample_type": "Binary/None",
"sha1": "36810d287e09ec9054705ee40b5d29685690c927",
"sha256": "6e9c51727515924e56d3e9800a9e3e196dc3b49ffd2d8060ed2d312594d2da49"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_nis.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "cf6e2d92951bfee6602764b29b30da6e",
"sample_size": 1232,
"sample_type": "Binary/None",
"sha1": "606572de67046389d69d2aab3523276fedcacb45",
"sha256": "337aa5edbd2d54ed5bbec3c668cdf1033576f01145dbf631961327211dd1ee30"
},
{
"classification": "MALICIOUS",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"md5": "af238f030b09f47ea71f0047e4ed6663",
"sample_size": 21512,
"sample_type": "Binary/None",
"sha1": "2185bfabac49addd02ca3b10c67c1d1a5dc0c1f9",
"sha256": "1d6f298e7b7e60a8a28899aea3af53b99a2474baa899a2847c471d0f863906b5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "reprlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "13f7331049c6748a92b2514147c0e246",
"sample_size": 5472,
"sample_type": "Binary/None",
"sha1": "0af04dfbdcea61da17b1374a3489c6f01de1e9ec",
"sha256": "dd69b855055aea741acb67dab31dae937cbfddf43413a8df234015808a5c9fba"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "bad_getattr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "aab66c0b2a30d430cfe4d8a4d3b2ae90",
"sample_size": 104,
"sample_type": "Binary/None",
"sha1": "cf92ed8a4489ccfeeb3ae600b2d7c0becd8e0557",
"sha256": "d56291a768f1e340e9bf053f550ab90275376963e79399b002aa30031cfa8984"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "serve.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "c1fb7f6b390dee9b71faacad189d4bfa",
"sample_size": 1304,
"sample_type": "Binary/None",
"sha1": "531901b0dfe99db9673a8ce6086314d34e57722c",
"sha256": "23d5441583a5b560e51ce9b5ee3da7ea945d0de289549bd17a93eaef0920f85d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "peace.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",
"md5": "798b5d0e97480ff2cd565172d8d9f97b",
"sample_size": 1168,
"sample_type": "Binary/None",
"sha1": "4234c25f2bc8bedc20711e9579ae9eec17b23611",
"sha256": "e5b699eb8b4f5c9393ae0e8ed0c1d159fc5f5b5aef3a78396a89058714316afb"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_epoll.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "e6b5a89b91e830ec7f72085cceb14472",
"sample_size": 9656,
"sample_type": "Binary/None",
"sha1": "1a041df4be1f9c1e3de7f84d57817738e3d5c272",
"sha256": "890761fd71b04c0ca9861d4a87fc20081162fb43f8bf3644608ffa3bd9ecbfb0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "Python.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "46f52455174838d02cefc46dd12eb146",
"sample_size": 3728,
"sample_type": "Binary/None",
"sha1": "769b22ae0189506b31611d6f0048e18762aceb6b",
"sha256": "c34db47202cf3d12f0558fe5740622e6ceef1eab48260e2a8590539a19e3189d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "symbol.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "8442ba218685a92985e6569aaa26f942",
"sample_size": 2440,
"sample_type": "Binary/None",
"sha1": "f9cb4f776361fecb26ad065a50b883ab3075c0ab",
"sha256": "6881f6da9d41da5d2b60f649e7f70023688d652038469eae5a850d44c4fb7d23"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_timeit.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "66a4f2418808aa363ecd59afebc2696c",
"sample_size": 15584,
"sample_type": "Binary/None",
"sha1": "840291da49c5b32edbbe774aecedd5d98e5a75ef",
"sha256": "01e64f66c14f9e5a7d661b816663bed52dd1a27d71cd20877e42a58cac8f82b2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_uu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ce0c7e3fbf8455e0a4118a4282aefb79",
"sample_size": 8512,
"sample_type": "Binary/None",
"sha1": "c25d9911970d3151288d7e63700a650f3c7bca0b",
"sha256": "501a9051e42a2362c830e2c3df67b600b74a14e0840ba3e650be605f3bea8b8b"
},
{
"classification": "MALICIOUS",
"file_name": "test_mmap.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "4d3694fb379fdf697cbd8919ff0ae84a",
"sample_size": 32464,
"sample_type": "Binary/None",
"sha1": "6101c6124a772f45001ddf405b433df4d87b9a73",
"sha256": "2fddca12b6d5294bba9fe9a980ed455f78defdab8127ca0f5862233619080797"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_dtrace.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "13ee7158909f86a9115a4c446efadfb7",
"sample_size": 5472,
"sample_type": "Binary/None",
"sha1": "73fb098668378ca9a6512b47d53149a55acad598",
"sha256": "257f1a9986b438da783721da9b9b14cdc6af5f1b732a3d82fa903d01e316fd25"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "keycert4.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3ff51c878947549f996a42a8a68cefee",
"sample_size": 9664,
"sample_type": "Binary/None",
"sha1": "945a1c5b165eac28b2a4ab769bbad1cefd54cc82",
"sha256": "7abf1c6adefbc9d18944f52a66fc1d0ae12985a9e712a74513f1d08ea2473fe6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "numbers.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "2d71b0cc769f50ba633f49d59e5147ca",
"sample_size": 10768,
"sample_type": "Binary/None",
"sha1": "e13bac5e727c6f421fb0ae90f4d7cb05c27867f0",
"sha256": "21d4ed53768924090d3e675409d3b180863162d0fb0d3e44fe4ddd44525fe091"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "allsans.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "7be9b62b4b42b1bdf343d7cffacb0a97",
"sample_size": 10312,
"sample_type": "Binary/None",
"sha1": "f40419374976deef55694b1fe530ba78cfe20ac8",
"sha256": "c18b08c89776ed699b3e756ae26c9010598e81780862ef1dbbd3c5172e2692a2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "formatter.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "761b6e80feca5d78cea6538698a6805a",
"sample_size": 15632,
"sample_type": "Binary/None",
"sha1": "73bb241894fa18288eccfbf599da84a1b520eadf",
"sha256": "4bd4e0204231ffda2421bf5099eda1ede56fba06bf21a3b82bb0f030602d4764"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "TODO.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "911a5d127af31a8089ec19766fe0864b",
"sample_size": 8728,
"sample_type": "Binary/None",
"sha1": "5924193c99876cc360e1a6d9e628a02a393e073a",
"sha256": "2b7b7d73575b69bc079326c383ba48e14a716206d2ea2658393572e340a20643"
},
{
"classification": "MALICIOUS",
"file_name": "test_site.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "caad29ebaa49e0b074c58f9f975dbfff",
"sample_size": 26512,
"sample_type": "Binary/None",
"sha1": "61ac0c09960b72b6528e142c9c81f4a06a350990",
"sha256": "222cfbc6a230e102101fc132d7e624e220bdb3a675e5c43e7d1addaf2c7269e7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "fileinput.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "09ba580bd07b25e7bb058898264bee7d",
"sample_size": 15264,
"sample_type": "Binary/None",
"sha1": "cb1b73504268c288bcc63f4ebe682a70062a3da2",
"sha256": "abb6758aa6920ba1294224cca033e005eba55db6ecd9b645e883bf789790e628"
},
{
"classification": "MALICIOUS",
"file_name": "test_clinic.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "bbc679a6cca808b2e61fe6eba627078f",
"sample_size": 22888,
"sample_type": "Binary/None",
"sha1": "af7f8c29b8b9413ac9042f4eae1ce74d68925246",
"sha256": "e01f668519a4f2acaae62dd4aeeb402b14405a555b67f7b04d28514bb063e0bc"
},
{
"classification": "MALICIOUS",
"file_name": "schema.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"md5": "16889e99e43167cea23217dc74c47d76",
"sample_size": 82624,
"sample_type": "Binary/None",
"sha1": "a1906063991b3dfc0476b3b47890c9b26f141a75",
"sha256": "9057307749f2109386d11d8c13e8ab82b0270cddc409242d0f7c8f041b1cfc4b"
},
{
"classification": "MALICIOUS",
"file_name": "ipaddress.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "fa6e4e69437b1981151022ec34442eb3",
"sample_size": 76936,
"sample_type": "Binary/None",
"sha1": "fc56e2e8d559c7cf1a97955b5ca565d21bc4acd9",
"sha256": "e67b97b4122c5c346e75ae8c261e4e048d7297b1ebaecbdd64862defd09d2d8e"
},
{
"classification": "MALICIOUS",
"file_name": "_osx_support.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "3630c93ecc68fdca0bccfd410fa81dcd",
"sample_size": 22392,
"sample_type": "Binary/None",
"sha1": "2936c31ce52122908e78909d50f6069868aa8edc",
"sha256": "4aab2db84316a0d3eb8f57a3cc74b0c048deea3c582154ebf3a6157f6858e2c5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "dcb493d8cbe8c5adac0fd33527811c8d",
"sample_size": 20416,
"sample_type": "Binary/None",
"sha1": "009e49bacbbd8cc737c9aced1c1d16de181baed2",
"sha256": "03f2c13428d73da63c7c35d6c39ecbc33a8c2d43a90eeea8de0449b381ea504f"
},
{
"classification": "MALICIOUS",
"file_name": "warnings.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "bafbee4d7e8522eca0acf66dcf080ab2",
"sample_size": 20280,
"sample_type": "Binary/None",
"sha1": "ff57a13d6868c43834c3bc8e189defe4a353168a",
"sha256": "50752e70e762aa62639df374df90b70fcd6d85bbaf72af2811ebd8153f7f405a"
},
{
"classification": "MALICIOUS",
"file_name": "test_cmath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "eef3fb2240a3b27e05fb46c10a69f2d9",
"sample_size": 25328,
"sample_type": "Binary/None",
"sha1": "bbc3d018f44c74d693135886feae23b598d258f2",
"sha256": "79643d366051aa27f142d9a43d1fd3e8a518db3bcb59da38ade7a30311eabb35"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "complexobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "5f4752edfb601a17dc88ab53e989da4f",
"sample_size": 1912,
"sample_type": "Binary/None",
"sha1": "a300ae5e72784939b8a151173aae793543d37e56",
"sha256": "35a07e579eeffafc96c4a59ad7e9890f5d79b2089135e44471966d2f3ea40812"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1006.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "fe959ac1cd8bd302b87cacb7a993061a",
"sample_size": 13912,
"sample_type": "Binary/None",
"sha1": "3f8403e7f5a36982084f19aaaaf2fa14fc7647f8",
"sha256": "757c496bce358e2f6afe63f3d0ebbb88803b2fd308dc8a4d184b6d1087505104"
},
{
"classification": "MALICIOUS",
"file_name": "configparser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "4b30dca69595b76e5dd88e0f10a11774",
"sample_size": 55992,
"sample_type": "Binary/None",
"sha1": "7edd70667e09ea5b4bdcac16d6d325c1106639f0",
"sha256": "a2ce23196318e68e4e94771243ee5b7e740faee7c4289fd730fc44904e5e4895"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "msapplication.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
"md5": "a1948cb7ca07338189b0b41ab9d7e329",
"sample_size": 416,
"sample_type": "Binary/None",
"sha1": "a8c4c10b479e7f43d01d3753bed9e72e7ccb4307",
"sha256": "01c861d441f5140db8594622ff2f1673e6199f5881475870229515655f6a7660"
},
{
"classification": "MALICIOUS",
"file_name": "test_curses.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ae2a3efe91201eb230562acf8f5e5850",
"sample_size": 48736,
"sample_type": "MZ/DOS",
"sha1": "6aace8f340abdb4e2abb8784555207704b5a39d7",
"sha256": "7c8174e994eb813c6c0dec3bdfc008d674bf47bf7e645d766f38cb95492e9b53"
},
{
"classification": "MALICIOUS",
"file_name": "gzip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "613ddeb33487b303fdf99e8532ac08da",
"sample_size": 22424,
"sample_type": "Binary/None",
"sha1": "1b6203ab0e58de99d361977c489be2001216b53e",
"sha256": "a86576e8557be61800794e4662ad69299042501ebe400e8d45f8839b87564f29"
},
{
"classification": "MALICIOUS",
"file_name": "codecs.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "c41b7945e58aa82086ef6abe3baf7e8e",
"sample_size": 37840,
"sample_type": "Binary/None",
"sha1": "72972802b935fd94197a8b631d66f2a046d4c9b2",
"sha256": "1f966a5fa6d713ce395cc31728b03b6a181adef0406544247ecc7209ae1ad1f6"
},
{
"classification": "MALICIOUS",
"file_name": "cp852.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "6cd466799e2d09bb67e52e165ecfc13e",
"sample_size": 35744,
"sample_type": "Binary/None",
"sha1": "2f7060a32baf3276af7f6532e8bb77018b28df3d",
"sha256": "aa295286aaadb11267a22447e7a8dffba7909567c2a4f6d15d3954c47ca2d836"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "secrets.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "67fe873044660b749ecde0ba02326f70",
"sample_size": 2152,
"sample_type": "Binary/None",
"sha1": "c8e0dd8bfdb151212049f4b5cbbc61db61acd2b8",
"sha256": "6da9c41b0be537ffe5da75e94ecbca17cc9e15605e7a59526d5d011a0ec1a79b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "keycert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "08ae4efd79b02593151e0f95bdcf7225",
"sample_size": 4168,
"sample_type": "Binary/None",
"sha1": "548ea5fea0b25fe637e60e42a87df05c61eb06ce",
"sha256": "9f15c9a3c48f9f36f56e0062e2aec1362c3250ff4bc508ca5212d2f532afa77c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "badcert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b59225f9ece54cd3debbe544cea38594",
"sample_size": 2008,
"sample_type": "Binary/None",
"sha1": "eca2a81b919ccae2cdcac97cc442769e108ecedb",
"sha256": "f0a1451910c6f017a5aa88eed219bfda5bb775fe796021de46b573b572d97aef"
},
{
"classification": "MALICIOUS",
"file_name": "feedparser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "7fb7399a4284a8b4b052c2d245ebafea",
"sample_size": 23360,
"sample_type": "Binary/None",
"sha1": "f914b142133e8072232b7004590f5864a4a1d36d",
"sha256": "d615a8ccee220fcd92c24ef6761b1bbf9d0ec0bb8e7e7e4b1cc26b5777a828df"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_xdrlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c24c69c1460cfaedc750612b51887d6e",
"sample_size": 2344,
"sample_type": "Binary/None",
"sha1": "c1a7c7b09f22bbbe3c4fbaf0e7167d6f0d363ec7",
"sha256": "c19489e7862a221bd730c043928d408e6c6d73468eabd4823af6f76840d24b5d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "kz1048.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "7d3a05eb1819a6b8e6681c10930109b9",
"sample_size": 14072,
"sample_type": "Binary/None",
"sha1": "906abe52aed82f0b92a6eb49ac75107ba6a05ebe",
"sha256": "7edb243634918ec16ea63fc6193ef0748490b0fa02b2d75447a0568359518b27"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_idle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "bdf1565e7eb9afd5d1a06687279b49ac",
"sample_size": 1072,
"sample_type": "Binary/None",
"sha1": "4800ae11a3430796ff69db0835afe35708913f41",
"sha256": "c005cb6e258bfbe98e5adf7c8e38fcce9d642833046429da797b5e399f5ac922"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "csv.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "18f507bee42feefb49ad2b9819007a04",
"sample_size": 16632,
"sample_type": "Binary/None",
"sha1": "a94125b1b48f47c96c4759cf44989068c9d74c9b",
"sha256": "e3335eab94b890e83cb7528c17e0477a547d79cc91cfc2909b23090ea9c840d6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "operator.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "456f61450e22f9e06dada81524d4d87a",
"sample_size": 11248,
"sample_type": "Binary/None",
"sha1": "dec421328bb2ea5233a6f8275116aea310aeb02e",
"sha256": "0e1218d801db5840b384d028d1b54b8c3dbcbbd4a3c5bd200f5c0f25580b0147"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_shlex.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3be3375b1aa18e8ab306f82e4ac39310",
"sample_size": 14216,
"sample_type": "Binary/None",
"sha1": "47ed54f0537dcfa92a50380b804d185061ac2215",
"sha256": "10d97cd751634c7ce6c0f64ab8f108a5eccbc10207d696ce718cd16b1d4a58be"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "eiffel.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "428f641ee77363ff4bab3fbd88202908",
"sample_size": 4096,
"sample_type": "Binary/None",
"sha1": "898e4232f06f8b47aef01ff3672a03d10ea87a4b",
"sha256": "af9d9537a2d29494454ee776cee486acb28416c8eeb5b9b91c9f286a822c8dd7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pythonrun.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "232e9419549781cd07da0d9c6ab44ab3",
"sample_size": 7928,
"sample_type": "Binary/None",
"sha1": "4ecea3b7fe916cead3b257eceeef0e22f2bc21db",
"sha256": "5173d5da46f13a5185f98fef65c812d86479fc67f38ff4748b1e16c012b8c11b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"md5": "fbb1af8234ae7d455a41e7d168899a68",
"sample_size": 14296,
"sample_type": "Binary/None",
"sha1": "549d202daba3ef470abd2530f2230276e28144c9",
"sha256": "24cc4d3267e3429281fa0f5195e3d68e3e288eed883ca25b3e956a5b57aa0b3c"
},
{
"classification": "MALICIOUS",
"file_name": "test_pickle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "0ea9581b0d33a015f157c2cba09f8afd",
"sample_size": 19976,
"sample_type": "Binary/None",
"sha1": "76e0f893d8c97420473fa4fd986460d2f0428c65",
"sha256": "fff0ec1d24d18e364a2ad57dd167d901ac9443522f28af0ee8c3996dd16f6f60"
},
{
"classification": "MALICIOUS",
"file_name": "plistlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "35f42906126c7fe8e095a27680c2ff76",
"sample_size": 29192,
"sample_type": "Binary/None",
"sha1": "44adcb0d63d6ee4d131fbf8b53abafde94dc6e29",
"sha256": "39a5a853d1607b80647093db77995014949855a68b4349e05991e8d7fde527cf"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "fixcid.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "784de6f0a7e2e656b0226f2954b73071",
"sample_size": 10520,
"sample_type": "Binary/None",
"sha1": "37af98fbf444711019b4c8dad0d05006bd42b0c0",
"sha256": "3c98dee435faec13def58d8f24f329907672fde6311ff9db166abb0300335f1a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "Grammar.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"md5": "a65a007c963d2c51b4743b6b1a28494d",
"sample_size": 8936,
"sample_type": "Binary/None",
"sha1": "263003accdd46f055306f48c513e513947e6fd18",
"sha256": "cdff580c895d6d810a034f12cc911e79bd3c8b57c04eba6daf1729785cadf61e"
},
{
"classification": "MALICIOUS",
"file_name": "mock.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "9ae2ba358ff3c504d4979f533fad45de",
"sample_size": 102152,
"sample_type": "Binary/None",
"sha1": "873a72f86f6d542ff3e0be0e9ab041658eed5c8f",
"sha256": "fc3ae5358df9e1ed546b161ffb9a9a20096b5ccde92d1255d8b4161e8cee931c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ndbm.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"md5": "eb55b810c9919a8af2b8f7a723020c59",
"sample_size": 112,
"sample_type": "Binary/None",
"sha1": "19edbdab9b21d9a6a3e6549bff29b33e1b9af358",
"sha256": "15a8ef152162f5a836a658a1bd6b8d18748e066dc281b1b8a2ebece544898d29"
},
{
"classification": "MALICIOUS",
"file_name": "handlers.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",
"md5": "b71025ad1d5e8c1b0f52e5147621b30a",
"sample_size": 22280,
"sample_type": "Binary/None",
"sha1": "c9dff191a98c2b4f89c1039b3fff4156d83fed84",
"sha256": "35522a7d1b1a3d175a51bdb78907dc56aa3effae12225cbb3850eb4fe05937c9"
},
{
"classification": "MALICIOUS",
"file_name": "tarfile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "2025c3c3f53d4821feac543eca335f0a",
"sample_size": 97776,
"sample_type": "Binary/None",
"sha1": "adb8c2f11aa09860b0fd298dfeb83e3b690eee8c",
"sha256": "7283cb47bca324cc649ebc236b87aeb01c5f8000d2562ec538597cf089b5e4ab"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "osdefs.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "147bb6d0cb61efb4d8662f3b51eb5080",
"sample_size": 832,
"sample_type": "Binary/None",
"sha1": "89e00fdf8bdde8f81aa59b9846b58b4fdfbc36a3",
"sha256": "2c7196859729fd65a703c224dce2ef069002201e8128347b0a2d52427b28e380"
},
{
"classification": "MALICIOUS",
"file_name": "case.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "fe0c8bc641812106c52a8c717591a71c",
"sample_size": 58640,
"sample_type": "Binary/None",
"sha1": "0f9eb51d45f6be0f0cb6d56dc41384db040f71d2",
"sha256": "ac2c2d3b3de55a112db28242d6264d06f06d206856081d43cd5c71ab9d593185"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cellobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "44d432dcb10813c2c4a2981cf1b1ce78",
"sample_size": 784,
"sample_type": "Binary/None",
"sha1": "a0b388492945a77bb363452942c18343249d3785",
"sha256": "e6fe40ab6ace2063b0fa054f54125a3ce8385c39c547ca3acf9190207faf6ae4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "tracemalloc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "a1e6893c2820f121cf4fe7ca6f0587bb",
"sample_size": 18648,
"sample_type": "Binary/None",
"sha1": "aafd6ac88f5df11bfe3b2f1c40dc2e6bef81ddcc",
"sha256": "c9535daf4b02183b97d6086237c1367088be0adeb83911ffd302d988ba0e531e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "eval.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "98cdf78e94bbea864d2d6e33fcb91450",
"sample_size": 1288,
"sample_type": "Binary/None",
"sha1": "1dbbf331114cb9d0c672646a916c4174ff2f06c5",
"sha256": "b8925a659b92611f15a77cbd3bbc386d6d46ae571325d2818b3f4edca9a2506b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "6108f9e4e4d7aec582ee7a6d338c8794",
"sample_size": 1872,
"sample_type": "Binary/None",
"sha1": "98db0c1c6b2f6d77242c6ae8d8cef13edf7f4adf",
"sha256": "c9f6a8b332b4bd23b1e67502c78dbe7631ac33f7d472b77929dde5aa677d9a2d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1257.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "007ce8c277b7b74830886a1c0f6fb653",
"sample_size": 13720,
"sample_type": "Binary/None",
"sha1": "6a3042a8c0d657d6bf36d2b34a2bbe929ac86199",
"sha256": "08eb8b6f8648d7db1c7032256295ecba9761efea8628bacd65c626139a8ebf14"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "replace.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "8e680f68479554c0834f3a118272d847",
"sample_size": 10144,
"sample_type": "Binary/None",
"sha1": "51231cad7b65fee330e81f1e2a6d2c4616f76457",
"sha256": "66953a4bb442476b68b308231ba7eb6be38ed3b7534a9a0890a4181b736bfb37"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_common.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\zoneinfo",
"md5": "d4494a7c5b6511f43edaca16d44ba133",
"sample_size": 5528,
"sample_type": "Binary/None",
"sha1": "90b5d1a1996ab126cfb4c0c948653fc15e019c64",
"sha256": "66cd9802d30e435b734f444b66655b34052d9ded98d769a8df2fb0b80e68989c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_slice.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "569f76a5c3e709464022d22e272889ee",
"sample_size": 8744,
"sample_type": "Binary/None",
"sha1": "56426d38f3bf485f6414198f91063e92e9e53413",
"sha256": "7d74e39d40e666374cbcf193fa3437ea61e85002bde8ae27c5cb7bda8cf9ac93"
},
{
"classification": "MALICIOUS",
"file_name": "ast.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "21be9ad49cbab31bce530ae611676db8",
"sample_size": 57816,
"sample_type": "Binary/None",
"sha1": "f2c7ebc41bc02a0e64a75e14f6af0dfce535f8a5",
"sha256": "37303936a6ecd34b08c3a85b4ddd330ca5993917f5f74b8448db66cb8ce679e7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_wave.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "62bd3bff519f8350c668e198b952a02c",
"sample_size": 6904,
"sample_type": "Binary/None",
"sha1": "0715e75f8b2a03d077c926c3a14b60482994e813",
