<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>72b9cc2c130e43b0a465f75a7ea9a399</id>
  <title>www.filescan.io feed</title>
  <updated>2026-07-06T21:58:34Z</updated>
  <author>
    <name>Filescan.io</name>
    <email>admin@filescan.io</email>
  </author>
  <link href="https://www.filescan.io"/>
  <generator>Filescan.io feed generator</generator>
  <logo>https://www.filescan.io/assets/logo.png</logo>
  <entry>
    <id>b0d4d3c99d291d5bcd8ffe67495ded7504d9c44d5ccc7ae1e5c501467c55aa1c</id>
    <title>Analysis Report for b0d4d3c99d291d5bcd8ffe67495ded7504d9c44d5ccc7ae1e5c501467c55aa1c</title>
    <updated>2026-07-06T21:57:54Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c24e974fb2f5922b6ca53</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c24e19