"sha256": "71a42747d4341bea19fe1b46c0eaaf2e519642cdf463cca492b71631c838ec6f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "string.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "95721cb5004e7aa8f53edf36ec21ac0f",
"sample_size": 10888,
"sample_type": "Binary/None",
"sha1": "b94d0c84b67ca661c313c498afb072140086fd86",
"sha256": "a1e9dcbea07812aa7de6871301bfa08ad13aeb56be87fef0e01ca07b9630c405"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pystrcmp.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "ae2f6f4333fbca051f2394d7f5f85e02",
"sample_size": 496,
"sample_type": "Binary/None",
"sha1": "7b3adad73f1f758b31369ffa5f3b251c5b3afcc1",
"sha256": "7203884875f33c890f3d17dd20ae2d3566bb020689c9d83429687dfe836123ab"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_endian.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"md5": "45a53aadf7c0c0626082b8dd4bb46e37",
"sample_size": 2104,
"sample_type": "Binary/None",
"sha1": "b5fa6c42bf0109bca6237ecf943e8a46bd6f2e91",
"sha256": "2721d4865ebe0cfb24edc2279b717d0b2ddcd1d5aaf624db492e27e13398e6e7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "queue.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "bcc03246744b38e7a0f73300c1f42870",
"sample_size": 11864,
"sample_type": "Binary/None",
"sha1": "adb2615f7ef1b39f6bfd89397c6ae751167c81a9",
"sha256": "445df1e324dfe5f7c700997d917d6e9557be38152b2e3f5efe2d756dc3445801"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_popen.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "26b6a9e8c77222de31e32551f25cf721",
"sample_size": 2160,
"sample_type": "Binary/None",
"sha1": "729c819b73b73b64de6150e30b42a4cb48e01a91",
"sha256": "21b9c41229eccee417565cce40b8f3341a9fea153ebca77bf7ba5f11227558f0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "listobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "d98e418bff0a138e2ede1d55954f49e2",
"sample_size": 1872,
"sample_type": "Binary/None",
"sha1": "ebd52182215f21aebd3fbe16d9ff741ca0fce936",
"sha256": "5bea23779b2c59220cde0cb273d97b79248b6e7cc4c8ba56c324c9579d93f6cd"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_wait4.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "7d560d245d5104bef367780d4bb70dbc",
"sample_size": 1272,
"sample_type": "Binary/None",
"sha1": "168db583d9380e68d24f28ecbda9e1bc91d6cdc7",
"sha256": "4dafd3c907c25e79098eca1bf92edef0d1d6a97f9f46229759c6eac64aac3260"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "tabnanny.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "347b82b2847137e546b503e01a1ce36e",
"sample_size": 11784,
"sample_type": "Binary/None",
"sha1": "46df1885168b384e4719a4feeb04f2cb800055c3",
"sha256": "7102a59f6c2a240d8fde7a18a8e83e6fe4893a9e9e621be9aa4b31ea710552b5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ceval.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "53cc7b7ebe1b9438c5c076c258d4a91f",
"sample_size": 6160,
"sample_type": "Binary/None",
"sha1": "13466c2a9bfc43ce832c4f227e8e4b9a801dcbe7",
"sha256": "177e80eed57511319fa8b1a7dbf9dccc17991005674ce6311efde21124d9d1cc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "filecmp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "6b296832b511dca2d3872bc3b4a04af8",
"sample_size": 10376,
"sample_type": "Binary/None",
"sha1": "e4ea237e95fd6d50207837aff3608d8e698e9b13",
"sha256": "ada29e694d2da6f848e9ed0b6844d441a1d020076fdc6cbef1411101867d832e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_pipes.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "cfe9b01c2ca47877537907764b3a6cfd",
"sample_size": 6952,
"sample_type": "Binary/None",
"sha1": "27d009ce9863cb81aba14b569b4b97cb16bf296e",
"sha256": "8d1154f7e9f94aca5296e6109e79c41bb589648e9292f12451ad9e1b4d5b70c6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "rot_13.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "84b2595bb47d92bf3aa0502f453d08db",
"sample_size": 2600,
"sample_type": "Binary/None",
"sha1": "b8d1ab8cf5c905dd85e01a3bf655f5006254251d",
"sha256": "fa933dc25a340ff61eae7f48ea6d0d4dc3266f6b7ddd9cae71522fac0e16e260"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",
"md5": "dbaadc0b2a6f529a20ebe1f817bd112b",
"sample_size": 15440,
"sample_type": "Binary/None",
"sha1": "62227329a3fd2bcd6f60ef1f5a1159becdca795a",
"sha256": "c7b8b96d086f8a85cf1aff6006e1c81cdd32f109d3f4016ebb4d2bd85ab724c6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_pstats.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "913857301f85d49a5fa983bbccb48870",
"sample_size": 3784,
"sample_type": "Binary/None",
"sha1": "ea1472efb0e126b72229b3203e919cd6edaad04d",
"sha256": "c7936ce1bc3d8dd6d4403f3502dad12e048cc9b328864d6d994f9ceb8b99db38"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "symtable.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "93b677a3471b1e0556743eb3850bc5c6",
"sample_size": 5472,
"sample_type": "Binary/None",
"sha1": "4f042f89eab4235d886d14a744551818aa062ce5",
"sha256": "c9f628c1a8b089c0edfa49d2fb87ede13d5ed903f3425d15662add850dbf3049"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "decoder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json",
"md5": "d9d8ee040854d1541b1902694c78770b",
"sample_size": 12872,
"sample_type": "Binary/None",
"sha1": "77635994701cfcd5ded2736abc41f0fb332a8fbe",
"sha256": "37a3fae51f8c628e28043607c5a55a19651dfcfcbcf05867fc81909d70576f21"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "panel.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"md5": "b407b84fe419a3e623f3c345fc32c7b9",
"sample_size": 136,
"sample_type": "Binary/None",
"sha1": "353c56f782198e0431bf1750fc16e5c6c473fcbd",
"sha256": "2eba029733b728e685915b99bc54c017f70278342f2c85b0174a83fbc1897c89"
},
{
"classification": "MALICIOUS",
"file_name": "debugger.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "801973c054e4684cd39dac1ebeda5093",
"sample_size": 19696,
"sample_type": "Binary/None",
"sha1": "dbf4762979aa891ecbf07b15ac194e948f97ce42",
"sha256": "14a2389af8bbf686ba9e68fbbb64338bb9c7a5150ba8bbdb1195d1b8c793fab0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_thread.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ef25b439c9374b85aa6a31938922a716",
"sample_size": 8936,
"sample_type": "Binary/None",
"sha1": "61b6f2989df64e0061f1c4632517853e539ef8e7",
"sha256": "f35d267ce86ae3c7af2c48c0a2a92ee1baf62bc423e67ca7b257bc0220fb2b45"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pymath.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "3d66b0d6c2412c38c274096f7e6e3580",
"sample_size": 8856,
"sample_type": "Binary/None",
"sha1": "54112bd964ca4b01f30d001ea235d501edadf888",
"sha256": "96d5401e38762acbac297d8ea34ade3a0b9f1b36f887bce65cf54e7a3b562ba4"
},
{
"classification": "MALICIOUS",
"file_name": "header.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "ee29df90f4eb62411922f426058c528f",
"sample_size": 24720,
"sample_type": "Binary/None",
"sha1": "2fd1fcca743851036653307068db66bc042b3393",
"sha256": "179f22c0554c488993758edc819f1098db91909087a6537ca2a2ca14b71f3923"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "base64.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "0631e66a08401f6fd8919e0722a23260",
"sample_size": 20480,
"sample_type": "Binary/None",
"sha1": "4127bf098fe896d591c7d431f9abc5579969d1b8",
"sha256": "c937d294cabda9321bd037fe505d1458a980003d595842d0c010159893543366"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_dbm.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "00b04cb11a54050d0bded60b7fd7d645",
"sample_size": 6456,
"sample_type": "Binary/None",
"sha1": "ca0c405a34f122f6a7f4d7e103597b4a3a139ba8",
"sha256": "a690e5ce7c6a903eaa056ddf3c0631fa45ce43b8f5c0736666cea9e57775aa93"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "766da2c6798b190b7d963cd07894980d",
"sample_size": 448,
"sample_type": "Binary/None",
"sha1": "c258e3482c6d5738bbc25441e9fd2ca8430a05d5",
"sha256": "9eab7412cd335f727689709ec1ada8e9d259194719ae4b80dadaaae2abb740bb"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "koi8_u.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "fbd6073090e688339a45a6a99ea2c26e",
"sample_size": 14112,
"sample_type": "Binary/None",
"sha1": "934303939601a9f26de5ac62ce5d3f3b81fc2731",
"sha256": "079feb31b7e34b1f9677cd84cdae88c044fd53b7d1b3f93ad91c1455cf98b85f"
},
{
"classification": "MALICIOUS",
"file_name": "profile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "e8a1bba7eebf72a968ab8c71e1d056de",
"sample_size": 23520,
"sample_type": "Binary/None",
"sha1": "b8ab5269b04efb0edd6d75aa4929c855ab694a56",
"sha256": "97ed5eb0d33671b7efeefb85d22375aa14893dcae94e04a7f853723c7674ce0e"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "glob.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "cfc2c957dc972f8392853f6113a085dd",
"sample_size": 6040,
"sample_type": "Binary/None",
"sha1": "9f73967fce9dfd1906cbc804a37b72c3c75a1c1f",
"sha256": "83b2ed1e5af2c7d0202b70a676348164661aa34072543a784b49ed51b8c3e084"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "koi8_r.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "c8ab92a8312e64a642620626efb2f4b7",
"sample_size": 14128,
"sample_type": "Binary/None",
"sha1": "893a7c7b59bd00a22f639dc7b17d4759389d1071",
"sha256": "955cfda1b6c1a463561c56ccefadd673cdfcf0b859532d717c0f64b9f6a1417a"
},
{
"classification": "MALICIOUS",
"file_name": "test_tuple.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "57f43d7f96a9ba6ffde4cea81fc6ac16",
"sample_size": 19832,
"sample_type": "Binary/None",
"sha1": "5bb9aeb54eaebb67525a0372244a7bb1d866264b",
"sha256": "20d99f61eb0fe3c28cc375c25cda6a75e5a30e0a10975f58c0209b529768a32b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "structmember.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "17d5f8cc649e2838909c26a435b909f2",
"sample_size": 2144,
"sample_type": "Binary/None",
"sha1": "efd24571f96b7b86c0a9c08872e9009fc54b3c05",
"sha256": "c71f620efcf56e0cafd3a9576fc77f009ea76aba7f0e98da6f70720ed6c1b60a"
},
{
"classification": "MALICIOUS",
"file_name": "cp437.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "c23de8e3508bb0145ced4e409cbb2e00",
"sample_size": 35304,
"sample_type": "Binary/None",
"sha1": "8362d6685b633f5e73e7ca048b074d00df31219e",
"sha256": "77e3338746a7b3b1899797c0bb34b9d5d6ef962c648a2d7eff235b076d45e774"
},
{
"classification": "MALICIOUS",
"file_name": "test_float.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c7dbfb93418f3df543e8359979169ff7",
"sample_size": 68608,
"sample_type": "Binary/None",
"sha1": "1987cb19a8057dfc459d70cac9ea0b7357c0aff0",
"sha256": "ce332a9270fe920175eebd155ad9187f89839548522a83ee83a8b3afebd32bac"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "lzma.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "071995617f04c552dc0aeca952da8517",
"sample_size": 13624,
"sample_type": "Binary/None",
"sha1": "b6a63d0846e187339d1f42294227622f64a9fe0a",
"sha256": "25d9ab8fa8b261e74a890195ef8e7e9480af1f412a23919192ca9556f9c39dc5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_poplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "61c510f0af2d4cae0238de0a987a1109",
"sample_size": 18352,
"sample_type": "Binary/None",
"sha1": "894720bee7de0186445617e662be7fc890893472",
"sha256": "8c4d559f617adb83bcb40d93d841f11b34b619ba721f4ca842f98f6f1bdbd56a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "redemo.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "14bd7d7719b86ff0bb30118ec9c0a67b",
"sample_size": 5960,
"sample_type": "Binary/None",
"sha1": "f45bd83bc0f1e6ae51a377cf2e54de2a3427a963",
"sha256": "ee9ee581f3a1f2a08172a68def910d6a266f6ecd1dd79b07a3878e366aba7298"
},
{
"classification": "MALICIOUS",
"file_name": "test_copy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "620073c56def16c3b96967d221f00b51",
"sample_size": 27552,
"sample_type": "Binary/None",
"sha1": "9f234e5b676896201c686165705a4fd53ed6a757",
"sha256": "bcd329f5932884b51af9bdda9a96584c63ef278a4c4a2d20871510f395ba9229"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "6aef86385eb595f3ec4505e72ecf0360",
"sample_size": 88,
"sample_type": "Binary/None",
"sha1": "592547a9b3e1ec7d4444e54e2a25b20c28b31d56",
"sha256": "0535510eda7b8edd4c128f8c35b5e391b0034538999b8074fb21c7558d6eb680"
},
{
"classification": "MALICIOUS",
"file_name": "posixpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "6558fd4cc6a546eac0108939b1c74a4e",
"sample_size": 16288,
"sample_type": "Binary/None",
"sha1": "9e5160b0616afd097833e1a67470b34b1c932887",
"sha256": "befe7af1c70807efe190f278d561a42162aedd4d5e62d6b417a0c8ab2a84e7a3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "clock.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",
"md5": "72aff96b317a0b85e1e47bf3343489ea",
"sample_size": 3376,
"sample_type": "Binary/None",
"sha1": "0551beebc3d5511dcd6107e2bbc68c58136080fe",
"sha256": "f35f5f00cc0c88dfbc98646b8c23d45be897383a639757090979ad4f3e60d2bd"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ndiff.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "d2d0a62e7821de3ad17f0777d4541f79",
"sample_size": 3992,
"sample_type": "Binary/None",
"sha1": "198d2484fdd46e9724ba0fcc0b83040b9207d991",
"sha256": "bf778aee2f97f0d1102b350f48ad89e5735159efec54049746e3b5cf475a1fe7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "mailcap.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "74624605edb8c62732c3e368a83f3c75",
"sample_size": 8472,
"sample_type": "Binary/None",
"sha1": "521908d933ad77e3888491cf94d49352fd4ee1bf",
"sha256": "94e35986b8623d4c4eca21d13746b0a7c4757b6e80cf64d88e5aff164de520af"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "google.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "cee5028dffa1d03e92e5b2b3946490e5",
"sample_size": 568,
"sample_type": "Binary/None",
"sha1": "6665a43dbeb3acf28726b16c175d811bb6b26dfe",
"sha256": "6c317ceee06a7f11e9121a6681a9c227c1a4b243bbf949748d6ae04d5e68655b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "imghdr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "364830de676b260f64bf37ad4859dee0",
"sample_size": 4016,
"sample_type": "Binary/None",
"sha1": "dd920d8c06a92b7dd07d05d5de3b7d6ea2dd49c6",
"sha256": "8cb30fcfd58a6b7f030fe9b4f0868172bc39058bbd8e0fcde11905c41acf7f22"
},
{
"classification": "MALICIOUS",
"file_name": "ttk.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",
"md5": "8f34267757d882632d6fcb5ba2714ffb",
"sample_size": 58840,
"sample_type": "Binary/None",
"sha1": "32d182adea22b8792221a203515496c09573553d",
"sha256": "92e8c2f1653e6da58851c602511135ee38083bdcc32cce839b26fbbe070c31c7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "gbk.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "7a237c8f8dcf9f613eb1abe11d01a1a9",
"sample_size": 1096,
"sample_type": "Binary/None",
"sha1": "308291588246ccc1a94c5a647486d0e6eda9194b",
"sha256": "fb55c866619ce82abd07dde2b0dde759867eb6e5495066242cd9900008c3d49f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "structseq.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "b434f8c6536a58315a68e41acdf37f53",
"sample_size": 1480,
"sample_type": "Binary/None",
"sha1": "ae1316981b93d18f6b3498d76e66728608a05e40",
"sha256": "c93680ae4d27dc538fd1892fc0bb2fcafda9018d40cad8dbdb7fe466501d78ca"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "audit-tests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "7c9f3e6fb2a6fc4c6efd468c84faf37a",
"sample_size": 10352,
"sample_type": "Binary/None",
"sha1": "c1b71a88b341c38c3b70b178d420145b0bea6c98",
"sha256": "6828086d3228ca2d44d3e8ef9969f590089fccd5abbf0d574854e738f7d9a917"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "fnmatch.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "4d091b8a5e7639e496dfe0f0a59216cd",
"sample_size": 6224,
"sample_type": "Binary/None",
"sha1": "4191d80475a399778771f8612037e2d345fa940a",
"sha256": "f3b6f4f1d555352fb7e4e03d4519f0fe96e77b4ff6233ad52c4c99cd34c6ce10"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "queens.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "6974f8549cee36704585acf09cdba9ba",
"sample_size": 2392,
"sample_type": "Binary/None",
"sha1": "cc79324f56e2a0923d21a3ac192a6c48c6033730",
"sha256": "fcd12d593d051494a559f46bd53e7f72dea5bb834a8697aee400beba6d924a7a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "quoprimime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "fd490a5b38b0a3a0c73ed2d1e8041b4e",
"sample_size": 10200,
"sample_type": "MZ/DOS",
"sha1": "6a099d1b9e8fb88bd4296cc384f3addb8d3d9df8",
"sha256": "a5c6d72f7c69becb278753abb87c06d7a74b56aaa06ae8aa59439a221e6fde4c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_codeop.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "e0bd2f349e09fe50241ca4e57567648b",
"sample_size": 8816,
"sample_type": "Binary/None",
"sha1": "f090549f923ad65f1e3960d8d65f41164aeae669",
"sha256": "03b9540d29240c42b42d24ed99f7c3af6da243fca5cd95fc38f145545afef709"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "patchlevel.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "d1ce3c47010e059d54ac797b058afb2b",
"sample_size": 1376,
"sample_type": "Binary/None",
"sha1": "abe19bb7ca869400031623a72d9f00dd2078c446",
"sha256": "382017c73c824badd623f3b6e63898852cfaafb797ddc490a514ff72485ae1ce"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "codeop.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "1932c60a57decaf1f915a5bce00fa37e",
"sample_size": 6544,
"sample_type": "Binary/None",
"sha1": "55e4f1e5bff75d05db1f37b546ffb4b0eef40c8c",
"sha256": "21e043e74ffe2d69905d36c91e126e82cd461d3bea29cdab046b3e1e62773b67"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_crypt.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "0cfaa91f08222757e5f5dc30da85c266",
"sample_size": 4392,
"sample_type": "Binary/None",
"sha1": "0aab8ce6cc23249875c30fb05c3dcb4dea953122",
"sha256": "5b68eee8549f4ade6783b72512ad0c1e0e824a77b28381df88641ea00efa8dab"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "code.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"md5": "ed831fea262d534bf28f8dd3f3466f64",
"sample_size": 7192,
"sample_type": "Binary/None",
"sha1": "4437fc239f27a97a49f84fbab1e4f2773f9304d7",
"sha256": "8dd4b1759a29553c870d43f7283091132688e34a94591d45b03408c9c6c2877a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pyhash.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "9a08377d25ef15fec3158ea12b8f6f15",
"sample_size": 4448,
"sample_type": "Binary/None",
"sha1": "d5f04638044b60af265ac7fff93fa5f84c2cb8ee",
"sha256": "a97038bb1ce3ee27694a2530fdc4e0fc9ccdc1f94c42a1f66b2a25e7c25c1fb6"
},
{
"classification": "MALICIOUS",
"file_name": "random.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "3491d1842035db52ba57f94a3037be59",
"sample_size": 32416,
"sample_type": "Binary/None",
"sha1": "6c5c6c6cbf166ec5ce5f72767fd62082d00fdd01",
"sha256": "d1215dc08bf0df8fc9bf8da9e0c79f1c751465330711c8466abf96e0bddb5dd5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",
"md5": "a2f668c46fa323da7b05b86c793a2561",
"sample_size": 4928,
"sample_type": "Binary/None",
"sha1": "5dfd4482da5f3e3e16e2cd2c35e84cc2c50fbd6a",
"sha256": "9c6fd3b109a6b8cc7993c802a87058d40d40e45681cd2d618f7b9326af2c57da"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "zipapp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "149906e70db72e066109d9daa7514cb4",
"sample_size": 7784,
"sample_type": "Binary/None",
"sha1": "a8116e4dacdc047a9408fd63615972fe8f6fcb8f",
"sha256": "07e0247f142e83db698a8c2e6826e7310e472b29af091780e0dd3ebe355f7fdb"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "squeezer.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "32e91f701e2e59e2f61aad16a6bc6ff7",
"sample_size": 13208,
"sample_type": "Binary/None",
"sha1": "5aac3d963583ecbfb6902ffe3e2aa2a9343af432",
"sha256": "97b9baf99e66029b34e013e2226a51ba832f1eeaa859834845acafa1f33bf6b5"
},
{
"classification": "MALICIOUS",
"file_name": "smtpd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "88cd50b900d9239f757f64f9d81760a0",
"sample_size": 35832,
"sample_type": "Binary/None",
"sha1": "07dc8362ffeac7ad509274eda4cba997497acd0c",
"sha256": "6b5696f5ec2c5eeedc971d81261e79d0f6e25146527a4fa00e30947036d8018a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_netrc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ff6eaee08880602f0a9aed3d6bd4a137",
"sample_size": 6312,
"sample_type": "Binary/None",
"sha1": "da14205e9128096abb0d5f12ca10b2428720d1bc",
"sha256": "274074b2bc77acdc77b22073aad9b11898640bdc89c40b8f5da6cc21f83c67e4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_sched.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "8df06e1927b3537f53d67680a5801a3c",
"sample_size": 6784,
"sample_type": "Binary/None",
"sha1": "34ca597d71064b399a6094721cdd71d8695ece2c",
"sha256": "800d46caa1ba07312a3fbda5cdf73a2959bc2ac5134069615d2df9f7e4f97e78"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "xdrlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "504838e547453c6649866cfde5c4d5a7",
"sample_size": 6192,
"sample_type": "Binary/None",
"sha1": "5de7e5a06175fbd98ab9475e9af72e47c0bad2ba",
"sha256": "c9fbe3e69db1424c8ad6a22500e30d0eb341465dc423718eca82e957010cfc83"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "Main.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\pynche",
"md5": "ed751f4f4d850e1fb638975ee784e354",
"sample_size": 6672,
"sample_type": "Binary/None",
"sha1": "67615b3d30f9a10338acfd62e3c5300c1c13801b",
"sha256": "f0948f6bff49620c428bc4da338695850971acb73d0466d494f23bf622863820"
},
{
"classification": "MALICIOUS",
"file_name": "cp869.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "aaa4f6246bccc7ed38711a30662f580a",
"sample_size": 33696,
"sample_type": "Binary/None",
"sha1": "848188498fe3137fbbbcc12c9cc29018d97d2c01",
"sha256": "740884bee1b290854202379582ea573daae0974e4530a2cf2523d772b024a976"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pyerrors.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "86c71f4c87b5bec9c1b56bd0ccd68916",
"sample_size": 12792,
"sample_type": "Binary/None",
"sha1": "1cf1b0965cc758fde9217a614ec44f371627e406",
"sha256": "4b5085c966be042bb5bbc99b9e9fed828f6cc28717c70d6e8735635c04c8236e"
},
{
"classification": "MALICIOUS",
"file_name": "re_tests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "5106ea12b22aa392c7db5a2c963aa2e4",
"sample_size": 27160,
"sample_type": "Binary/None",
"sha1": "9e207fa50c104c80c724ec7cc95767fb88615a1d",
"sha256": "8149f247b4579efcae2d224838ac47f7023a351bf566437b7588ae45fe505145"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "final_b.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3197358f6acaace84db86b8e9fce121e",
"sample_size": 472,
"sample_type": "Binary/None",
"sha1": "3fb86986def0db21b68d549985925b323f373400",
"sha256": "cc1c6b9e250feabb2a3ec2c19372452cc6ddd4389934ff0460cc77b440a7bdb7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_bootsubprocess.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "9f0dc23a9196287e2f3559845313c588",
"sample_size": 2816,
"sample_type": "Binary/None",
"sha1": "d309396b6e15557dfe3cb290fef0f50fa38591bf",
"sha256": "c3ec08669e001639fec3fc025ac42d96e007353d985ffae46fc7455d78b4591f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pty.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "1ce8828ff8b743f3c21bec299acf0d02",
"sample_size": 5016,
"sample_type": "Binary/None",
"sha1": "7ae15e4c8a839226f4df0a648e6afdf891da7855",
"sha256": "50569aaebd389736f7588d8e37ddb777742924955c8e682d1085bfa09413a2e0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "sunau.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "a6cdb6264ebeb72bf00361152bb2f9f9",
"sample_size": 18728,
"sample_type": "Binary/None",
"sha1": "6f407d34b4c0414861cb71f71859deb7fc2f057c",
"sha256": "5e63963b0d3a52e09611346fd4a492e888c3f8b5a99df5d4057d17fb30472639"
},
{
"classification": "MALICIOUS",
"file_name": "shutil.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "54691644e071d127fca331f0525ae5e8",
"sample_size": 54280,
"sample_type": "Binary/None",
"sha1": "dd2b1771cd6894e50208b15a4f6d27b347b4cbe7",
"sha256": "a7c0831be1580d458709592db853446b5fef59df5655442a1fc54412beaa9ea8"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__main__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"md5": "bf7a8a06c645cb3eefe3d05933e3b37b",
"sample_size": 112,
"sample_type": "Binary/None",
"sha1": "4dd79669b0687e3863ee0448c0401a875ead46d8",
"sha256": "64c17d2a470952f6c44026473812299cafedeedde21916a05d51307286a8bd8e"
},
{
"classification": "MALICIOUS",
"file_name": "ftplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "c3c81779734d71270dedee55ef8ab7f2",
"sample_size": 36520,
"sample_type": "Binary/None",
"sha1": "ff28427bfff901e5f3576e4353a89f50bdd582bc",
"sha256": "c4b1896e3cd13cf6070d238fb3edf9236b0b4313176142f2465d5049481eb048"
},
{
"classification": "MALICIOUS",
"file_name": "test_format.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "654317c8954632a348a2180d9083d75f",
"sample_size": 25040,
"sample_type": "Binary/None",
"sha1": "28aa1580c07a0cbaf090b19b0b148f1408392ded",
"sha256": "c54b0b6094c6804e4f68d76e7b458934d5194f78226e7e1f95e9d008a0b4c8e2"
},
{
"classification": "MALICIOUS",
"file_name": "fractions.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "15221724e7924a4958fc7248e1331f9b",
"sample_size": 25008,
"sample_type": "Binary/None",
"sha1": "1eb4c8c91edf96679747c0772de1d53eede004ed",
"sha256": "af16e688d13302a7782d56ed4f9d77ba0ed736e645fa52388674473cf507ecc7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
"md5": "4226b724dcdddd8aa43db19b985e9d68",
"sample_size": 384,
"sample_type": "Binary/None",
"sha1": "4f0b217f37ec4a5a91fc56e4e493cc4575605915",
"sha256": "017c8faa6a646c27576c92a46ce875e30db2c3b5d013dee7de8a730731fb11cc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pyclbr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "58015ed3998014838a00cf118dbbe264",
"sample_size": 15696,
"sample_type": "Binary/None",
"sha1": "893172a10618e344663f82a2bb528a6f6853cc7c",
"sha256": "df8bfcf5dde08ef7b0b457c07bf9e6046525955fc3e44b4ec14049f339ae2030"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "parser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "7eff848eb316738239024ca16b99c0c8",
"sample_size": 5216,
"sample_type": "Binary/None",
"sha1": "7679c13a9ca95ded2ef91800d33067a6ed39d141",
"sha256": "c545645b60c322525a48268e70c35b5dfa92dd0eab2f9b3e9d03da68a64d1465"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "util.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib",
"md5": "717e8c30d0c68d29cf64ba3f5880bd93",
"sample_size": 11664,
"sample_type": "Binary/None",
"sha1": "7479c793151153915b7d897bc556922fb178a1db",
"sha256": "41a5fd197a713fd3b37537d821d59396308408d1fc0ad74068573f20f1ae1083"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "zzdummy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "ae706df91aa4fcd5ade1775448dfe33a",
"sample_size": 2120,
"sample_type": "Binary/None",
"sha1": "a8adadad9c576055f7720efb6e9b196de39f5b47",
"sha256": "f59665c0b7c90b558b7024f2914ae161960a0f902440f92478fed8e2cbb8a069"
},
{
"classification": "MALICIOUS",
"file_name": "cp860.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "232b7d61b2727b2cf1fd12e89da2f0b8",
"sample_size": 35416,
"sample_type": "Binary/None",
"sha1": "a6cf2d3e7622306c3b645216a8a572cc8a984745",
"sha256": "d13d74edf5ec21ae7d3c43b73b6080e64a17ae0f868b430981289602f41c3f95"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "sre_constants.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "9458f5cbc647966279c2c7cc013b35c6",
"sample_size": 7480,
"sample_type": "Binary/None",
"sha1": "633fb5fd94a4b512c4163a3f7bbbf36d0acbb6e6",
"sha256": "f5a99b350ba2fff84eb56233449722fcd8772d9b6cadeaa211d8699b582c1d8c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_errno.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "d6ca8b00eb8d672e2f4153aca5f6bd9f",
"sample_size": 1144,
"sample_type": "Binary/None",
"sha1": "a59f9acb4b68e0450e23ade1bf772b8238f440f6",
"sha256": "9894486dc1a36e698e8f8674316f37115b7dee73ff70af9152d7034b39714a5f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "bltinmodule.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "47c853b05d08af5f7e7af8aa0e6b89e1",
"sample_size": 320,
"sample_type": "Binary/None",
"sha1": "3c08ae9dbdf8cfe5f35a11213949e4dc61213ac8",
"sha256": "1ed3ff6171a472d18d114d7ccac52406b92d24ee5f90459a5406473f900d2144"
},
{
"classification": "MALICIOUS",
"file_name": "test_tcl.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "2716e04cd0d83c5e6f3457e9e0df2975",
"sample_size": 32864,
"sample_type": "Binary/None",
"sha1": "4a6c0f36a937d51428d326d7be7a3baec6c4e846",
"sha256": "53e3b03d6f83a6c57bcdd316cb8ea4f2994ad2987339a3cfea150a63d487359d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "encoders.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "489eb892a32a599319e3ec162e7d31da",
"sample_size": 1896,
"sample_type": "Binary/None",
"sha1": "5acb5ef7aef1721180b1cbf4d63a8cdc1f68bb00",
"sha256": "336533773b0345a319499e023afac893a3df088d20c2db0ad0d94f6208b3006c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "idna.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "56400328c970672e89df5279f5f00edc",
"sample_size": 9520,
"sample_type": "Binary/None",
"sha1": "0e77e068f11bb9cf62e298d05b19bafbad583b8e",
"sha256": "b02891317f53b6fbf724dc2eab4128992c5aea10af1d079ddcdf85f8c3dc6558"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ssl_key.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "63c9974cc22ec4d79645249f75788e4f",
"sample_size": 2568,
"sample_type": "Binary/None",
"sha1": "071b9154f8b0b0dad5c1f5b01867b0d6945bb98d",
"sha256": "390b8abfddccdff2bac105bb1edeb958bd893a7de191a69087d56d6728dc0997"
},
{
"classification": "MALICIOUS",
"file_name": "uuid.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "71730a1aaf15f4d4185d40ac0032010b",
"sample_size": 28096,
"sample_type": "Binary/None",
"sha1": "9fa7f3bbd57908acee11a0f949b1ec9773d07496",
"sha256": "399d11a2c84598a683458f0bbdd62e9ec3cb2330d4685d50df79e2b720108380"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_sitebuiltins.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "7dfa800c9f0b9e48a689d8a4df55a8a8",
"sample_size": 3256,
"sample_type": "Binary/None",
"sha1": "abab6ca1986575339ba3b51b21526ee03529ddc7",
"sha256": "b927b53a8cc6af8a2fe81ca9bbaeade4a70364f16c7a8a0fdd804306af8be293"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "genobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "fa868e96f093aa8c10b94528c7d49fc7",
"sample_size": 3664,
"sample_type": "Binary/None",
"sha1": "19daad26b714e573fa9f9863c1bf24a7865ed559",
"sha256": "9b279c00d0b4717c1bd597bdd75cfa60efb6984ce36301e5da0171018cffe438"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "utf_32.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "fc285c2cf2c0418e51bb972a15f7ccb8",
"sample_size": 5320,
"sample_type": "Binary/None",
"sha1": "d56ba7c5617a1e942f502d17cee188d5109bd4f7",
"sha256": "902f2b626e479983e3df2f367e51391a2da8fa5b980df474a41fc242c59e8683"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "textpad.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"md5": "29de496cd66b27f3e793f59d8ffcc763",
"sample_size": 7896,
"sample_type": "Binary/None",
"sha1": "366d6e1f52af1b9a6a155119d030a00564bd461d",
"sha256": "3019e40c6464b6df2b6bad041075d0e1d7791ce8dead806279b4772e7712a24c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "reperf.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "29fc5437a588720d580daf425beb70f5",
"sample_size": 600,
"sample_type": "Binary/None",
"sha1": "f17c3ff5555f3ee309a5b4ac6586f8ace57315ce",
"sha256": "5fbcbbc68acda85e4109a8dac251ceefec5a103b188fa91d0043e96bf590785d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "keycert2.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "9f7b3d895af5be16092f93a5c6518297",
"sample_size": 4184,
"sample_type": "Binary/None",
"sha1": "9ddabbc95956e9b301716cd60efb5e0f183ee0bc",
"sha256": "b3158d805c42cd9bd62e9f6ce1984247d1def84e85a06a85579f6043ed101d5a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "frameobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "81d9d4ccc40a8563bc7bac4b5e7b1a37",
"sample_size": 400,
"sample_type": "Binary/None",
"sha1": "7588e52729653d15a6512278812c036588761338",
"sha256": "9a45674769e29bfd20f075d035718784b5876c0e20d8df2b0334f0fa29369d53"
},
{
"classification": "MALICIOUS",
"file_name": "pprint.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "fe9e2147cdac3cfe73f0234eb67fc28b",
"sample_size": 23208,
"sample_type": "Binary/None",
"sha1": "33ca47f36063839ca6571fb23163a7c8cd90e21a",
"sha256": "1919a0fa9585d49ba7867f96c30115c5c9b932b1973af8901546a74508616e0b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "fa48130888c03243bb703187ff31f948.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig",
"md5": "51635f7091b4a6337aff17a3cc75c7c3",
"sample_size": 2168,
"sample_type": "Binary/None",
"sha1": "aee92b43f1271af29d25282feb8a9f6d3686fc33",
"sha256": "62670bc96a53ccdcbdc85024997312be5b4f3a1160becc071b929db322730e0f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "fixps.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "b026c106e2fce51247c9a299fd51e50a",
"sample_size": 960,
"sample_type": "Binary/None",
"sha1": "3c43dc44e66dbc1038fb5f632d30b04142697ca2",
"sha256": "02e47fdf58a00cc701bfb9fe735b45af2fae7c0ae72c268d6643148700e22a02"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "suff.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "045f6b57e0da830424437ba4c3383e0d",
"sample_size": 576,
"sample_type": "Binary/None",
"sha1": "aefdb2c14b822c5f35836900cf0fa38de5ec1d95",
"sha256": "a38c64ad9231301917549810f894c06192238876ba573dd39af1f99622de3c4a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "bytesobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "b84c76eb4a3c1f5ed3075ce281781b87",
"sample_size": 3168,
"sample_type": "Binary/None",
"sha1": "39b30d3971ef8b0dfec314ce0e6903a41d7860fe",
"sha256": "9c724e8e530046f9ffd0cf479a6b9765450d35395211cce1923e2705afecb464"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "bz2.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "add98fd118be288e1f7d6b6737476dc3",
"sample_size": 12848,
"sample_type": "Binary/None",
"sha1": "2da676894d0a1cd51cd0ad93ffd20b2b9ad9a9f6",
"sha256": "e669fa3fe7a4ac5e23ae19b6eb60180f7fe7ac8daa7d09a3f079c7af0fef1bda"
},
{
"classification": "MALICIOUS",
"file_name": "test_gc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "e2d8065f65b277651b1c2dad3e5e5137",
"sample_size": 48392,
"sample_type": "Binary/None",
"sha1": "15b42dfb5705fdd45e949a9f62245dd0f8cb0673",
"sha256": "b2ecdc5e5c2e56154a3e0221b8fd06862967d3586b1762de4123a07f05c1ec90"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_tk.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "aae98fcd462195c898e94815be55e472",
"sample_size": 560,
"sample_type": "Binary/None",
"sha1": "8e28e44aa9ef6363230f659be2c36864f334b82e",
"sha256": "f9b78ed491e72c99a1219695d1d6ea29314de652f46ef00f2f645be60bf0d516"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_stat.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "cca5bafb869fd1cc3c06dd7aac10f897",
"sample_size": 8776,
"sample_type": "Binary/None",
"sha1": "b1e1bd0c52b5440c4574228da8e0e2dbc0afdaaf",
"sha256": "d9db1f6769146cd4579d135a6a0cbe275ddeaf8b85b20cb9baab3e5b2ae1ea5a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "final_a.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b48ed43e6571bf9a20ccf1e133e408ca",
"sample_size": 472,
"sample_type": "Binary/None",
"sha1": "4b3e9be6361f0757124dbebb94c5046310e1965c",
"sha256": "f8fefd8e0a5ae0db8d90791645899ed6c9a8f2db077da5d51734b02d0ef18f4c"
},
{
"classification": "MALICIOUS",
"file_name": "modulefinder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "72de8fc219244198642ef06e4c47afeb",
"sample_size": 25128,
"sample_type": "Binary/None",
"sha1": "7f07fdf271f4f94e0b8b86e3b9b09389be1904a5",
"sha256": "75526c85c4027e5ecd668f7129652cfad7e683c310c648dfe0d113f3146d0a4d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "idle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "c31322ca69847578b96a0510e55f2468",
"sample_size": 512,
"sample_type": "Binary/None",
"sha1": "b847b2d3eacb4c7e226c92973e2ddc31b7861748",
"sha256": "937ce40eb1363dfea6bbe42b175c013e8664d89f97fd5ad1e1f3d5ea7cb9c0a6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "tty.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "e8e834af46bc8ea4387a1aee45f109d1",
"sample_size": 952,
"sample_type": "Binary/None",
"sha1": "08219bbc03b41506a6089d04f1de153281e2b8e9",
"sha256": "d8d4ce8e64a050d6413bdf15705fa7dd55130c8c981fc6927904fc06b4ad3e85"
},
{
"classification": "MALICIOUS",
"file_name": "streams.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "6c20d739996bf8ca8bc959b32f46d648",
"sample_size": 27440,
"sample_type": "Binary/None",
"sha1": "3a2178912304e8da9dbc84336cc59ea8262aab87",
"sha256": "6a54b02dac7bee517d9ee01d4205a97d762e76afd69a6294edbf923f7eca2ba8"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "HISTORY.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "db46b1c2022262071af15a8eaf044c01",
"sample_size": 10648,
"sample_type": "Binary/None",
"sha1": "5d958910d0cf8a7cde87e27670b7e2314922ffef",
"sha256": "dc7ad0ca3e9de7f6aeb10ab69f392a719438044bc1a7e1422888f323272d1d93"
},
{
"classification": "MALICIOUS",
"file_name": "sre_compile.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "86e9b1919383a83fdadda385b3b53279",
"sample_size": 28824,
"sample_type": "Binary/None",
"sha1": "9540426877ebd84cc07a6068d76613d3eb7e7562",
"sha256": "f86f241ecb1bc8e06af7882321a43646835486f9850966969ca2e23ce30a212a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"md5": "6b95bcadd8f86dd2a5053e730d43abbc",
"sample_size": 208,
"sample_type": "Binary/None",
"sha1": "395afb9f067adcfac997b8a91aa362f0e437158c",
"sha256": "e57239c1be07fb902314d813055fc36de27b4f0326816fee67532e9fb22863f9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "dd_SetupUtility.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "a031d1d6be8d2cfb66f3bae9bea89b0e",
"sample_size": 2496,
"sample_type": "Binary/None",
"sha1": "e6bc781b92c0d5ca529ee071355fa2ac94f61525",
"sha256": "cc8c0933883a37f0a971718bbc88f159fe8bbcc2fe221ab54b8ce86238c14f2a"
},
{
"classification": "MALICIOUS",
"file_name": "test_lzma.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "0f06da11bc416aa0be711e29455716de",
"sample_size": 92032,
"sample_type": "Binary/None",
"sha1": "8ab5a35437d9de71963eee812eb0508c4fddf95e",
"sha256": "344520af934b0d92da708d22d91a366c5916b8dfb58ae012af2119aed257ed67"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_py_abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "364b5f38fd33ddef379cbdbf0fa06c8f",
"sample_size": 6376,
"sample_type": "Binary/None",
"sha1": "bc2532f968297df05c5073423aaf44ad98e7aba7",
"sha256": "ba8e20ca82f095e320df3c8313c114d79f9d92d474016fa77d134dd363ab92d6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "dump.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",
"md5": "d3b8c3108df5ac46a2de7013f84b1519",
"sample_size": 2936,
"sample_type": "Binary/None",
"sha1": "63c2da13bf41721b49f8d5c9fd0ebb5d0f96506d",
"sha256": "7f3c3ba94fe0c1146903b0f3760c8c10afb0356aa0e5d081b94b6064e9e42351"
},
{
"classification": "MALICIOUS",
"file_name": "test_runpy.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "f1eac9fb99ae6eb01c8560589ffbf29d",
"sample_size": 35488,
"sample_type": "Binary/None",
"sha1": "519590d26d958039fe3953dc81865adef5304bd3",
"sha256": "f96c2f7276ea09f05b5ff3d6fb767fafa60839e3975125fdf260f55130fd3564"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "profilee.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "453afcf97c8b179b0c8e7d69fd453a90",
"sample_size": 3200,
"sample_type": "Binary/None",
"sha1": "5122a4556018e96d8cf8c00c0c0e1935847f65cc",
"sha256": "8696f8a93fd9b842fea40cfe748fa1e050765345404656f5e1d0668e6531ba2d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "big5.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "a1acddbc2112fc71f7e35d75b9139e2e",
"sample_size": 1096,
"sample_type": "Binary/None",
"sha1": "2dc3f8094d55832a81041657dd5ae6c581c0f1bd",
"sha256": "7b95bced1bce6d27afff6411181b4540ec0ba7a62c1932537aca432cd207ddf9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pydebug.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "73871ebf514eba78feeb9e3773af8e26",
"sample_size": 1168,
"sample_type": "Binary/None",
"sha1": "f8213aea2e5513d95397006b1be285ac0f030d4b",
"sha256": "7a0ed3e09a5f194414b0dac4b59ac4dc04880115e35efec62a1ffa64451b77bf"
},
{
"classification": "MALICIOUS",
"file_name": "re.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "ea52122c7037d97ad64068f6e26fe26f",
"sample_size": 16288,
"sample_type": "Binary/None",
"sha1": "c399ccb0192e1a642ff799b535e7ff32521dc0bb",
"sha256": "2b4fcdc5659d815495eeb43b6594ce97fd7ec6f8380eb71c80b31de216196016"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_html.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "39c01a5b9c60ca69fecfc35b70c74008",
"sample_size": 4480,
"sample_type": "Binary/None",
"sha1": "7996dc55be107326945690e8c1198cbb9676e0ba",
"sha256": "6e33af31929c5b49d671789e99a665b2afb02bfbb04a6312c460f68a349d2a95"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "koi8_t.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "b16d6b7c2b452d37921a813eb5481892",
"sample_size": 13544,
"sample_type": "Binary/None",
"sha1": "31c04bef67540ee13e50a6b803bc5812971aaf46",
"sha256": "d6e90ef1e6e93e52d00357a2dbd07a49c5bcfe6d05161aee4ff4524cc7d550b9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_bisect.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "54307ee457ff8922bf33d9304fa07162",
"sample_size": 14328,
"sample_type": "Binary/None",
"sha1": "141e348e9ffd696a67010326c6966ad092b222b9",
"sha256": "6064dc75a092037a9298c9344034df34f56481607f4f2de1f63baa86b342619b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_fork1.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "6f8c9a7e74965adec6b581a2c9778bc8",
"sample_size": 3456,
"sample_type": "Binary/None",
"sha1": "519cc6926dc4f38f78578c5a49f32b71f4c0a7e5",
"sha256": "344bbfff310b550698b0f1e1c1517b1f56ef4a462aa94276dac37d0629733c6d"
},
{
"classification": "MALICIOUS",
"file_name": "test_array.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "22d90065df8e163969b218b60460ccc1",
"sample_size": 54472,
"sample_type": "Binary/None",
"sha1": "041d267fcdbca06b905469674560b0e6facd8a02",
"sha256": "e441cb0d82b0b88f055e011dbb1e5207c125b2124558e9fa50ffd42333656e8f"
},
{
"classification": "MALICIOUS",
"file_name": "sortvisu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "e35b47efdf9ad31c1d95b4b648e306f8",
"sample_size": 20664,
"sample_type": "Binary/None",
"sha1": "10ebc50e6e2d0c793248606419040883cc8f23e3",
"sha256": "9b8989e3e397e33afaaba4f6ceb55b96cff64c8d36750821275e9cd3679ec92c"
},
{
"classification": "MALICIOUS",
"file_name": "test_dis.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "932312ddcbc3a2d3b95098db67b9f65f",
"sample_size": 55808,
"sample_type": "Binary/None",
"sha1": "a5c9227ee90649fa572eaa25e19b8c1f130c27ec",
"sha256": "d8fd69c9f01b1b490e99f55609f9ca8a8fa6112eaee04499fb1db4183607ec65"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "OneDriveMedTile.scale-150.png.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
"md5": "64ee12ca8b02bfdceab2c18bafa1ad2e",
"sample_size": 1032,
"sample_type": "Binary/None",
"sha1": "44d1588b7c5ff34b97f542f1eacdc2f922612277",
"sha256": "3664864abe07d7216037b1a71421c1f6c246ed3839c581799a8d186ef278a867"
},
{
"classification": "MALICIOUS",
"file_name": "test_smtpd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "43a99f48777edc3219dce4415d5a3e7e",
"sample_size": 42344,
"sample_type": "Binary/None",
"sha1": "a4c0b983ef903bf00dcaaf8cf913f39f4c1c646f",
"sha256": "9feaff08719c930daf44faaf849f2ea741d25e41635be94236e3314bc1b37779"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "classobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "e9d24a3d2efe08b18ac80b3678d53a4f",
"sample_size": 1752,
"sample_type": "Binary/None",
"sha1": "12d25a3557ea0e14b5dcbc11b5cb4bb740953c07",
"sha256": "fd1a15d321eee6fe4e753cb69352529462cc265e27fec5cae207a9f22b88b7ac"
},
{
"classification": "MALICIOUS",
"file_name": "cp737.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "8f9a3be08291534e8d6290966c737f38",
"sample_size": 35416,
"sample_type": "Binary/None",
"sha1": "c64e8d910b450f9654a60a96df07b53234831aa3",
"sha256": "3435bd1f997128472f01b3cb1102729751b1211e8f294df9cea109139d89cc7e"
},
{
"classification": "MALICIOUS",
"file_name": "Outlook.pst.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook",
"md5": "75c5e5597dbfac35729da1e48812f250",
"sample_size": 271400,
"sample_type": "Binary/None",
"sha1": "6660271a0eea85460b60e82b2b091092dcbe511e",
"sha256": "ca983b39a4d8ea244ea2ba30aa933ac69cc33c51658fb4f9129d9cbaf20395f6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "log.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "b7729f563203c5df5b4daacc6beb1301",
"sample_size": 168,
"sample_type": "Binary/None",
"sha1": "2209fbb1e18308726b9c33ccc262dc5b97e35a7c",
"sha256": "dc1fb7242be1dc6de6a0ad1593469b871007ea587b6f6045221702cb2b0cfff3"
},
{
"classification": "MALICIOUS",
"file_name": "client.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xmlrpc",
"md5": "fd1d2932a1e9c44cf914401a35342fec",
"sample_size": 50960,
"sample_type": "Binary/None",
"sha1": "b624519b6ec50a2202ac95ba5507f09a3769b9a3",
"sha256": "1c94aec1481239c6553ff834726e1ddbd78ab44113431148c5f349e36eb77c6f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_global.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "7caebef3d8ec208e37794dae3ba82879",
"sample_size": 1480,
"sample_type": "Binary/None",
"sha1": "df6bc63d3b252e75f40e33d3c769a842aac2a467",
"sha256": "8bf01edebfcacf3df03b2dea5a5ebb01f4940f2585df13c176f288fec5e3f9ac"
},
{
"classification": "MALICIOUS",
"file_name": "cp866.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "28ae97e7c9a21c0ba58f664e6886063c",
"sample_size": 35136,
"sample_type": "Binary/None",
"sha1": "8e81f74480e48c3ae0e084d3e4216c03f79d00fe",
"sha256": "e833c4b9474cf8f07edbaf43c2c0d79162a55c4363e8eb4a924227e6c79b68ba"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_compat_pickle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "6b75b7cf1328b2a5abb008eade222e86",
"sample_size": 9040,
"sample_type": "Binary/None",
"sha1": "94e5d375c8cfaf7424ddc815c9bb58a65d726d36",
"sha256": "2b021d82962df91f12924d23ffb8c367f7035b241a6c218b55f524ce474e3466"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1140.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "2f2196e0a20acc656884b2f8db62b655",
"sample_size": 13456,
"sample_type": "Binary/None",
"sha1": "81676670b7948f4f783b79d9ec3b22c2dc06f694",
"sha256": "0f74db111afd4a51157b29e84e2a7b104cf7a3c525360b97999296020db2c522"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "sliceobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "4ee7a4b613302187c6b2e3efdc62f1b2",
"sample_size": 2624,
"sample_type": "Binary/None",
"sha1": "440b5b102bb0663f047cdb27ee4d77a70870ae01",
"sha256": "2959f1dda83b7a92382fcd2a16969ff659a9ca006cd6a682a9fbaab287528749"
},
{
"classification": "MALICIOUS",
"file_name": "test_dict.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "93d247d84bcb48a7caf4c663f209b05c",
"sample_size": 48904,
"sample_type": "Binary/None",
"sha1": "3975b067e88be9191de5c0946c53be1400c81685",
"sha256": "85aa0e73eb54afea8d6bdb28afd495a4bce92be51ab01bc7b8b22731976c3c75"
},
{
"classification": "MALICIOUS",
"file_name": "pickle.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "5bb787804b84e7d54b7589b594452f6f",
"sample_size": 66776,
"sample_type": "Binary/None",
"sha1": "b43f955f23de79a2bf27897cc0e3cbfb8cc72059",
"sha256": "f4fcd36faf62f34f6ccf8ac3b152bf1b62126a093307b0b0431c94ff292af882"
},
{
"classification": "MALICIOUS",
"file_name": "doctest.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "e493ae2e52284208cc611823a8bc6a2d",
"sample_size": 107400,
"sample_type": "Binary/None",
"sha1": "7ba09ce476399f20a6f6fef34e66cb7709d5bfbe",
"sha256": "f69820e6db476f35480ede0ca1de3039ed8d9998c0bdb19b0fa8fdb9337d1fbf"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pydtrace.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "7977eceae2b0c5940150de1053881a92",
"sample_size": 2512,
"sample_type": "Binary/None",
"sha1": "a9969c423f99989f9f04c8892db26d1b80404f2f",
"sha256": "9d46d14b573c5efa3819b01500e698aeec1d6f0fd7d282ab4d16d350c714beb2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "macosx.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "569901b10c41db8780f4fc070cd29bcc",
"sample_size": 9992,
"sample_type": "Binary/None",
"sha1": "962026bf78eea5a0d4bf455d20b077a158309186",
"sha256": "abe6bdfd68c0eebdf982cea563185ad3259eb465caa81983cc92e99468178f07"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pyexpat.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "54d5dc7aa9572815511929032703c03e",
"sample_size": 2544,
"sample_type": "Binary/None",
"sha1": "39cdc2a5701d7b67c2d7d8b7b6e9e9ef41e28db8",
"sha256": "b6a8748a4dc263671c0347a8c6c1ab485ff97879d17e5c1bf92029f1dea8010d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "uu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "6a0e3dee217ca96bedfda8bcde31fe0d",
"sample_size": 7208,
"sample_type": "Binary/None",
"sha1": "962907f6ed266de5679a97f1c210ed0da77e5fac",
"sha256": "dcca7d1e7bc29638231cf39414bb083f3a405605303bef07ef38ee0200ef9b80"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pyfpe.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "8269c9baa59a65e22b21ab20a5d1ef87",
"sample_size": 496,
"sample_type": "Binary/None",
"sha1": "d9481297a124308c5f9e3468a6b3f37e7f398f9a",
"sha256": "cccdacf67ed35a703eec3ff1b186130439e7a3e68ec43055a09768a9c2b8f0ac"
},
{
"classification": "MALICIOUS",
"file_name": "aifc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "178366fab9d4fa87a2e23610fc74a8ae",
"sample_size": 33592,
"sample_type": "Binary/None",
"sha1": "ac8adfdcf14d3bc50038097012908cb959e55869",
"sha256": "c78e88e30d5e7811110b318085577bb6c9cce7600a4f36b4526aef84fd078113"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_imghdr.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "2f9d96d927225d0a99bcddcd3664cf2d",
"sample_size": 4944,
"sample_type": "Binary/None",
"sha1": "e86853dfe6eb6e2b6298df3040f68f003d97dc53",
"sha256": "de43f6844d3c20db4bb0d028ab0f957af16493a312650284ce867b372110e666"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "token.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "a27a2afbb63e92ac4179dc27302b93ba",
"sample_size": 2544,
"sample_type": "Binary/None",
"sha1": "d8a7c4a5ac1dde8f8c663c446488c4db4d081d51",
"sha256": "4a3f570b875969b96033fa14ca37286ada07303d7dfa6ca1d9be8419f27741c4"
},
{
"classification": "MALICIOUS",
"file_name": "cp1125.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "433bed5d884f9dad4729467f8d375e11",
"sample_size": 35336,
"sample_type": "Binary/None",
"sha1": "5ec5a3af280495e45c727ab1e3dd8fa43342dd72",
"sha256": "c83112fa1134984f14ffb81f5ec164adca5d90be24c9212ef2ac8ccaa28d68ea"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "base64mime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "76272492c530fedf6cd4720a996fa309",
"sample_size": 3720,
"sample_type": "Binary/None",
"sha1": "7340e255447ad7a6df89d08936d1acdb5aafbf49",
"sha256": "87170847dcf6f6d6fcc5e63b929efa4bd65dae79184867cccea7b5bdbb073c30"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "markov.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "2a3c8617b241a4af766d5487a0f6effe",
"sample_size": 3856,
"sample_type": "Binary/None",
"sha1": "c5cb531d99e3e8d1bef41f6f6c45547f2f365a59",
"sha256": "22a9f6b7ad4b26cde1eb04874c164c455f10e5cafcb4a3e0d3615360aebe8bfc"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "mkreal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "f8c9e73e281fd62bf0b28c151b25f16e",
"sample_size": 1736,
"sample_type": "Binary/None",
"sha1": "81dc7eb7061c1723fe0739ba610a8a719bdd79cb",
"sha256": "2638b56639357a5fe175066413ab092568ff36cbd1c1fd119b20f73b624c14ba"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_binop.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "710e43ed98625c959544dc3f3900d4af",
"sample_size": 14960,
"sample_type": "Binary/None",
"sha1": "a6aecfbeace3c69b969862dbaf2f5511e88c0347",
"sha256": "508626328612bfc74ed38ecb65bd59ccb5b10f2729bcfad35eafa944fa8d2e53"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "nturl2path.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "106d9f15a6a1500262d9904d8cd82a66",
"sample_size": 3008,
"sample_type": "Binary/None",
"sha1": "566cbf78e111f55afb23c697e5cfa7b7d1e26179",
"sha256": "c111144619e6dced6966172cc7f93167f5a99a56f1b30afa789bf25af871d2cb"
},
{
"classification": "MALICIOUS",
"file_name": "pythoninfo.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "26d0a48d3428bc28234b34a37661304e",
"sample_size": 23648,
"sample_type": "Binary/None",
"sha1": "a2503adaf50eabd0ff11f272601b36800dae53ea",
"sha256": "cc87a70cf0bd60b3231e7ec4270ded2c38740bb12e65dd0784c240368533319b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "utils.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "24aa2348f9bae0ded94e5be980d94efe",
"sample_size": 13688,
"sample_type": "Binary/None",
"sha1": "6881bf5583aa63385160fad51509dca3fcf363da",
"sha256": "00ebb5a53b22be0e73feb32830665fce9c9ea0f604b46ad139c748433e4f3d32"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "stringprep.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "59e704e7e560bd15cad0cdaf1674190b",
"sample_size": 13232,
"sample_type": "Binary/None",
"sha1": "16b1f60b806e8e73664ad66bba89433e1199a725",
"sha256": "5c929cc6c442b9380a7e69e2ea6448f0f498cd34be183b680730a9e0fc5b65ff"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_msilib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "1241651d54adb5fee66cc7a6b1b54e02",
"sample_size": 5344,
"sample_type": "Binary/None",
"sha1": "8cc6a6eb026162b7a3cf9766949b020c884804cf",
"sha256": "0893fac20d7ffdb9b8c5a91a7638233f84bfdfb984404d817b86478d1bc084f2"
},
{
"classification": "MALICIOUS",
"file_name": "test_call.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "01a3bc8cf630638b0415f07d0aaf7cac",
"sample_size": 25376,
"sample_type": "Binary/None",
"sha1": "a09e223086a131df97e893b2faf27170727a9ae6",
"sha256": "fbeb73a49233d189a7bfbd746bfc410d51a8765894757c027ab3604b04036c56"
},
{
"classification": "MALICIOUS",
"file_name": "webbrowser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "d83516a5ba6c42c75c4d87e9d9cc9129",
"sample_size": 24840,
"sample_type": "Binary/None",
"sha1": "08775620d44c36cf8e3f8d5bc3d6514bef2bf06f",
"sha256": "363acfb97d7c95b68341d1f34638421e2bfe7f2099a2618249cb60e8d51789f3"
},
{
"classification": "MALICIOUS",
"file_name": "loader.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "d758a34f59e262d8056aee42483e0f30",
"sample_size": 23256,
"sample_type": "Binary/None",
"sha1": "d877869eca585620ec67bd41691a43cd5248d8e7",
"sha256": "f3fde0ae44b803c51d13d6b17b6b8556dc9306b335b9902c06ec5f35264379b8"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "outwin.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "c1cbb297b9c6efaeeda0560a76639c73",
"sample_size": 5936,
"sample_type": "Binary/None",
"sha1": "9a123ff5ce25cb18db837713cee812e8670c2ec2",
"sha256": "7884ef82789acf8ee308918989f46adc4adbb726b7c79746acd26990b4118662"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pydocfodder.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "cf9b14b9aa7e0623ba5cb65b329e1af3",
"sample_size": 6592,
"sample_type": "Binary/None",
"sha1": "9f1a82971854f5e73cb5cc21ffdc26e613380d7d",
"sha256": "06a8c01d43df302d10d9438b678381c638483ad732797e59930764de28751819"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "undo.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "c883a291d48498dd2a765ece0b46f159",
"sample_size": 11456,
"sample_type": "Binary/None",
"sha1": "42b426b6c54d15b1acf09309d18107f3392333fc",
"sha256": "3445c4a17a5787882e441f7ca3556680904a19bbccd43e513e357b0fd5da8665"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "compile.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "92aebfd06372d5760a4492cdecc90816",
"sample_size": 3936,
"sample_type": "Binary/None",
"sha1": "6fea8ade8bde9e8f5bc0369125182ca3d26f7c97",
"sha256": "b72c6bdb20a21addfa8a68bc98de5fcd84d26dfbdb3dfd34bdcf71e8d1ca51f5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_eof.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3f22c4cfbae39eaa43e7316a66649808",
"sample_size": 2592,
"sample_type": "Binary/None",
"sha1": "a105589949be91eb13f4c0e67aea34f3ab4c2d87",
"sha256": "8e0d53ab86fb44cec9ef649fb7f8fb8fc77b0f979d1e6deba9bec3033d4889f3"
},
{
"classification": "MALICIOUS",
"file_name": "pyparse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "fb0c693ead3e5bba59e60218f7f8cd4d",
"sample_size": 20496,
"sample_type": "Binary/None",
"sha1": "4f56abf1e8c76ead6539b3c03443d96a72a27a72",
"sha256": "8561a9f93ec982b56480592d39f9c6bebbb2de2a8db731c4c1472dcc74f8a3d8"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "paint.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo",
"md5": "a8e5dac553b7da7a0b139f235a0a0671",
"sample_size": 1384,
"sample_type": "Binary/None",
"sha1": "033198e6bb62762db8f57c25f8f55f015af3f06b",
"sha256": "233c370367f9873c4d045608d66ed03b91c343ee61b97fc5cb0c958085cba5d5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "traceback.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "c6cbd5f911bbc0cbe0ddbb57cf2a96be",
"sample_size": 648,
"sample_type": "Binary/None",
"sha1": "391d3e737ef7f8a4dd09f16c1db46b779d185086",
"sha256": "845f9d1d154f59bf3e27bb57fe5867ee813ac432499b09f20d5e0fff9278004a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "README.txt.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "b65d51f7dbf4025ffbac06a38bfc3a59",
"sample_size": 9976,
"sample_type": "Binary/None",
"sha1": "7068f4836af51225fda3b757e0a3cf05e89fb9af",
"sha256": "c8e629051ce9dfdf817ddbacc35d2080f4bb255cf97791dd72271acc797874c2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_shelve.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "5b288a90e28416a90545a8e8e2649058",
"sample_size": 6344,
"sample_type": "Binary/None",
"sha1": "8c2d96940d1b46cdfa7ca63a4cd264acd5050ced",
"sha256": "1646c4e11e361e7a39729347a657fc93d200b7d9df3dc9927add2d719b1249f2"
},
{
"classification": "MALICIOUS",
"file_name": "contextlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "f7f39eedfb9a2a51e3382727b37501f4",
"sample_size": 25360,
"sample_type": "Binary/None",
"sha1": "8d4d0d23c852173447295acb77776343abaf8ab3",
"sha256": "b8eaeb6d1b014cda35471c15747dd9fd32373dd4bae04a083e5357a0fe4b9840"
},
{
"classification": "MALICIOUS",
"file_name": "socketserver.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "c950aaa184f197c45f38cfb8398a20b9",
"sample_size": 28184,
"sample_type": "Binary/None",
"sha1": "491f585f5c4030ac94cbae07b5508fb674f0ed68",
"sha256": "5f5d3ba2ff34c22e356be7689a0e202578085b6818fea14ec71d7f77da947024"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "seq_tests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "50bafc3a81a876733e2e9e3b3df5ab3c",
"sample_size": 15696,
"sample_type": "Binary/None",
"sha1": "900de59dfcb583bcecb2283c70dd127b94b56487",
"sha256": "9a3a6c259064ecd78c656fa5823839506fa38a2c085ed750f2f0ae4047cbe06d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "shelve.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "357c32ce2c811c1c78a942448d73f6d5",
"sample_size": 8808,
"sample_type": "Binary/None",
"sha1": "01ed01b57dd096767ac49247400279aab5c5b37c",
"sha256": "6a6a58a4e9e0c5c8aaa959a67d1beed42c1b361581206f4e76f8ea732a58f0f5"
},
{
"classification": "MALICIOUS",
"file_name": "run.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "917b83951da145e17460f91f3e044a85",
"sample_size": 21712,
"sample_type": "Binary/None",
"sha1": "03f50beee07aaf0c8904f9b122be51c268af254f",
"sha256": "1c7d2a55133ede983fb96ac42b806372eed42ed9682fd37d8b19f86151754f71"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1255.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "72dfe0ce6f968186f380808420ba1146",
"sample_size": 12816,
"sample_type": "Binary/None",
"sha1": "227e0137ccdbaef6217adc19adac2bfbd8f41937",
"sha256": "11ecee10c3bff7b0b08a134aee475af1920d3e2716f75280120f1f1b8b46aedd"
},
{
"classification": "MALICIOUS",
"file_name": "wave.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "f05ec732171bf44a800373481f048809",
"sample_size": 18560,
"sample_type": "Binary/None",
"sha1": "5416ef9ae8922af841c1355f4217f79b97a2acd5",
"sha256": "ba593b4eef9eb4f83fedd2797ead8e763095bd5d20a61c686912f4628ea8f16c"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_list.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "1d0f637aeaec9df4e713d50676bd759b",
"sample_size": 7992,
"sample_type": "Binary/None",
"sha1": "62d2c16375326ef57b725d9831213c2ad50daba1",
"sha256": "f7d9e13a9b3ced0c47bf3a55c89ef8cd886e7447b2d4974907b610f6c7a7bfdb"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_bufio.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "ed4e016c479435e11dadadb8166cb891",
"sample_size": 2712,
"sample_type": "Binary/None",
"sha1": "7c5f9dd0afd3708d408fb865bd3ec53ef43a02f4",
"sha256": "13a56f4409f3e0b5f4197d0ba0265e5230f0bcf7b6c6d4f18356028ffb387eaa"
},
{
"classification": "MALICIOUS",
"file_name": "locale.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "60ed9caf9b6a7562fa6889bed9a319ab",
"sample_size": 80064,
"sample_type": "Binary/None",
"sha1": "bd89f956f31435319c671cb774cdfb328239ffed",
"sha256": "2b743ebdc1c51cfa700fb18d6d133b4330850e72ace559a5508750f25ca61cda"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "window.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "7059cae7a1455d4bd6eb78a72f63f964",
"sample_size": 2752,
"sample_type": "Binary/None",
"sha1": "0889cd6699c0efffdf4c5df2d65a0a09a63a2f82",
"sha256": "442b20fcb2df72dd16d91e8613eb31d04848d41fe2457b470f1b9280ee33efc5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "calltip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "d0489b35fd641d4e600abcf98ba47877",
"sample_size": 7512,
"sample_type": "Binary/None",
"sha1": "e7ae840f462e98b89c282985e2d4d56e355a268f",
"sha256": "e601f30e8fc702d989d07a0b4783b5f4c6c682153dca9b2de9e0e271e4d0e619"
},
{
"classification": "MALICIOUS",
"file_name": "test_os.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "6aa19cc4afc53429cf78e8b2ec996458",
"sample_size": 167216,
"sample_type": "Binary/None",
"sha1": "f3961e88e8ed0accd2ddd187aae5197ccc75dab9",
"sha256": "d2ef4d3aa919c267ee272e086b907d3671ccb91fac6ad11bcd64bf11e5202f00"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\sax",
"md5": "e502bc9cdbd6ad99ddb49a137740231d",
"sample_size": 3792,
"sample_type": "Binary/None",
"sha1": "6d95a538727cea86333cfd62d8c14bb4fc9d4623",
"sha256": "2284695239544fd10331aeef6cea797f45c2dff2a5a2628d6f41e42c8578e0b8"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes",
"md5": "8eb95d1f666a789546944980bcc87e1e",
"sample_size": 18592,
"sample_type": "Binary/None",
"sha1": "02517ba564347dac716c6937991b35fc27fbfea0",
"sha256": "fe7102740122286fbae40e27b14f340d555408f8755fbcf72b5266b8c252740a"
},
{
"classification": "MALICIOUS",
"file_name": "test_io.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "7c8a3c620fc757c73a6568fe1dc3fc9c",
"sample_size": 175280,
"sample_type": "Binary/None",
"sha1": "b1188cc68339b19374f0b8a5893ee055b53a6d09",
"sha256": "9276373a12ffbbd455b9f18b92a790b6dcdd5d2bedfe80dbd38dbe9ec4ac8908"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_atexit.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "75622fe47cc698feed1caa00a7772393",
"sample_size": 6216,
"sample_type": "Binary/None",
"sha1": "cd85cc7c4e444fb80e95521d152dc1a148daed6c",
"sha256": "39ce3e26dd6e7a2e6c9add767d7903f8464835e63524a95e9420b4d4cfa8dc90"
},
{
"classification": "MALICIOUS",
"file_name": "test_aifc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "0734abdf7da25fdfc91419bb15d493cd",
"sample_size": 18600,
"sample_type": "Binary/None",
"sha1": "a5e1158535d743640a86e3a3f778841cebde473e",
"sha256": "6b0e2d9255906cb23d73886ab1d1aeb1ad9f48031f2791860bbc539bf983c1e9"
},
{
"classification": "MALICIOUS",
"file_name": "test_enum.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "c256a0841490e1b780f11428ae496148",
"sample_size": 125448,
"sample_type": "Binary/None",
"sha1": "5a68d7705a9d5628ec1447a5ed4e40cf278b1a4e",
"sha256": "186a8fc45e742804e8c43da07dae7d28a332d688256287d5dcae84fdf6af6b8a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ceval.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython",
"md5": "aa99db677a15cc3553784a012f3b61f7",
"sample_size": 1616,
"sample_type": "Binary/None",
"sha1": "bf669278778c1db80bac0914b38f4d2b3739b9f9",
"sha256": "9315dfb90c9075e467d08d9074fcf0737de0e8ef87fe4e0916703f39e8c72790"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pymem.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "8fb4872f535207e82cbf5a1b74d08324",
"sample_size": 4560,
"sample_type": "Binary/None",
"sha1": "e241e7d581cd862e2610b66b54ce1ede0826e6ec",
"sha256": "e1a88a03bd2eeef81a5c57a871773e8ab0249aa9e76f53c64bc7bdddf8e74edf"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm",
"md5": "04b2dac8ae2c21f83d2b537650d99355",
"sample_size": 6072,
"sample_type": "Binary/None",
"sha1": "e46e92d6d2297f48aeac2271feafdd11ea9979d1",
"sha256": "10eb08ccaa117e7915c5573cc011361004f26f3e7b1a1e82b8a204d1d9ddf3f5"
},
{
"classification": "MALICIOUS",
"file_name": "nmakehlp.c.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\tcl\\nmake",
"md5": "b012da0069dfb5fc3b595c97049928a7",
"sample_size": 21984,
"sample_type": "Binary/None",
"sha1": "e4956d4722a3843913c4ee6964e555c1d85ec1a1",
"sha256": "dcdac09158d167840de917bf986ae1dae8b0687e703f70a83beb535223dc3e71"
},
{
"classification": "MALICIOUS",
"file_name": "test_buffer.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b0f155dbe20d558a8d0d2ee0f974ef50",
"sample_size": 168592,
"sample_type": "Binary/None",
"sha1": "47e6ecfbb70014d4de374fa1d76deaae8bf37e27",
"sha256": "01b9b36cd0f9f2196d04dff359b837204b83aa9a6548fba544722686940cc4c0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_imp.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "bb20f00ce74852273f90e675c1edbd18",
"sample_size": 18656,
"sample_type": "Binary/None",
"sha1": "a213a487c7e8606a7e3df630c3d3ef3754bd7117",
"sha256": "f21c39bfedd99a6bccefa254a1f31327e55802ea37be249abc484391bfb05178"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "_log.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "59237a5ec84118b47cc455767fc9648b",
"sample_size": 2408,
"sample_type": "Binary/None",
"sha1": "77f6139f9099fc9e45030d6758b3c45df2610690",
"sha256": "f3f7879f886f66c217c1221d86c29b51e72126a55fdafe1a24312be08e7a9b1f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "beer.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "91d0b3cdeb80e0b7aab9d2d082246be6",
"sample_size": 632,
"sample_type": "Binary/None",
"sha1": "10c32d90f7de34a8dfafcadfe0e3200723d4011f",
"sha256": "ab0a6aa9490f55389a23f088d48a74891a63639fb2767a413ba03903c45626fc"
},
{
"classification": "MALICIOUS",
"file_name": "cp857.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "b84d8943ffc9f10c637e926183198303",
"sample_size": 34640,
"sample_type": "Binary/None",
"sha1": "353a223340804503bcc9d34ada2d8b73ba651d96",
"sha256": "9800d8aa58217cf53aab22aec8045fbb78354c9216ecd4b14b253b62bf89c78c"
},
{
"classification": "MALICIOUS",
"file_name": "test_ssl.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "69551f600d7ebf6e6c87f1d9e4b1aeb2",
"sample_size": 213480,
"sample_type": "Binary/None",
"sha1": "0d8a3e0a033a52b36680cd3f3138d3dab4574c1d",
"sha256": "bf8230984e3266784a3445765d5db9110a67db3d6cac674a0380e0e7f4fb805d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_tix.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "e4fdcba4393ffd8bab9399373206cc27",
"sample_size": 1008,
"sample_type": "Binary/None",
"sha1": "c372a194bdb742d59f8f2abcdd734768802c887e",
"sha256": "22e72dc812aa7048d8216e3e1a3395e8b30583265e31aa080d4170ff551991b7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pylifecycle.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "515f8ea944259eb9465e7d6d295421e0",
"sample_size": 2256,
"sample_type": "Binary/None",
"sha1": "aaacc9fc2c70883025b01a7b186c844ab1a0df7a",
"sha256": "0e38f7bcc5c86a62e118b0635be59f92eb70ba4dbf45152007270106d3946af4"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_ioctl.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "9e1ee88b2b53766626d83d0e8e0977e1",
"sample_size": 3408,
"sample_type": "Binary/None",
"sha1": "5efbfaf8baf728456c7b5fa088b3b336df338727",
"sha256": "1f23ee502aa64cad421cf226cb7a955ec8ff99830c40be788bef62d2ea2ffaa5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "abc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "1a90ca944fabc2457e725126ad8e0b94",
"sample_size": 5112,
"sample_type": "Binary/None",
"sha1": "a758edabb99ebcfe93b06b9562c5b8be62b75ade",
"sha256": "a6138e664b176cd900b48c97fbdc30c38c8ddc15bd1559e82652c9f98f1d96e6"
},
{
"classification": "MALICIOUS",
"file_name": "test_csv.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "713a3942fa3cb875e6c84901ecb5e86c",
"sample_size": 51512,
"sample_type": "Binary/None",
"sha1": "91b0bae7b492c1d960e992d2c1ac3c491165a50a",
"sha256": "c1825718cdd133223a04a5d489e14c48491770446cef03acfa32e50152d9d2b2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pystate.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "ad48467e51aa0e8561700cace0224d2d",
"sample_size": 5440,
"sample_type": "Binary/None",
"sha1": "b443a9bf94e5243471eecdcc25d323188cc7e6cd",
"sha256": "e6c82ba2571be52efa2ec0f2eb56abb4625c3fdaaab30fd4950a4eed563dee11"
},
{
"classification": "MALICIOUS",
"file_name": "test_class.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "6e9225dd9dad200bc36a2ebc2a95700c",
"sample_size": 18544,
"sample_type": "Binary/None",
"sha1": "79aa25b4b820c7069fb644a3f82f5ab6dbc918d8",
"sha256": "757c7836a3a036ab2083341854510f750f5b91b6e37129ceba800f8a5e782f02"
},
{
"classification": "MALICIOUS",
"file_name": "ntpath.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "61a18760086aba0d88ad90ef833dab70",
"sample_size": 28568,
"sample_type": "Binary/None",
"sha1": "54ed0cfb1a9b65b68c0da1215484499e4eddf3b5",
"sha256": "d71c3e5a51b53c986a7e4e93aaf889d99bccb1bde24419bdb54fe342ff6bf84f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "boolobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "f2a985c2fdc3198b0bc1e8020abaeb6b",
"sample_size": 960,
"sample_type": "Binary/None",
"sha1": "de53e990ccd95c75832304ed692417274ca10af7",
"sha256": "7cd0b8a4c857508677fd12823f395db583550bc66ed4e68010dd34176637d8af"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "sidebar.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "309157c18b97fd0b09f907d523977806",
"sample_size": 13968,
"sample_type": "Binary/None",
"sha1": "644b15087016e6a789ca3fb6b74988f7c48978e6",
"sha256": "885cbc65e6f5e2e75c8b8d38c56861c38511590408c199b97cdbc9e67bedd34b"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "audiotests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "33e6cc8991482f1bdd95add91d2ad477",
"sample_size": 12760,
"sample_type": "Binary/None",
"sha1": "752e4689a59ed4e517f862d43e8cb4ceabf2299e",
"sha256": "850e40158397a29b6c80641b6a8882926845da8c311d3658dc8b2beebcec03a6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "browser.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "38b3fc9a94ffa70c36e7bf6207033178",
"sample_size": 8600,
"sample_type": "Binary/None",
"sha1": "9709bc3e35e4bda71481a0aa75626861d42e5644",
"sha256": "81141adfcaa8c6c1acdaa8e813b2ad3594626428a15cf2609ae6297d272cb9a4"
},
{
"classification": "MALICIOUS",
"file_name": "trace.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "6ae6daf2cf64f51b283a165db6c9bc85",
"sample_size": 29976,
"sample_type": "Binary/None",
"sha1": "db298b7d625564df410489e4f485c159fdfb4ef0",
"sha256": "ad482fbdf429047cc5e3f0c40e4cc69a5d59417f405d2c34b22c5e7edcec2324"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "hashlib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "ae121bc208e03d0af125243670764b6a",
"sample_size": 10312,
"sample_type": "MZ/DOS",
"sha1": "01490c527b94ab99655846826dcf852014c12e30",
"sha256": "a409aee307ca44a46a765c07139a5d522640d1186b7598ad6b2cf5542c8ed4db"
},
{
"classification": "MALICIOUS",
"file_name": "handlers.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging",
"md5": "a765315e6953b8cafe0869270655fa6c",
"sample_size": 62032,
"sample_type": "Binary/None",
"sha1": "3fcf591792f38293b7c85091e5e2f496878d5a88",
"sha256": "c091cc66f3ad6fee8f1bff404144415230f11c78d5592e7cae5bd103633a9911"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "bisect_cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "86041789713339250d9f0416138c1274",
"sample_size": 5560,
"sample_type": "Binary/None",
"sha1": "fef692b7dc0ad9c1f03183de83107da0bc15e77a",
"sha256": "43d43d732050e63e76afe9dae39822ff9be032227e6ea0c83780bd3c63cdb81c"
},
{
"classification": "MALICIOUS",
"file_name": "pytree.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3",
"md5": "9574d0f84037a23a665cf61231168bdf",
"sample_size": 28864,
"sample_type": "Binary/None",
"sha1": "baa95b094ed4bfa8b1e578eb38e63629b57da8c2",
"sha256": "544db153dd1f23bc44edc02d680a8fcfc3fb73c64118527c777ce8ef36e26224"
},
{
"classification": "MALICIOUS",
"file_name": "tmpjnl2abyncacert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "dd21df9dbd7b4171c3bc9a9953783536",
"sample_size": 266008,
"sample_type": "Binary/None",
"sha1": "4cf6b423754facf94d2f51b899120e0d85c4ae8e",
"sha256": "cbceb201271ea2a599f3c8e1c4064b9c1e714b7c6c925f2f3f60952dec74c0c3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp1256.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "238cc213acd321cf066cec287f49cd2b",
"sample_size": 13160,
"sample_type": "Binary/None",
"sha1": "577d95396ba77ce515ba2d96dd0ff309742afda2",
"sha256": "c2f7639889073185bb8cc7612b2be86d6ae4048e05b254f66f4174b88b9ace34"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pytime.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "567011b04cf2305d53536e9386ffa35f",
"sample_size": 9216,
"sample_type": "Binary/None",
"sha1": "ffcb2057af6b7d633c7ed4e142e4cbf41b671dd0",
"sha256": "3d42038fd2e476eb68cc7a4a3627dc05678943ec361dbab1cfbcf2ebd028fb70"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "errors.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"md5": "b88f19829ed47e07b0b6d100b2ece2a3",
"sample_size": 3712,
"sample_type": "Binary/None",
"sha1": "919ff94eaab2b57893d2eeacd2b18a04535ae977",
"sha256": "a43fcd2dc8b8f28919c36bf40263b40ddba364e5a25fce5f0bd1ff5427f157a3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "TK.cs.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\tcl\\tix8.4.3\\pref",
"md5": "ad6cac133a844162a9d90e09b2948749",
"sample_size": 1096,
"sample_type": "Binary/None",
"sha1": "18ac8f1fd279ceba9dbb0311ec914e34ffb9cba1",
"sha256": "4a5b3e288f80940739129f3b77f6258f233fcf5e097938a80815c5fa81534388"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "context.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "8684073c3e06f447bd5360e98bd2c96f",
"sample_size": 2080,
"sample_type": "Binary/None",
"sha1": "490605ef9143a981bdeabb80403edf5e0efff657",
"sha256": "a2bfdbb39c2fe5ef3bf48f9e409ceaf787115410ea91351f363cba86579bd387"
},
{
"classification": "MALICIOUS",
"file_name": "pygettext.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\i18n",
"md5": "74cb4050c6be6aaf98afdb39eb3bca08",
"sample_size": 22208,
"sample_type": "Binary/None",
"sha1": "08b1271b68322d8f4dbf1f8bfee89ffd1766e25f",
"sha256": "033d415f514a431a7de76d93029197868fc802956e6cf59b636b6a171db170e3"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ast.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "3cad2a71cb4f220c287a476226cd10d1",
"sample_size": 1024,
"sample_type": "Binary/None",
"sha1": "e5accc9eb172ede4cb3edfa68349478bc436bfa2",
"sha256": "150bddf777b57e2a13364fe80f4ec376b2785d5a8d7953219362b53ee8d99cad"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ssltests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "3f8a5cd23c493117f20d5346f3d5c74f",
"sample_size": 1128,
"sample_type": "Binary/None",
"sha1": "9169480a73de2cb59057aa063bcdffad37151b39",
"sha256": "620f901c74211b73d059c45d5ee0608e3d8252f69d2aff2a0841c81523c7be95"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "vector.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "4d9769b3f062060072a7883d842cc52c",
"sample_size": 1568,
"sample_type": "Binary/None",
"sha1": "96e7c8e9efac8e32e08bf403c94cb1f2046567b3",
"sha256": "76cb310b9b1604febccc2a255c6dbaab8f7919af136e6daeb8f214e74b6e8e33"
},
{
"classification": "MALICIOUS",
"file_name": "editor.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "22afad8f02a4112857b209fa2af04ed7",
"sample_size": 67448,
"sample_type": "Binary/None",
"sha1": "d35bb20df36ab037a034ab3ac457df2e842285c8",
"sha256": "06d5999ee4e5ec5a1984ffd3e3dad051de12cc00150db799c49ac65fdeb0120d"
},
{
"classification": "MALICIOUS",
"file_name": "parse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib",
"md5": "9f13a3a136af4df91e1b8b6db572c3d5",
"sample_size": 43552,
"sample_type": "Binary/None",
"sha1": "7c73130677167366ad66059c699859f3551f743e",
"sha256": "82eabfaea8eba7f679e80749243cd3e12769a7b7627091b0f9566090fa7d8e75"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "badkey.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "4e8200b6030c213d203bf4443dff9440",
"sample_size": 2240,
"sample_type": "Binary/None",
"sha1": "09fa070aa06809e657661101a5c48e9194585f2e",
"sha256": "e4238f9fdbe3b07806d1e80ef81c643b3ee7fcf2f3a7c35e37d0f01d0db91372"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_future.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "731a017eafc9d6822bc6de9b99b42afe",
"sample_size": 13672,
"sample_type": "Binary/None",
"sha1": "e5dacab821f8bc0c70194cfe3244377586689eee",
"sha256": "b6a630fdb34a47f0e449dd8bdadd124fa87bdf3139d6b7c74cb8d02fcc0384f6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "sequence.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib",
"md5": "b6c547f2e47756d06d8c1093e36ffa41",
"sample_size": 4096,
"sample_type": "Binary/None",
"sha1": "0dc59105f86a299b268a1e2dce5a1ad3d7aacd79",
"sha256": "0049582a95af06ca508cd280e95008befc7b2ec53e551ef40ef7425668774cb6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "iterators.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "ff8e99ed6d0e2190180e1a2de8efb811",
"sample_size": 2248,
"sample_type": "Binary/None",
"sha1": "5f6ad08eb9c626acdb602452d74a5c592a832e42",
"sha256": "7bf273792320fdfe24e83ddac1a769f0037d9ee4f96ee674412eb5a923f35038"
},
{
"classification": "MALICIOUS",
"file_name": "argparse.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "31df238dd44c26060b4261c1a37661a2",
"sample_size": 100744,
"sample_type": "Binary/None",
"sha1": "711e78113746cd8de1202bc6986e705463010128",
"sha256": "ce70fd5f0a8c62068e34207a5e2103eea7806d12f44917664cab2ebfa41916f8"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "font.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter",
"md5": "3d5269df79862c744d18f0baf3288280",
"sample_size": 7096,
"sample_type": "Binary/None",
"sha1": "bbb5a1af27e7ffbd570cbc601b5df7bcc445036c",
"sha256": "d9c9b33cb67d7305984b2c47133460fe2df8e409e74bfba2ee01cebbf63274c0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses",
"md5": "c6adcb3445104f5626d10d9f545dbabb",
"sample_size": 3512,
"sample_type": "Binary/None",
"sha1": "0873c9b2810be1c39dd077f68397b88577455a87",
"sha256": "0532163f2192f4e5f5a95f8173db54c01a1535b8adb9cd1b2a149721795d8818"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "longintrepr.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "1723b99627e4bdf720027582b983ae6a",
"sample_size": 3936,
"sample_type": "Binary/None",
"sha1": "e0150934b85d54c20eaa34a84a8379f58be2086e",
"sha256": "dc3db19dede7d4277778149aefe58bb9da8eaf5bdab79ac2975d3997a422d2ca"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_cmd.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b84f0463c8519e86c8c136afd0bb3e39",
"sample_size": 6528,
"sample_type": "Binary/None",
"sha1": "f398989b5d69d7972bc137d2da6699592177678c",
"sha256": "a777aee97c2524c4024c00f61d6669d2a6528e5e0f5e916125e804bf009355ee"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "diff.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts",
"md5": "61f06a47b45479b63c57f0cb49e713d5",
"sample_size": 2360,
"sample_type": "Binary/None",
"sha1": "07dca015053ca1cf3899a2554db56f801d308a17",
"sha256": "cbaa8b8db12c60690bee81d87455d5461063f05749585d30e825b4cb873a26cb"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "gdb_sample.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "da878be3c3beb17e3552246be730e946",
"sample_size": 208,
"sample_type": "Binary/None",
"sha1": "2397e6a8fc7676a9fd85d5dd4bf62e21d1f4a02e",
"sha256": "414f4a44a68b7354e6ab05db4bbcf8aefefefcf518497cdb02cd403a58c8a172"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_unary.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "38bb72a64b91b6b167514a2d9af86caf",
"sample_size": 1760,
"sample_type": "Binary/None",
"sha1": "3a1f071cd7c249d5bd16cee6563acdfa40897701",
"sha256": "f738fcaa4adbed539668e45a94cdbd98e38494d91abd752b50f3c706baa85aff"
},
{
"classification": "MALICIOUS",
"file_name": "entities.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html",
"md5": "dc95235177e97927ce2ab38e09ca1eb2",
"sample_size": 77936,
"sample_type": "Binary/None",
"sha1": "bb798146c3a6bbd6a252e5b58e8e3c3b0986ce8f",
"sha256": "844c4ce8feae28e95c3bd9981ca4effc935dcfb061a9f7bf2248e51a655c8842"
},
{
"classification": "MALICIOUS",
"file_name": "test_signal.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "b7e1d7f97195feb2f50f7ea7492a1b6c",
"sample_size": 50560,
"sample_type": "Binary/None",
"sha1": "5864185114dca1cc0363efa0738e583b56ad5562",
"sha256": "a0b8c4c04078263c4ef286dc34cba3f4db552e9558878807ee71c5bd4d81b8af"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_getopt.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "a89d45ccf05f7ca33384548b0553ce6e",
"sample_size": 7136,
"sample_type": "Binary/None",
"sha1": "9380ee8e05d23de393ccdb50d1a6da7de6ffb8bf",
"sha256": "1f87328e23560bf321ef4304c1c5c30a9f17a13af26fe3e6386a71654ba52c72"
},
{
"classification": "MALICIOUS",
"file_name": "dis.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "6af48ff39dbdaeb5037626f988bd9095",
"sample_size": 21160,
"sample_type": "Binary/None",
"sha1": "03d01700a73822b74dca04d7d8f9627ce3a6c1fa",
"sha256": "e66384a92d233cf3ad782f29919a5d23e4249ffad7ce1f35427e3255ef511fc4"
},
{
"classification": "MALICIOUS",
"file_name": "server.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xmlrpc",
"md5": "7123342a3f6864ad33881ebef8a1548e",
"sample_size": 37704,
"sample_type": "Binary/None",
"sha1": "da78c94c57d7ca8b624ef07bfdcd60db7e7a1515",
"sha256": "cbd089b3a28dacd1082feebaa416077437d037c591d27876dc7bc95c838bbab6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "utf_7.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "92377baf49dd717debe3b84e6b7d5ba9",
"sample_size": 1024,
"sample_type": "Binary/None",
"sha1": "a5cae271da87ab0cd02d41469e35f8ecb4410217",
"sha256": "00e8835c3c710aad3c01590c7b63e3f577547fbeabc12e57fc505358538dc523"
},
{
"classification": "MALICIOUS",
"file_name": "test_bdb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "f521a2f49de062f370c75430a49e33f7",
"sample_size": 43592,
"sample_type": "Binary/None",
"sha1": "117551b54a7c0c052494fe1aec5bc1b1821204cd",
"sha256": "c6baf66b4475397f29436566c7f2ffac7e9fb39b62643885cc80a9ce9a52a06d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "tooltip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "7caff095de72d8087feb869b97dacf02",
"sample_size": 6784,
"sample_type": "Binary/None",
"sha1": "64e4570663d2d6a945becf1a34b47c8ab4068a39",
"sha256": "f67b6edc28a90f3ebec421c43b4fd43621f437819faf8883005b8a290a7ba736"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "longobject.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "c35322dd297009f73ca4c8129d2a2856",
"sample_size": 9792,
"sample_type": "MZ/DOS",
"sha1": "c0397f2e60c21e33c8ccbcd70c5e63172663e4a3",
"sha256": "97e2ca05e5ec70cfdd5d3d1696241038acaf6ae3bb9bf815136bb324bccec454"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "hanoi.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo",
"md5": "6507207d236f00155cd00f20c3717be2",
"sample_size": 4808,
"sample_type": "Binary/None",
"sha1": "014dd80dd31d0bb6dfa022eaf45641b583b8a279",
"sha256": "60272955c879ef39e9f3dbd4e7296556c88d064641a473663de54b1a7f38dc7a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "iomenu.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "63354eb59874777b43f43a3f6cba70dd",
"sample_size": 16312,
"sample_type": "Binary/None",
"sha1": "cbdd8058b3554b97bdae9dc24dc8182b4cd15e7c",
"sha256": "edc22804ace0cb83bb6bc4f1b6eeea5304a0a116d281ea7c448b1a73ffd0d618"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "timeit.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "8ca7686c055460a56f8eb2d3b6637f61",
"sample_size": 13896,
"sample_type": "Binary/None",
"sha1": "fc3fd89d86fd03b16f378ba237bf20d410ae0a8f",
"sha256": "07bf88763d28266cab5ade1eab7a666672a23406b0da3cafd9c3c73f96d426b6"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "format.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "c2b940c1b75e8b365ddeebbc30760494",
"sample_size": 16240,
"sample_type": "Binary/None",
"sha1": "927a07752cee74376f37b392e684b5cebfb5553e",
"sha256": "57f1d099125d74f3795ad087392c9bb021d2ca57a9e95bb85568f945b493bc7a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cgitb.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "4dac5d43582618862deb77de2babda13",
"sample_size": 12456,
"sample_type": "Binary/None",
"sha1": "5e37d236b663b652f15cd5f9fc6ca3298b31d79f",
"sha256": "695bb83ab13bc6e85edcc96b3acb90dff94e5f2038e19aa0fc6a2a7d9a63cf93"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "cp950.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "19e867ff5fc9f93821102b49a1bb0d20",
"sample_size": 1104,
"sample_type": "Binary/None",
"sha1": "19da0527784a5f1c7deb71561acc4be6ed9f89e9",
"sha256": "cd84df10ff9443a8bb8ce9c099f67f7a856428c2ac5bc577938167f83c69f06d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "poplib.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "73001bf8bb135daeb8aada07ac429a89",
"sample_size": 15720,
"sample_type": "Binary/None",
"sha1": "13d86e5812432bd59f8cf769ecb8a3288c527808",
"sha256": "03b30cf06facc4a882961de7db095047369404b6206590784b493fee51d1774d"
},
{
"classification": "MALICIOUS",
"file_name": "selectors.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "d994316f941d88692a3ee31a6951cd41",
"sample_size": 20192,
"sample_type": "Binary/None",
"sha1": "8a8f875e85b1c489915e421be7933f4655941560",
"sha256": "04dce8dd06e2167c1bb13c8fd114aa57b2ca82b2c2778f87d297b9ccde900ef3"
},
{
"classification": "MALICIOUS",
"file_name": "pyshell.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "05c2915d97cf340947cd8000049e1419",
"sample_size": 59232,
"sample_type": "Binary/None",
"sha1": "1d4249b1aa37ba3c4e1bb0ace862003445e5a3ed",
"sha256": "35d01047d9d857f5a07a16e566192ddbc25cf78d7993f2e8d413b5021983cfdd"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "idnsans.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "39adbd8b498b0d5572be51e13e9abed1",
"sample_size": 10152,
"sample_type": "MZ/DOS",
"sha1": "deb03c95ebb092305f6ca9caec75c1299349a1c9",
"sha256": "de046c48cd112e979b2a68ff1fb840e2fb9100da3529e1e3be5084eac4fa886f"
},
{
"classification": "MALICIOUS",
"file_name": "cp864.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "edf555d2e3f74e8173f852198135a6c9",
"sample_size": 34392,
"sample_type": "Binary/None",
"sha1": "1bc09dd060df8d292c8f36f198f195a26464abfe",
"sha256": "7e45d52b96738515b6375bfdeb64c2acf577fc158aab67c84e9786c736e44b00"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "query.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "8fc082f1304ccb82b518afde8e540d2a",
"sample_size": 15504,
"sample_type": "Binary/None",
"sha1": "10549debf746b444563eff4b90d5ed4727b53456",
"sha256": "30eadf95f4625a137f63218a024c4a1b8cfcfa155139b20d12a9e405bd4c06c5"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ssl_servers.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "2db2b517a2ff4da36dfcc96b0334b491",
"sample_size": 7528,
"sample_type": "Binary/None",
"sha1": "4bda8591c54fc4dc7853ebdf6b2e2e3c9cecdc6a",
"sha256": "947a6ba50436d6e2526409831cb4b5bdad027d4b141e018b6c71e958c82f5133"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "main.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "735fe7cb4e618022989ac9dc75ba79e1",
"sample_size": 11568,
"sample_type": "Binary/None",
"sha1": "7945040cd3604f3553c37eea3a380d5f8ecdc0e2",
"sha256": "fdf866c2b7cd7c777df2755a3a5b76d4abe7dbdc3954e468ce29c5c659ec01a3"
},
{
"classification": "MALICIOUS",
"file_name": "sysconfig.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "f0fabb4ca0556e6e9300464627fca3e8",
"sample_size": 25680,
"sample_type": "Binary/None",
"sha1": "eac2e5ef1ce7a19827948f510a60781cde4c4a58",
"sha256": "8b6ce9e32face516055ad61ebeffd3204a6eac13726de134e76b2ac9ed464bb2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pycacert.pem.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "0d75b8b2a4fc0b6d9a2b202d05e61562",
"sample_size": 5800,
"sample_type": "Binary/None",
"sha1": "03f3088147d0cfc7a03f1ea536523c5d38d08f1d",
"sha256": "deb2bf3126b09b3ec97b3a639b265a6b83fe4bb5cc8b62fa6f4d2de3278fc1e2"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pyframe.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "d18ac835715af1f40626f05a75fd59ea",
"sample_size": 528,
"sample_type": "Binary/None",
"sha1": "87fecae0b6b8358ba2c265fb2cf53e24d8b03539",
"sha256": "0d100fc7a5f109ba456c05922be44f2b21ea1314d505374c91c968af27375093"
},
{
"classification": "MALICIOUS",
"file_name": "generator.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email",
"md5": "bd5b9ddbf7194ab2964370e376cf92bf",
"sample_size": 20752,
"sample_type": "Binary/None",
"sha1": "4fb1b5d709e3bf81a0623d1df96615a66ede7c7a",
"sha256": "7d8caacc64756c706d5dd1fe26a3e79d8e1c71431f64208a3a0a1d90315d208d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "au-descriptor-1.8.0_371-b11.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
"md5": "54b0891167272da470696c9f3f1fb728",
"sample_size": 6872,
"sample_type": "Binary/None",
"sha1": "09c294fb3feef54edd18dfe2104767e9700131ab",
"sha256": "00794d1c19081d14eefb33da7d229c34c8f1336179b88647cf7586f894a9386f"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "runner.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest",
"md5": "6a164e99308737873671f632affd0315",
"sample_size": 8320,
"sample_type": "Binary/None",
"sha1": "9c4254dd3c2aac961c1211a11a8e3583af6a874b",
"sha256": "00be5a4ee498dc74aad7a6b8819c36a9baf7005f85b4da7ece45f3f64265bf20"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "import.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "df59afa9ffc38048390c63b83fa848bf",
"sample_size": 3168,
"sample_type": "Binary/None",
"sha1": "45f43c3c90d264bcd1e42947b4b4ef7eecd24b08",
"sha256": "200e500090f676aabbd6f2adbd55be1d743b005bcf45a636e24202dc76de4293"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "parsetok.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "6c5ba6b6741f0ceba9e30ab36ff31634",
"sample_size": 3112,
"sample_type": "Binary/None",
"sha1": "193d1bf3c1fc6f5480f4d0b83d76f7215659c517",
"sha256": "28765097f0bf88e54f12f2af929069658762bcfe8a2d7565bbeb245a9c91e1f9"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "xmltests.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "1d2f44db4f359a98cf07c364940db5f5",
"sample_size": 560,
"sample_type": "Binary/None",
"sha1": "c763c6adcdf10ea366995408510c8a3e11b0e028",
"sha256": "655bf9d69af0c1ec41fef625de5ea4b34bd503b24386e3e42a09d994b4e650c0"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_frame.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "7f47173650e4e29856f21ec78c7ab359",
"sample_size": 6056,
"sample_type": "Binary/None",
"sha1": "bac3b60588da442f28300cedf60cf06be9ea1e5b",
"sha256": "7474254e8ecf26a21ff84b485984ad428d3f5df07007efd2047e3623b524bd24"
},
{
"classification": "MALICIOUS",
"file_name": "cp863.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "34985d254506b2dbbf7aff0cd0a8c606",
"sample_size": 34992,
"sample_type": "Binary/None",
"sha1": "31fda7d0d2dd6bed3a6919704ae1bce57ae57de8",
"sha256": "3472ceb372a1372e37cfbe0f8dcfb2003ffdaa58917e0c2666e037e3057f83aa"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "filelist.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "5e43b1c795f0fbd27e7d15863f1beef6",
"sample_size": 4048,
"sample_type": "Binary/None",
"sha1": "c555aa076f1ee5edfd69fe0372f1041a27237d31",
"sha256": "3c3891eef7167f1eeb34bb23036658302585ec1f134cd7e1dd3c62c03d73e985"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_file.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "a32d95d8f5daa84a1f3f2bca83a992f2",
"sample_size": 12344,
"sample_type": "Binary/None",
"sha1": "f8d48ec64aec40c4a713c92e9ccbf76f402b1c50",
"sha256": "9871462f91b8cc7e941ada6fbd68ac5fc60badb7c57199d81c5c4c0150de6743"
},
{
"classification": "MALICIOUS",
"file_name": "test_gzip.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "21e2eb43689719dedb6bb74f31071379",
"sample_size": 31776,
"sample_type": "Binary/None",
"sha1": "e28fda1464e185031c6cdfaa3087f862706a02b1",
"sha256": "29e1d1c29a5560dcb3efe7aa693f48bd30f6463e7e7e9985faee4c532cdd8eef"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "__init__.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3",
"md5": "ec34839e24c17652d98377ae7da847a3",
"sample_size": 2112,
"sample_type": "Binary/None",
"sha1": "ed94d31a40322008e892e9e8dfaeed17f9263b4a",
"sha256": "b89e9802131ce32d4162654e8da8b080fe8de5cc26dd2600122c01da9a9bfa95"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "debugobj.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "6365f84afa2357ee7ae246fe563a6b5c",
"sample_size": 4240,
"sample_type": "Binary/None",
"sha1": "3ccfec0c42f7e2ac014a0f478b6d87ed1f6de661",
"sha256": "f68b53231485ebfa45f92dcbb0169d5876af77916fc104cf7b2171573e3ca357"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "errcode.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "f8094036a3ebf5fe26070936aa906d19",
"sample_size": 1704,
"sample_type": "Binary/None",
"sha1": "21a3b03749bcbc6d5205e23d5061350a42f92b9d",
"sha256": "2de188f03d93fe3703ad060126e42452d6f57f80f89c4928239b19458393587c"
},
{
"classification": "MALICIOUS",
"file_name": "tasks.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "c552e2b110d748d471cd14d7fb7069c2",
"sample_size": 35448,
"sample_type": "Binary/None",
"sha1": "39ddc696d55b757785bb36662df5413bdf57e288",
"sha256": "62fa157d75c088a7980a247793b23625beb4530989da6e763bb60d4e94f29439"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "audio.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime",
"md5": "5854888ff17abbca6edb03e0e1fb8c39",
"sample_size": 2856,
"sample_type": "Binary/None",
"sha1": "644a62687f78740c1d3fa2582167e1f75e91eb82",
"sha256": "ac73331166b36c1840889a6ec0e41bde6c9c111653e64e1a388e56df1a0fa5f7"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "5c4702cd526cc48a8ca08b053b04c176.xml.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig",
"md5": "d4df5d2f0b54b4708314b3ce2a692e0b",
"sample_size": 2168,
"sample_type": "Binary/None",
"sha1": "f2b6afd485689228062bab5f453fa2b5a0ba4f63",
"sha256": "8757531e09e21f0fdaa18c1a7fe1923157eeef9f2967e428aa4860ac0a52abd8"
},
{
"classification": "MALICIOUS",
"file_name": "pstats.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "fd20728c75685f8d9f8d2459a892e015",
"sample_size": 30144,
"sample_type": "Binary/None",
"sha1": "49661a36c53a151ccd24b130fba94ff3286aad93",
"sha256": "de6857475be57b465eb1f5b3a21ff2216448afec0f59c33b206fb64b7412ddba"
},
{
"classification": "MALICIOUS",
"file_name": "datetime.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "90bedd604a02e5969bbb471537b0696b",
"sample_size": 91776,
"sample_type": "Binary/None",
"sha1": "a529353fddf007810cd37d60c859320fee694fdf",
"sha256": "e7d518e0c9a73eb55acd007674e89b9f916dfe3da77960eccadd55108a768f39"
},
{
"classification": "MALICIOUS",
"file_name": "test_shutil.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "9689aa8beff05a81bf28ba34d6b2e18f",
"sample_size": 108864,
"sample_type": "Binary/None",
"sha1": "09361dc6d08bd5be81bcf4e5f21591e2c700b8bb",
"sha256": "0c23344518e05d5868a8a346c87128e9aed1fa9bd00649ccce18be2b2ada4fa6"
},
{
"classification": "MALICIOUS",
"file_name": "sslproto.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio",
"md5": "e98b3e0347f854f6f8ebb9238ea5280b",
"sample_size": 28240,
"sample_type": "Binary/None",
"sha1": "95f874031d161426298ef90b89aaa70c06a9ddcf",
"sha256": "0bcd98cb477a99d325fa0dfe6a81c040d9cb2bed786f715060af4971af70003f"
},
{
"classification": "MALICIOUS",
"file_name": "rpc.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib",
"md5": "3172623b5df9b23c04e7e3c3c1512c50",
"sample_size": 21752,
"sample_type": "Binary/None",
"sha1": "799babf5c16623165b3f17ebc709e7f897cd9b16",
"sha256": "eadd94f4719731b6c33b1293fb2cdfdc24e7e3f405411612731fbcc8ac04e19a"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "linecache.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "cafbcfd1b6c907735333c426792229c5",
"sample_size": 5680,
"sample_type": "Binary/None",
"sha1": "a71b95f5fb587235218d01dcd39d6e35b1d551e7",
"sha256": "1e20834489ff00871dc5854eddf241bb1bdf75d89feaf163940273720b5de892"
},
{
"classification": "MALICIOUS",
"file_name": "ssl.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib",
"md5": "b051959fa90489c3d55edfa7a4656ac9",
"sample_size": 52288,
"sample_type": "Binary/None",
"sha1": "de6b7b8efe92736c319e4f276625d4986b26ca7e",
"sha256": "135c41557a44f703c0cf9f48b59941d7c4f369ac3dd1e7fd926c976b52f32b19"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "ann_module.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "30272649ed2d747db3ce1b7cab85fe30",
"sample_size": 1208,
"sample_type": "Binary/None",
"sha1": "a81ac9f957f084f37e026429390c08af83b2c45f",
"sha256": "e92694e7993570a95ac9625741cf7fd7aaccb059deebb8c50be6975510e96d17"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pythread.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "88a6f2d25b7f404dc45ead21c2854ac9",
"sample_size": 6144,
"sample_type": "Binary/None",
"sha1": "cf6554637b90dda0af507ea0a4a0342739ca8512",
"sha256": "8e86f854f055bc80c5f539042c64d54a5ae17f1d7cf8895e25f0bb4330721c6d"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "core.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils",
"md5": "eb5dff40652ae7dd1995d5ccc54701b2",
"sample_size": 9152,
"sample_type": "Binary/None",
"sha1": "54f02c84de55e086fddb52f4a12995a45722edc5",
"sha256": "02177c597f6a5c7a7f993161a7b14f65154959fbb29719b9f047626c6c94c146"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "pymacro.h.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include",
"md5": "41b5134d662b68d9a990f710456acf80",
"sample_size": 5096,
"sample_type": "Binary/None",
"sha1": "7335f23165f42a1fc2802be0cf0020248548db93",
"sha256": "1194056fe6cd6699aa5e907d60297f7fe0537853bcb038dd354e8d30749e5d99"
},
{
"classification": "MALICIOUS",
"file_name": "server.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http",
"md5": "edf08c57b83eae98274cabbcd0669e87",
"sample_size": 48712,
"sample_type": "Binary/None",
"sha1": "11a4bc5c1f21810405b2104aecc4daab4a17f007",
"sha256": "231b9733ffa226da62ee9436c3a77b0c155ef3ea4ed37e765d8312665e37a916"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "headers.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref",
"md5": "340d1ef349d9abca1bef4e1df2730dec",
"sample_size": 6992,
"sample_type": "Binary/None",
"sha1": "68f18461c9e58eb15a8bb08d4d6416e8c3ec0fdf",
"sha256": "e7f46189affdb87a0e0338b747e463ca6c5ed68ad3d8abb07f36cef79ee2d544"
},
{
"classification": "NO_THREATS_FOUND",
"file_name": "test_pkg.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test",
"md5": "a1c43319ad3407421c40eca1cb5f3ddd",
"sample_size": 10160,
"sample_type": "Binary/None",
"sha1": "73252e34437f9344acc784b8439ffe4b048918a7",
"sha256": "a2deb4ae5a106bef23236a3dd07ff6f5385782d28b7f53b99fe27d28aa291b52"
},
{
"classification": "MALICIOUS",
"file_name": "cp862.py.toxcrypt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings",
"md5": "1957097ab8f3948d2797c5707a2a6195",
"sample_size": 34112,
"sample_type": "Binary/None",
"sha1": "20a216c817f032232a38ef7dbe42a2bb3687ad90",
"sha256": "f9b18890c0233ecc0d425656b6564aa22fb09a7b75214ad95a4d2fd56d464574"
}
],
"dropped_files_url": "https://bucket.reversinglabs.com/rl-cloud-sandbox-dropped-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_dropped_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024237Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=0754967f88b69419f9aabe99ae040632546210ba012cbc35b19839ec8e5a60c5",
"md5": "d5720ea13de22edcbe76d20c7908c0bf",
"memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024237Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d09eaaf10332e5b4dfc8de433a19ba90d3f39c779b7241f5217184045018ff85",
"mitre_attack": {
"matrix_list": [
{
"name": "Enterprise",
"tactics": {
"tactic_list": [
{
"id": "TA0005",
"name": "Defense Evasion",
"techniques": {
"technique_list": [
{
"id": "T1055",
"name": "Process Injection"
},
{
"id": "T1027",
"name": "Obfuscated Files or Information"
},
{
"id": "T1036",
"name": "Masquerading"
},
{
"id": "T1140",
"name": "Deobfuscate/Decode Files or Information"
},
{
"id": "T1027.002",
"name": "Software Packing"
}
]
}
},
{
"id": "TA0007",
"name": "Discovery",
"techniques": {
"technique_list": [
{
"id": "T1083",
"name": "File and Directory Discovery"
},
{
"id": "T1082",
"name": "System Information Discovery"
},
{
"id": "T1124",
"name": "System Time Discovery"
},
{
"id": "T1518.001",
"name": "Security Software Discovery"
},
{
"id": "T1016",
"name": "System Network Configuration Discovery"
}
]
}
},
{
"id": "TA0002",
"name": "Execution",
"techniques": {
"technique_list": []
}
},
{
"id": "TA0011",
"name": "Command and Control",
"techniques": {
"technique_list": [
{
"id": "T1105",
"name": "Remote File Copy"
},
{
"id": "T1573",
"name": "Encrypted Channel"
}
]
}
},
{
"id": "TA0010",
"name": "Exfiltration",
"techniques": {
"technique_list": []
}
},
{
"id": "TA0004",
"name": "Privilege Escalation",
"techniques": {
"technique_list": [
{
"id": "T1547.001",
"name": "Registry Run Keys / Startup Folder"
}
]
}
},
{
"id": "TA0003",
"name": "Persistence",
"techniques": {
"technique_list": []
}
},
{
"id": "TA0009",
"name": "Collection",
"techniques": {
"technique_list": [
{
"id": "T1560",
"name": "Archive Collected Data"
},
{
"id": "T1056",
"name": "Input Capture"
},
{
"id": "T1005",
"name": "Data from Local System"
}
]
}
},
{
"id": "TA0040",
"name": "Impact",
"techniques": {
"technique_list": []
}
},
{
"id": "TA0006",
"name": "Credential Access",
"techniques": {
"technique_list": [
{
"id": "T1003",
"name": "OS Credential Dumping"
}
]
}
}
]
}
}
]
},
"network": {
"url": [
{
"source": "memory",
"url": "http://127.0.0.1:90500123456789ABCDEF"
},
{
"source": "memory",
"url": "http://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip"
},
{
"source": "memory",
"url": "http://gcc.gnu.org/bugs.html):"
},
{
"source": "memory",
"url": "http://curl.haxx.se/docs/http-cookies.html"
}
]
},
"optional_parameters": "internet_simulation=false",
"pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024237Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d0a36b3fb2b6682dade177a83c5119b0e725bb4ad0a2d28fd2a3a7a0dda56a35",
"platform": "windows10",
"process_tree": [
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 1040
},
{
"name": "rl_file.exe",
"parameters": "C:\\Users\\user\\Desktop\\rl_file.exe",
"parent_process_id": 4160,
"process_id": 5252
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 1040,
"process_id": 1076
},
{
"name": "rl_file.exe",
"parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" ",
"parent_process_id": 5252,
"process_id": 7716
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 1428
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 1428,
"process_id": 4548
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 7620
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 7620,
"process_id": 7568
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 7892
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 7892,
"process_id": 7880
},
{
"name": "Tox.exe",
"parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" ",
"parent_process_id": 4160,
"process_id": 8020
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 3456
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 3456,
"process_id": 6668
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 5256
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 5256,
"process_id": 6932
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 3816
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 3816,
"process_id": 6064
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 8140
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 8140,
"process_id": 3916
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 3764
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 3764,
"process_id": 7428
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 3516
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 3516,
"process_id": 7652
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 5540
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 5540,
"process_id": 2636
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 7452
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 7452,
"process_id": 5268
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 4576
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 4576,
"process_id": 4588
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 1552
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 1552,
"process_id": 8060
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 5596
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 5596,
"process_id": 8132
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 7848
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 7848,
"process_id": 8112
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 6164
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 6164,
"process_id": 1848
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 3816
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 3816,
"process_id": 8160
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 3400
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 3400,
"process_id": 6168
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 4068
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 4068,
"process_id": 6288
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 1076
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 1076,
"process_id": 6680
},
{
"name": "ipconfig.exe",
"parameters": "ipconfig /renew",
"parent_process_id": 7028,
"process_id": 3908
},
{
"name": "conhost.exe",
"parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1",
"parent_process_id": 3908,
"process_id": 7696
}
],
"risk_score": 96,
"screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024238Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=8984143143aa69d5eb2e5bd990a0e4d4e32822c2b1e67502e05c805e47d34301",
"sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"sha256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19",
"signatures": [
{
"description": "Reads ini files",
"risk_factor": 5,
"sig_id": 1257
},
{
"description": "Creates a start menu entry (Start Menu\\\\Programs\\\\Startup)",
"risk_factor": 7,
"sig_id": 1376
},
{
"description": "Disables application error messages (SetErrorMode)",
"risk_factor": 5,
"sig_id": 1397
},
{
"description": "Uses Microsofts Enhanced Cryptographic Provider",
"risk_factor": 7,
"sig_id": 1312
},
{
"description": "Contains functionality to enumerate / list files inside a directory",
"risk_factor": 5,
"sig_id": 1088
},
{
"description": "Found string decryption functions",
"risk_factor": 7,
"sig_id": 1600
},
{
"description": "Found inlined nop instructions (likely shell or obfuscated code)",
"risk_factor": 7,
"sig_id": 1537
},
{
"description": "Creates temporary files",
"risk_factor": 5,
"sig_id": 1276
},
{
"description": "Tries to harvest and steal browser information (history, passwords, etc)",
"risk_factor": 8,
"sig_id": 1272
},
{
"description": "Sample reads its own file content",
"risk_factor": 5,
"sig_id": 1571
},
{
"description": "URLs found in memory or binary data",
"risk_factor": 5,
"sig_id": 357
},
{
"description": "Contains functionality to download additional files from the internet",
"risk_factor": 5,
"sig_id": 1090
},
{
"description": "Uses an in-process (OLE) Automation server",
"risk_factor": 5,
"sig_id": 1458
},
{
"description": "Sample is packed with UPX",
"risk_factor": 5,
"sig_id": 1366
},
{
"description": "Creates a DirectInput object (often for capturing keystrokes)",
"risk_factor": 7,
"sig_id": 1339
},
{
"description": "Stores files to the Windows startup directory",
"risk_factor": 7,
"sig_id": 1352
},
{
"description": "Creates a process in suspended mode (likely to inject code)",
"risk_factor": 7,
"sig_id": 1790
},
{
"description": "Spawns processes",
"risk_factor": 5,
"sig_id": 1271
},
{
"description": "Creates mutexes",
"risk_factor": 5,
"sig_id": 1150
},
{
"description": "Detected crypto function",
"risk_factor": 7,
"sig_id": 1826
},
{
"description": "Sample is known by Antivirus (Virustotal or Metascan)",
"risk_factor": 5,
"sig_id": 1532
},
{
"description": "Contains functionality to register its own exception handler",
"risk_factor": 5,
"sig_id": 1094
},
{
"description": "Classification label",
"risk_factor": 5,
"sig_id": 420
},
{
"description": "Uses 32bit PE files",
"risk_factor": 7,
"sig_id": 621
},
{
"description": "Contains functionality to query local / system time",
"risk_factor": 5,
"sig_id": 1103
},
{
"description": "Multi AV Scanner detection for dropped file",
"risk_factor": 10,
"sig_id": 1524
},
{
"description": "Drops PE files",
"risk_factor": 7,
"sig_id": 1167
},
{
"description": "Multi AV Scanner detection for submitted file",
"risk_factor": 10,
"sig_id": 362
},
{
"description": "Contains functionality to query CPU information (cpuid)",
"risk_factor": 7,
"sig_id": 1326
},
{
"description": "Uses code obfuscation techniques (call, push, ret)",
"risk_factor": 7,
"sig_id": 1577
},
{
"description": "Drops PE files to the startup folder (C:\\\\Documents and Settings\\\\All Users\\\\Start Menu\\\\Programs\\\\Startup)",
"risk_factor": 8,
"sig_id": 1378
},
{
"description": "Creates files inside the user directory",
"risk_factor": 5,
"sig_id": 1145
},
{
"description": "Reads software policies",
"risk_factor": 5,
"sig_id": 1460
},
{
"description": "Writes many files with high entropy",
"risk_factor": 8,
"sig_id": 2072
},
{
"description": "Binary contains paths to debug symbols",
"risk_factor": 0,
"sig_id": 1248
},
{
"description": "Enumerates the file system",
"risk_factor": 5,
"sig_id": 1173
},
{
"description": "Uses ipconfig to modify the Windows network settings",
"risk_factor": 8,
"sig_id": 1281
},
{
"description": "Sample execution stops while process was sleeping (likely an evasion)",
"risk_factor": 7,
"sig_id": 1681
}
],
"threat_names": [
{
"threat_name": "Unknown"
}
]
},
"requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271",
"requested_id": "08249dbc-77bf-482e-be4d-b8fa58de01c7"
}
}
}
}

Human Readable Output#

ReversingLabs Sample Dynamic Analysis output for sample 21841b32c6165b27dddbd4d6eb3a672defe54271#

Classification: MALICIOUS Sample SHA1: 21841b32c6165b27dddbd4d6eb3a672defe54271 Sample MD5: d5720ea13de22edcbe76d20c7908c0bf Sample SHA256: 0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19 Last analysis: None

Full report is returned as JSON in a downloadable file#

reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis#


Submit a URL for dynamic analysis.

Base Command#

reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis

Input#

Argument NameDescriptionRequired
urlURL string.Required
platformDesired platform; See the API documentation for possible values.Required

Context Output#

PathTypeDescription
ReversingLabs.detonate_url_dynamicUnknownThe dynamic analysis.

Command example#

!reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis url=http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt platform=windows10

Context Example#

{
"ReversingLabs": {
"detonate_url_dynamic": {
"rl": {
"analysis_id": "033ae6c3-b6e3-4dcc-9544-e394401b92d6",
"sha1": "01b57da1914cff3920cf2ce6ae03001a3ba8e76f",
"status": "started",
"url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"url_base64": "aHR0cDovL2NsYXNzaWNhaXJqb3JkYW5zaG9lcy5jb20vY2xhc3NpYy1haXItam9yZGFuLTktYy03Lmh0bWw_emVuaWQ9ZWdibW1iaTAzOWlxbXM1aG81ZHQycW51bm0wbWV0dHQ"
}
}
}
}

Human Readable Output#

ReversingLabs submit URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt for Dynamic Analysis#

Status: started Requested UR: http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt URL SHA1: 01b57da1914cff3920cf2ce6ae03001a3ba8e76f URL BASE64: aHR0cDovL2NsYXNzaWNhaXJqb3JkYW5zaG9lcy5jb20vY2xhc3NpYy1haXItam9yZGFuLTktYy03Lmh0bWw_emVuaWQ9ZWdibW1iaTAzOWlxbXM1aG81ZHQycW51bm0wbWV0dHQ Analysis ID: 033ae6c3-b6e3-4dcc-9544-e394401b92d6

reversinglabs-titaniumcloud-get-url-dynamic-analysis-results#


Retrieve dynamic analysis results for a URL.

Base Command#

reversinglabs-titaniumcloud-get-url-dynamic-analysis-results

Input#

Argument NameDescriptionRequired
sha1URL SHA-1 hash. It can be found in the response while submitting the URL for analysis. Mutually exclusive with url.Optional
urlThe requested URL- Mutually exclusive with sha1.Optional
analysis_idID of a specific analysis to fetch.Optional
latest_analysisFetch the latest analysis. Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
URL.DataStringThe URL.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringThe indicator type.
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.VendorStringThe vendor used to calculate the score.
ReversingLabs.url_dynamic_analysis_resultsUnknownThe URL dynamic analysis results.

Command example#

!reversinglabs-titaniumcloud-get-url-dynamic-analysis-results url=http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt analysis_id=0f57134a-ecb8-4f8f-ad60-903b63bf8bc4 latest_analysis=false

Context Example#

{
"DBotScore": {
"Indicator": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"Reliability": "C - Fairly reliable",
"Score": 1,
"Type": "url",
"Vendor": "ReversingLabs TitaniumCloud v2"
},
"InfoFile": {
"EntryID": "8959@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
"Extension": "html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"Info": "html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"Name": "Dynamic analysis report file for URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"Size": 348681,
"Type": "ASCII text, with very long lines"
},
"ReversingLabs": {
"url_dynamic_analysis_results": {
"rl": {
"report": {
"analysis_duration": 166,
"analysis_id": "0f57134a-ecb8-4f8f-ad60-903b63bf8bc4",
"analysis_time": "2024-01-18T02:33:30",
"behavioral": [
{
"file_actions": [
{
"action_type": "file_opened",
"file_name": "tzres.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome.dll",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KsecDD",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Endpoint",
"file_path": "\\Device\\Afd",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tzres.dll.mui",
"file_path": "C:\\WINDOWS\\SYSTEM32\\en-US",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}",
"file_path": "\\DEVICE",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Users",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_200_percent.pak",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Secur32.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_100_percent.pak",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PROPSYS.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SSPICLI.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Local",
"file_path": "C:\\Users\\user\\AppData",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINMMBASE.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "user",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dhcpcsvc.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "Network Persistent State",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "TransportSecurity~RF29560.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_elf.dll",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "ff81d8f6-8d3c-47ae-8fd7-925ada68e204.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "TransportSecurity",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "113.0.5672.93",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntmarta.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Network Persistent State~RF29512.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AsyncConnectHlp",
"file_path": "\\Device\\Afd",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "VERSION.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Network Persistent State~RF37a23.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "RasAcd",
"file_path": "\\Device",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "IPHLPAPI.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "etc",
"file_path": "C:\\WINDOWS\\system32\\drivers",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AppData",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "f0e922b5-ad04-4bc2-ab8c-40e96d299d06.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hosts",
"file_path": "C:\\WINDOWS\\system32\\drivers\\etc",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "SCT Auditing Pending Reports~RF2696e.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "32e90c66-6d69-4e6e-8b26-a251eaa42ab8.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ole32.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UIAutomationCore.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DWrite.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "C:",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "SCT Auditing Pending Reports~RF268b3.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-US.pak",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Google",
"file_path": "C:\\Users\\user\\AppData\\Local",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NLAapi.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTBASE.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USERENV.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mswsock.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINMM.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "SCT Auditing Pending Reports",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Nsi",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "fe60b991-49ae-459c-8360-27762fd34053.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dhcpcsvc6.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DNSAPI.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcrypt.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINSPOOL.DRV",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icudtl.dat",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dbghelp.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}",
"file_path": "\\DEVICE",
"status": "object name not found"
},
{
"action_type": "file_opened",
"file_name": "v8_context_snapshot.bin",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINNSI.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINHTTP.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "resources.pak",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "crashpad_4464_DXVJSNHTQUJMXMSE",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rasadhlp.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "554b2999-c537-47d5-9ab6-a243b9192aec.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls\\DWrite.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\USER32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\combase.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\secur32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\Secur32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dbghelp.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\kernel.appcore.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dhcpcsvc.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ntmarta.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\msvcp_win.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\CRYPTBASE.DLL",
"module_tag": ""
},
{
"module_name": "unknown",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\OLEAUT32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\rasadhlp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\userenv.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\bcrypt.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\rasadhlp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winnsi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WS2_32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\nlaapi.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\ntmarta.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\UIAutomationCore.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\version.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\profapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\NSI.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\gdi32full.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\DWrite.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\USERENV.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\VERSION.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\cryptbase.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ucrtbase.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winmmbase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\DNSAPI.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\SSPICLI.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\ole32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\UIAutomationCore.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINMM.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\propsys.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\CRYPT32.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dhcpcsvc.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINNSI.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\sechost.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\cfgmgr32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\mswsock.dll",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\v8_context_snapshot.bin",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\bcrypt.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ADVAPI32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINTRUST.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\KERNELBASE.dll",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\bcryptPrimitives.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dbghelp.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\PROPSYS.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\shcore.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dnsapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\FLTLIB.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINHTTP.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\mswsock.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\winmmbase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\msvcrt.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\imm32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINSPOOL.DRV",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\windows.storage.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINMMBASE.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\KERNEL32.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\MSASN1.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\powrprof.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\shlwapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\win32u.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winmm.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dhcpcsvc6.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winhttp.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\RPCRT4.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\shell32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\IMM32.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\NLAapi.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\sspicli.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winspool.drv",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\IPHLPAPI.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\GDI32.dll",
"module_tag": ""
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "unknown",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2960:304:WilStaging_02",
"status": "success or wait"
}
],
"process": {
"name": "chrome.exe",
"parameters": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1816,i,13857433630562973425,11579335400417572304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8",
"parent_process_id": 4464,
"process_id": 2960
},
"registry_actions": [
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters",
"status": "pending",
"value": "",
"value_name": ""
}
]
},
{
"file_actions": [
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AutoIt3",
"file_path": "C:\\Program Files (x86)",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_elf.dll",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "113.0.5672.93",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "crashpad_5400_BFYJTIUXOZXDCSEH",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "VERSION.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTBASE.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntmarta.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls\\profapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\windows.storage.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\gdi32full.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\msvcp_win.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\KERNEL32.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\combase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\shcore.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\VERSION.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\shlwapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\sechost.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\cfgmgr32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\RPCRT4.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\cryptbase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ucrtbase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ntmarta.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ADVAPI32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\USER32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\KERNELBASE.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\CRYPTBASE.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\kernel.appcore.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\IMM32.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\bcryptPrimitives.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\win32u.dll",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\FLTLIB.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\ntmarta.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\SHELL32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\msvcrt.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\version.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\powrprof.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\imm32.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\GDI32.dll",
"module_tag": ""
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "unknown",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5400:304:WilStaging_02",
"status": "success or wait"
}
],
"process": {
"name": "chrome.exe",
"parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \"http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"parent_process_id": 4536,
"process_id": 5400
},
"process_actions": [
{
"action_type": "process_terminated",
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"status": "success or wait"
},
{
"action_type": "process_created",
"path": "unknown",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_modified",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty",
"status": "success or wait",
"value": "NU LL ",
"value_name": "StatusCodes"
},
{
"action_type": "key_value_modified",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon",
"status": "success or wait",
"value": "2",
"value_name": "state"
}
]
},
{
"file_actions": [
{
"action_type": "file_opened",
"file_name": "AutoIt3",
"file_path": "C:\\Program Files (x86)",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "computed_hashes.json",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\hangout_services\\_metadata",
"status": "object path not found"
},
{
"action_type": "file_deleted",
"file_name": "lv",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "gu",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "upgrade-index",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.6768.3236221341262871307",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Local",
"file_path": "C:\\Users\\user~1\\AppData",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMApi",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Windows.UI.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARIAL.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Application",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "prefs.json",
"file_path": "C:\\Program Files\\Google\\GoogleUpdater",
"status": "object path not found"
},
{
"action_type": "file_deleted",
"file_name": "pl",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "VERSION.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Preferences~RF27e1f.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "km",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntshrui.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "lv",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "craw_window.css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SetupMetrics",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ro",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\uk",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KBDUS.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "en_US",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hu",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\tr",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AppData",
"file_path": "C:\\Users\\user",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zh_TW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\da",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ko",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ja",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF272c5.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_TW",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hi",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "verified_contents.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.9884927993438869709",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hu",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "nb",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tzres.dll.mui",
"file_path": "C:\\WINDOWS\\SYSTEM32\\en-US",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ml",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msvcp110_win.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Module Info Cache~RF2b04b.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "page_embed_script.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ja",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Preferences~RF368bd.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "computed_hashes.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF25bb2.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "113.0.5672.93",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "1.66.0_0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "id",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "af",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr_CA",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "vi",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cversions.1.db",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "de",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ca",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Tabs_13341351141015311",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "user~1",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cscui.dll",
"file_path": "C:\\WINDOWS\\System32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.9830066675901148501",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "Caches",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",
"status": "object name collision"
},
{
"action_type": "file_opened",
"file_name": "cryptsp.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dwmapi.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lt",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "b1ccf6d4-6223-4726-a8e3-ea766a35ff39.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403",
"file_path": "C:\\WINDOWS\\WinSxS",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "Preferences",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WindowsCodecsRaw.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "topbar_floating_button_maximize.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\si",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\de",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ur",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kk",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Users",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "gpapi.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dhcpcsvc.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "verified_contents.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ActXPrxy.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fil",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fil",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hy",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sortdefault.nls",
"file_path": "C:\\WINDOWS\\Globalization\\Sorting",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "gl",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fi",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "RTWorkQ.DLL",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tr",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "twinapi.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\tr",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "en-US.pak",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_PT",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\id",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zh_CN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ne",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "es_419",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "inetcomm.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\is",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dbghelp.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_locales",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "chrome_BITS_4464_1275025057",
"file_path": "C:\\Program Files",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pa",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.16657403304667141561",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ar",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "twinapi.appcore.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "BitsProxy.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bn",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "tr",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_200_percent.pak",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dlnashext.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "iw",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SSPICLI.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "fwbase.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cy",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sl",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WTSAPI32.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Module Info Cache~RF3756f.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ms",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sw",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MountPointManager",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRLs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "eu",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARIALBI.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KERNEL32.DLL.mui",
"file_path": "C:\\WINDOWS\\System32\\en-US",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\bg",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\it",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF25cdb.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "computed_hashes.json",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\pdf\\_metadata",
"status": "object path not found"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF256ff.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pt_BR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_CN",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_PT",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lt",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "topbar_floating_button_pressed.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mscms.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DPAPI.dll",
"file_path": "C:\\WINDOWS\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\th",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.597526722011020277",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Local State~RF27c69.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "BrowserMetrics-65244C60-125C.pma",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Secur32.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ml",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "chrome_BITS_4464_1160353240",
"file_path": "C:\\Program Files",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_CA",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "topbar_floating_button_hover.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\eu",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "bcrypt.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ca",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lv",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF256e0.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "temp-index",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ka",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Caches",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wlanapi.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "it",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "000001.dbtmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\gdaefkejpgkiemlaofpalmlakkmbjdnl",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "default_apps",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "chrome_BITS_4464_1160353240",
"file_path": "C:\\Program Files",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARIALI.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF27277.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sr",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ta",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ru",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wpnapps.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "FirewallAPI.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_CN",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINHTTP.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.6408347921924087484",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "sRGB Color Space Profile.icm",
"file_path": "C:\\WINDOWS\\system32\\spool\\drivers\\color",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ta",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ko",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MSOHEVI.DLL",
"file_path": "C:\\PROGRA~1\\MICROS~1\\Office12",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_GB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF272a5.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IPHLPAPI.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sr",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sk",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "no",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "images",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "ef0ebb1a-af16-40a8-b462-7f58367a723f.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sv",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINSTA.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARIALBD.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\iw",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hr",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tbs.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "srmshell.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF262e6.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ka",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "lt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mn",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sk",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dxgi.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USERENV.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sr",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\te",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "manifest.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF26bfe.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bfc3761f-a788-4a60-8860-db27b3bf6826",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\blob_storage",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome.dll",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "IMM32.DLL",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_BITS_4464_743776994",
"file_path": "C:\\Program Files",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fa",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "webcheck.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "craw_window.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "it",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fil",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Endpoint",
"file_path": "\\Device\\Afd",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "usermgrcli.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TIMESBI.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "te",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "stobject.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "manifest.json",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WorkfoldersShell.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ja",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\PersistentOriginTrials",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nb",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_16.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\az",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TIMES.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dataexchange.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_metadata",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DWrite.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ru",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\no",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "kn",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "21396532-59c8-445f-8958-2ec00a2eaf8f.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shellext.dll",
"file_path": "C:\\Program Files\\Windows Defender",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.6768.15204235271995857199",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\vi",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\de",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "th",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF272b5.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hi",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gu",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.16472181969836552073",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CoreUIComponents.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sl",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PCPKsp.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fi",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINMMBASE.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Certificates",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_HK",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MDMRegistration.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "computed_hashes.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db",
"file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ntmarta.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF256ff.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fi",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zu",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_written",
"file_name": "unknown",
"file_path": "",
"status": "invalid handle"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\km",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.6768.11328892739696708463",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARIBLK.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "topbar_floating_button.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NLAapi.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wkssvc",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINMM.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wshext.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ro",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF272d4.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}",
"file_path": "\\DEVICE",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sr",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\my",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kn",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF27286.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "colorui.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "en_GB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "msoshext.dll",
"file_path": "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF25951.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "chrome_BITS_4464_743776994",
"file_path": "C:\\Program Files",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "manifest.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ar",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sv",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "topbar_floating_button_close.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTSP.dll",
"file_path": "C:\\WINDOWS\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "en_GB",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "nl",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "dc884606-ac61-47a5-a5bc-48b0aa09da61.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_BR",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ja",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "da",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINDOWS",
"file_path": "C:",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "lt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cs",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wab32.dll",
"file_path": "C:\\Program Files\\Common Files\\System",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\th",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_BITS_4464_1160353240",
"file_path": "C:\\Program Files",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "es",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_metadata",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es_419",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "lo",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Preferences~RF2f3ad.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CRYPTBASE.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TIMESI.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CTLs",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TPM",
"file_path": "",
"status": "object name not found"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "MMDevApi.dll",
"file_path": "C:\\WINDOWS\\System32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "Local State",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "trusted_vault.pb~RF26567.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "uk",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "_locales",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\et",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sl",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ne",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "user",
"file_path": "C:\\Users",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\et",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "todelete_68aa47498e871c55",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "html",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.6768.14971157679118795413",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pt_PT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "th",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\am",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "manifest.json",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\WidevineCdm",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.4007764809113624998",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Google",
"file_path": "C:\\Users\\user\\AppData\\Local",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fr",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.5565757489325583308",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "cryptext.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PROPSYS.dll.mui",
"file_path": "C:\\WINDOWS\\SYSTEM32\\en-US",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lo",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "c6edabb6-ec20-4a4e-9383-cae641afdc1a.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF272c5.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dhcpcsvc6.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "craw_background.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "the-real-index~RF2bb57.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "XmlLite.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CoreMessaging.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "cd7d8d4a-3c95-44cc-aab3-1bd9b1572265.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wintypes.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "mr",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pt_PT",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "trusted_vault.pb",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gl",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "PROPSYS.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF262c7.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.10638128438253861259",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fi",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ncrypt.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "my",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "eventpage_bin_prod.js",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "el",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "etc",
"file_path": "C:\\WINDOWS\\system32\\drivers",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\el",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ro",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "icon_128.png",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "dasherSettingSchema.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wlanapi.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "UIAutomationCore.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "USER32.dll.mui",
"file_path": "C:\\WINDOWS\\System32\\en-US",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "bg",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Secure Preferences~RF27de0.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "nmmhkkegccagdldgiimedpiccmgmieda",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "RMCLIENT.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.16434957911034825091",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hi",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "et",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "en",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\id",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "Secure Preferences",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hr",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CNG",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "tzres.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Local State~RF37531.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ca",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "26c0be8d-6788-4528-b222-7d81c12e24e6.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pl",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_100_percent.pak",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "preloaded_data.pb",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pt_BR",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "css",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "chrome_elf.dll",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sk",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "CMNotify",
"file_path": "\\Device\\DeviceApi",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "kk",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "appresolver.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "index~RF25cdb.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARIALN.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "hosts",
"file_path": "C:\\WINDOWS\\system32\\drivers\\etc",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mr",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "InputHost.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zh_TW",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\it",
"status": "success or wait"
},
{
"action_type": "file_created",
"file_name": "chrome_BITS_4464_743776994",
"file_path": "C:\\Program Files",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AppData",
"file_path": "C:\\Users\\user~1",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "wkscli.dll",
"file_path": "C:\\WINDOWS\\System32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "Module Info Cache",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hy",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF25bc2.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TextInputFramework.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "si",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "the-real-index",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fr",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.6768.4112476090139924661",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "el",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "crashpad_4464_DXVJSNHTQUJMXMSE",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "pl",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sw",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fr",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "KsecDD",
"file_path": "\\Device",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ms",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OneCoreUAPCommonProxyStub.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "uk",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "netutils.dll",
"file_path": "C:\\WINDOWS\\System32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.7285083756700285552",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bn",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "nl",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DMCmnUtils.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "index",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARIALNB.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zh_HK",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ghbmnnjooekpmoecnnnilnnbdlolhkhi",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "TIMESBD.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ur",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "d3d11.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "atlthunk.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sl",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NTASN1.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\el",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ru",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "manifest.fingerprint",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rpcss.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\da",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hr",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sv",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_TW",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "de",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "resources.pak",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "external_extensions.json",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\default_apps",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "COMCTL32.dll",
"file_path": "C:\\WINDOWS\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "BrowserMetrics-65A90BDD-1170.pma",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics",
"status": "cannot delete"
},
{
"action_type": "file_deleted",
"file_name": "be",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sk",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\uk",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARIALNI.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\af",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "R000000000013.clb",
"file_path": "C:\\WINDOWS\\Registration",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF2574d.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "chrome_shutdown_ms.txt",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "d2480ed6-5de2-4863-a1f6-04e0f239b467.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Local",
"file_path": "C:\\Users\\user\\AppData",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "et",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nl",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pa",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "computed_hashes.json",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\network_speech_synthesis\\_metadata",
"status": "object path not found"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_US",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ko",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "az",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "shell32.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cy",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "en_CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OLEACC.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "Session_13341351140337548",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ARIALNBI.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zu",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "b5a27007-5488-4fed-89ab-77b5a0a7fd13.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SEGUISB.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hi",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "flapper.gif",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}",
"file_path": "\\DEVICE",
"status": "object name not found"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF27277.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "c4cb84b2-d95d-4ddd-8db7-6ae006a2da1c.tmp",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "explorerframe.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ru",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_BR",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\nl",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fr_CA",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "uxtheme.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Windows.Media.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "fa",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "1.0.0.6_0",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hu",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "en",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "EhStorShell.dll",
"file_path": "C:\\Windows\\System32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\vi",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "is",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "LINKINFO.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "es_419",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mswsock.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "netapi32.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ca",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "da",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "am",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WINSPOOL.DRV",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en_GB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "computed_hashes.json",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\web_store\\_metadata",
"status": "object path not found"
},
{
"action_type": "file_opened",
"file_name": "C:",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "zh_CN",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.6768.6604557809140870167",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DEVOBJ.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ncryptprov.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "sv",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Google Chrome.lnk",
"file_path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "rsaenh.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "DSREG.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ro",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "vi",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ole32.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "AppContainerUserCertRead",
"file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "mn",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "cs",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "directmanipulation.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "es",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lv",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "desktop.ini",
"file_path": "C:\\Program Files (x86)",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hu",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\cs",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "ColorAdapterClient.dll",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fil",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.6768.5186517594773466940",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es_419",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "hr",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "OLEACCRC.DLL",
"file_path": "C:\\WINDOWS\\SYSTEM32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pl",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "WindowsShell.Manifest",
"file_path": "C:\\WINDOWS",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "Nsi",
"file_path": "",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "craw_window.html",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\html",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "SEGOEUI.TTF",
"file_path": "C:\\WINDOWS\\FONTS",
"status": "success or wait"
},
{
"action_type": "file_moved",
"file_name": "LOG.old",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "dcomp.dll",
"file_path": "C:\\WINDOWS\\system32",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\be",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "messages.json",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bg",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "icudtl.dat",
"file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "id",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.1477200718984232282",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_opened",
"file_name": "mojo.4464.2472.9824906432084518089",
"file_path": "\\pipe",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "LOG.old~RF25ba3.TMP",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database",
"status": "success or wait"
},
{
"action_type": "file_deleted",
"file_name": "ko",
"file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales",
"status": "success or wait"
}
],
"modules_loaded": [
{
"module_name": "\\KnownDlls\\DWrite.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dpapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\USER32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\combase.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\secur32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dsreg.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\rpcss.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winsta.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\Secur32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dbghelp.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\rsaenh.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\arial.ttf",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\kernel.appcore.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\uxtheme.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\devobj.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\twinapi.appcore.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\XmlLite.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dhcpcsvc.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\msvcp110_win.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\ExplorerFrame.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ntmarta.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\msvcp_win.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\MMDevApi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINSTA.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\ncryptprov.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\ariblk.ttf",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\PCPKsp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINHTTP.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\CRYPTBASE.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dcomp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\ARIALNB.TTF",
"module_tag": ""
},
{
"module_name": "unknown",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\OLEAUT32.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\d3d11.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wlanapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\usermgrcli.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\en-US\\kernel32.dll.mui",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\TextInputFramework.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\ncrypt.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\nlaapi.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\segoeui.ttf",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\MMDevAPI.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\actxprxy.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\ntmarta.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\SHELL32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\UIAutomationCore.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\CoreUIComponents.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\version.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\arialbi.ttf",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winhttp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\linkinfo.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\explorerframe.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ActXPrxy.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\mdmregistration.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\CoreUIComponents.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wpnapps.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\InputHost.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dwmapi.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\CoreMessaging.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Registration\\R000000000013.clb",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\RTWorkQ.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\profapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINSPOOL.DRV",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\gdi32full.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\wtsapi32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\uxtheme.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\shcore.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\USERENV.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\en-US\\user32.dll.mui",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\VERSION.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\ThemeSection",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\mscms.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\cryptbase.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ucrtbase.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\SETUPAPI.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\NLAapi.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\coloradapterclient.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\mswsock.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\timesbd.ttf",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\SSPICLI.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\msvcp110_win.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\seguisb.ttf",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\ole32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\UIAutomationCore.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ncrypt.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\tbs.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403\\comctl32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\xmllite.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\twinapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dataexchange.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\MSCTF.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINMM.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\usermgrcli.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\gpapi.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\propsys.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\twinapi.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\tbs.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\oleacc.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\ariali.ttf",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\Windows.Media.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\Windows.UI.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\cryptsp.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\CRYPT32.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\SharedSection",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\twinapi.appcore.dll",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dhcpcsvc.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\BitsProxy.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dxgi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WS2_32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\NSI.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\WinTypes.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\KBDUS.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\sechost.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\cfgmgr32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winmmbase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\clbcatq.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\DSREG.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\netutils.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\TextInputFramework.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\arialbd.ttf",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\en-US\\propsys.dll.mui",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ADVAPI32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINTRUST.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\KERNELBASE.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WTSAPI32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winmm.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ole32.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:10328",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\mscms.dll",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dwmapi.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\KBDUS.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\RMCLIENT.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dmcmnutils.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\bcrypt.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\FirewallAPI.dll",
"module_tag": ""
},
{
"module_name": "\\Windows\\Theme3268744372",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\netutils.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\ARIALNBI.TTF",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dbghelp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\netapi32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\PROPSYS.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\LINKINFO.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\DWrite.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\rmclient.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:402da",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\FLTLIB.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\BitsProxy.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wintypes.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\mswsock.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\cryptsp.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\winmmbase.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\msvcrt.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dcomp.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\imm32.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\wkscli.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\gpapi.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\FirewallAPI.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\Windows.Media.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\MDMRegistration.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\windows.storage.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\WINMMBASE.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\dxgi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\KERNEL32.DLL",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\Windows\\Theme1581511869",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\MSASN1.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\PCPKsp.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\powrprof.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\ARIALNI.TTF",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\CRYPTSP.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\win32u.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\bcryptPrimitives.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\DEVOBJ.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\directmanipulation.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\dhcpcsvc6.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\wpnapps.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\bcrypt.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\OneCoreUAPCommonProxyStub.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\atlthunk.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\RTWorkQ.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\userenv.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\SHLWAPI.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\InputHost.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\Windows.UI.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ColorAdapterClient.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\RPCRT4.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\d3d11.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\ncryptprov.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\CoreMessaging.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\wlanapi.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\IMM32.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\atlthunk.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\sspicli.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\winspool.drv",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\fwbase.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\WindowsShell.Manifest",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\DataExchange.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\OLEACC.dll",
"module_tag": ""
},
{
"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\DMCmnUtils.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\fwbase.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\timesbi.ttf",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\IPHLPAPI.DLL",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\ntasn1.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\rsaenh.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\oleaccrc.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\ARIALN.TTF",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\netapi32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\directmanipulation.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\wkscli.dll",
"module_tag": ""
},
{
"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll",
"module_tag": ""
},
{
"module_name": "C:\\Windows\\Fonts\\timesi.ttf",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\DPAPI.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\GDI32.dll",
"module_tag": ""
},
{
"module_name": "\\KnownDlls\\NTASN1.dll",
"module_tag": ""
}
],
"mutex_actions": [
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4464:120:WilError_01",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "unknown",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!",
"status": "success or wait"
},
{
"action_type": "mutex_created",
"name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4464:304:WilStaging_02",
"status": "success or wait"
}
],
"process": {
"name": "chrome.exe",
"parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --start-maximized \"about:blank",
"parent_process_id": 4536,
"process_id": 4464
},
"process_actions": [
{
"action_type": "process_created",
"path": "unknown",
"status": "success or wait"
},
{
"action_type": "process_terminated",
"path": "unknown",
"status": "process is terminating"
},
{
"action_type": "process_created",
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
"status": "success or wait"
}
],
"registry_actions": [
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\PriorityControl",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_modified",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon",
"status": "success or wait",
"value": "2",
"value_name": "state"
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_modified",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics",
"status": "success or wait",
"value": "0",
"value_name": "user_experience_metrics.stability.exited_cleanly"
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_deleted",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_created",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings",
"status": "success or wait",
"value": "1741B0A8517BEBEA259AF9047ECAAEFB3246AD31AF1113DAD021745EB94724CC",
"value_name": "ahfgeienlihckogmohjhadlkjgocpleb"
},
{
"action_type": "key_value_modified",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault",
"status": "success or wait",
"value": "26 F2 46 FA CC 6D 2F 00 ",
"value_name": "S-1-5-21-987036132-2528391375-4088684000-1001"
},
{
"action_type": "key_monitored",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_CURRENT_USER\\Control Panel\\Cursors",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Chrome\\Extensions",
"status": "object name not found",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_created",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault",
"status": "success or wait",
"value": "42 43 17 FA CC 6D 2F 00 ",
"value_name": "S-1-5-21-987036132-2528391375-4088684000-1001"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_created",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_created",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96}",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_created",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_modified",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty",
"status": "success or wait",
"value": "NU LL ",
"value_name": "StatusCodes"
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_modified",
"key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry",
"status": "success or wait",
"value": "AF AD E5 C6 01 4A DA 01 ",
"value_name": "TraceTimeLast"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_created",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default",
"status": "success or wait",
"value": "AC35DEE0912DD800572E8342460606D73D3EA35BDF0C54722EE54206F8552A2F",
"value_name": "prefs.preference_reset_time"
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_modified",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}",
"status": "success or wait",
"value": "13350051039534355",
"value_name": "lastrun"
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_deleted",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\FirstNotDefault",
"status": "success or wait",
"value": "",
"value_name": "S-1-5-21-987036132-2528391375-4088684000-1001"
},
{
"action_type": "key_value_deleted",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default",
"status": "object name not found",
"value": "",
"value_name": "extensions.settings"
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_created",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_value_modified",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default",
"status": "success or wait",
"value": "81046E921B34925EF9312C9A62CC5AFFB0D63E7CA2C13AC486278B291F7C08F2",
"value_name": "media.cdm.origin_data"
},
{
"action_type": "key_opened",
"key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings",
"status": "success or wait",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions",
"status": "pending",
"value": "",
"value_name": ""
},
{
"action_type": "key_monitored",
"key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"status": "pending",
"value": "",
"value_name": ""
}
]
}
],
"classification": "NO_THREATS_FOUND",
"configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11",
"md5": "",
"memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/01b57da1914cff3920cf2ce6ae03001a3ba8e76f_0f57134a-ecb8-4f8f-ad60-903b63bf8bc4_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024259Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d53fcc0454ee985a12bea8ef65dbb4ed5f8d7f13c51332e4968ac735fd2cb8c0",
"mitre_attack": {
"matrix_list": [
{
"name": "Enterprise",
"tactics": {
"tactic_list": [
{
"id": "TA0005",
"name": "Defense Evasion",
"techniques": {
"technique_list": [
{
"id": "T1055",
"name": "Process Injection"
},
{
"id": "T1036",
"name": "Masquerading"
}
]
}
},
{
"id": "TA0007",
"name": "Discovery",
"techniques": {
"technique_list": [
{
"id": "T1046",
"name": "Network Service Scanning"
}
]
}
},
{
"id": "TA0011",
"name": "Command and Control",
"techniques": {
"technique_list": [
{
"id": "T1071",
"name": "Application Layer Protocol"
},
{
"id": "T1095",
"name": "Non-Application Layer Protocol"
},
{
"id": "T1105",
"name": "Ingress Tool Transfer"
},
{
"id": "T1573",
"name": "Encrypted Channel"
}
]
}
}
]
}
}
]
},
"network": {
"dns": [
{
"address": "none",
"process_id": 2960,
"type": "65",
"value": "www.google.com"
},
{
"address": "142.250.186.36",
"process_id": 2960,
"type": "A (IP address)",
"value": "www.google.com"
},
{
"address": "none",
"process_id": 2960,
"type": "65",
"value": "clients2.google.com"
},
{
"address": "none",
"process_id": 2960,
"type": "A (IP address)",
"value": "wpad.example.org"
},
{
"address": "37.72.184.59",
"process_id": 2960,
"type": "A (IP address)",
"value": "classicairjordanshoes.com"
},
{
"address": "none",
"process_id": 2960,
"type": "65",
"value": "classicairjordanshoes.com"
},
{
"address": "142.250.27.84",
"process_id": 2960,
"type": "A (IP address)",
"value": "accounts.google.com"
},
{
"address": "142.250.186.110",
"process_id": 2960,
"type": "A (IP address)",
"value": "clients2.google.com"
},
{
"address": "none",
"process_id": 2960,
"type": "65",
"value": "accounts.google.com"
}
],
"http": [
{
"method": "GET",
"process_id": 2960,
"url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt"
}
],
"tcp": [
{
"destination_ip": "142.250.186.110",
"destination_port": 443,
"process_id": 2960
},
{
"destination_ip": "37.72.184.59",
"destination_port": 80,
"process_id": 2960
},
{
"destination_ip": "142.250.27.84",
"destination_port": 443,
"process_id": 2960
},
{
"destination_ip": "142.250.186.36",
"destination_port": 443,
"process_id": 2960
}
],
"udp": [
{
"destination_ip": "8.8.8.8",
"destination_port": 53,
"process_id": 2960
},
{
"destination_ip": "239.255.255.250",
"destination_port": 1900,
"process_id": 4464
},
{
"destination_ip": "8.8.4.4",
"destination_port": 53,
"process_id": 2960
}
],
"url": [
{
"source": "network",
"url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt"
}
]
},
"pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/01b57da1914cff3920cf2ce6ae03001a3ba8e76f_0f57134a-ecb8-4f8f-ad60-903b63bf8bc4_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024258Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=1e09709a9d68055c3a631f515f253d01b57e6ee797790d89f0e4c198a86eb270",
"platform": "windows10",
"process_tree": [
{
"name": "chrome.exe",
"parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --start-maximized \"about:blank",
"parent_process_id": 4536,
"process_id": 4464
},
{
"name": "chrome.exe",
"parameters": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1816,i,13857433630562973425,11579335400417572304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8",
"parent_process_id": 4464,
"process_id": 2960
},
{
"name": "chrome.exe",
"parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \"http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt",
"parent_process_id": 4536,
"process_id": 5400
}
],
"risk_score": 0,
"screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/01b57da1914cff3920cf2ce6ae03001a3ba8e76f_0f57134a-ecb8-4f8f-ad60-903b63bf8bc4_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024259Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=28da467b004a3d9f270379b1440b6d155247d7351acf0c03074cbfe4b36b18f6",
"sha256": "",
"signatures": [
{
"description": "Downloads files from web servers via HTTP",
"risk_factor": 5,
"sig_id": 349
},
{
"description": "Performs DNS lookups",
"risk_factor": 5,
"sig_id": 353
},
{
"description": "Classification label",
"risk_factor": 5,
"sig_id": 420
},
{
"description": "Uses HTTPS",
"risk_factor": 5,
"sig_id": 392
},
{
"description": "Sends SSDP (simple service discovery protocol) broadcast queries",
"risk_factor": 5,
"sig_id": 447
},
{
"description": "Uses HTTPS for network communication",
"risk_factor": 5,
"sig_id": 1549
},
{
"description": "Creates files inside the program directory",
"risk_factor": 5,
"sig_id": 1143
},
{
"description": "Performs connections to IPs without corresponding DNS lookups",
"risk_factor": 5,
"sig_id": 472
},
{
"description": "Spawns processes",
"risk_factor": 5,
"sig_id": 1271
},
{
"description": "Creates a directory in C:\\Program Files",
"risk_factor": 0,
"sig_id": 1665
}
],
"threat_names": [
{
"threat_name": "Unknown"
}
],
"warnings": [
"Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe",
"Excluded IPs from analysis (whitelisted): 142.250.186.131, 34.104.35.123, 142.250.181.227",
"Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, dl.google.com, update.googleapis.com, clientservices.googleapis.com",
"Not all processes where analyzed, report is missing behavior information"
]
},
"requested_base64_url": "01b57da1914cff3920cf2ce6ae03001a3ba8e76f",
"requested_id": "0f57134a-ecb8-4f8f-ad60-903b63bf8bc4"
}
}
},
"URL": {
"Data": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt"
}
}

Human Readable Output#

ReversingLabs URL Dynamic Analysis output for URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt#

Classification: NO_THREATS_FOUND URL SHA1: None URL BASE64: None Last analysis: None

Full report is returned as JSON in a downloadable file#

reversinglabs-titaniumcloud-customer-usage-data#


Check API usage data for a single user or the whole company.

Base Command#

reversinglabs-titaniumcloud-customer-usage-data

Input#

Argument NameDescriptionRequired
data_typeSelect the type of API usage data that will be returned. Options are DAILY USAGE, MONTHLY USAGE, DATE RANGE USAGE and QUOTA LIMITS. Possible values are: DAILY USAGE, MONTHLY USAGE, DATE RANGE USAGE, QUOTA LIMITS.Required
whole_companyReturn usage data for the whole company. Possible values are: true, false.Optional
fromStarting day/month. Used only with DAILY USAGE and MONTHLY USAGE. In case of DAILY USAGE, the format is yyyy-MM-dd. In case of MONTHLY USAGE, the format is yyyy-MM. Mutually exclusive with single_time_unit.Optional
toEnding day/month. Used only with DAILY USAGE and MONTHLY USAGE. In case of DAILY USAGE, the format is yyyy-MM-dd. In case of MONTHLY USAGE, the format is yyyy-MM. Mutually exclusive with single_time_unit.Optional
single_time_unitReturn usage data only for this day/month. Used only with DAILY USAGE and MONTHLY USAGE. In case of DAILY USAGE, the format is yyyy-MM-dd. In case of MONTHLY USAGE, the format is yyyy-MM. Mutually exclusive with from and to.Optional

Context Output#

PathTypeDescription
ReversingLabs.customer_usage_dataUnknownAPI usage data.

Command example#

!reversinglabs-titaniumcloud-customer-usage-data data_type="MONTHLY USAGE" whole_company="false"

Context Example#

{
"ReversingLabs": {
"customer_usage_data": {
"rl": {
"month": "2024-06",
"usage_report": [
{
"number_of_queries": 22,
"product": "TCA-0101 File Reputation"
},
{
"number_of_queries": 11,
"product": "TCA-0104 File Analysis - Hash"
},
{
"number_of_queries": 3,
"product": "TCA-9999"
}
]
}
}
}
}

Human Readable Output#

ReversingLabs MONTHLY USAGE data for u/user#

Results for the whole company: False

Usage data#

monthusage_report
2024-06{'product': 'TCA-0101 File Reputation', 'number_of_queries': 22},
{'product': 'TCA-0104 File Analysis - Hash', 'number_of_queries': 11},
{'product': 'TCA-9999', 'number_of_queries': 3}

reversinglabs-titaniumcloud-customer-usage-yara#


Return the number of active YARA rulesets for the TitaniumCloud account.

Base Command#

reversinglabs-titaniumcloud-customer-usage-yara

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
ReversingLabs.customer_usage_yaraUnknownNumber of active YARA rulesets.

Command example#

!reversinglabs-titaniumcloud-customer-usage-yara

Context Example#

{
"ReversingLabs": {
"customer_usage_yara": {
"rl": {
"number_of_active_rulesets": 3,
"product": "TCA-0303 Yara Hunting"
}
}
}
}

Human Readable Output#

ReversingLabs active YARA rulesets for rl/msever#

Results#

number_of_active_rulesetsproduct
3TCA-0303 Yara Hunting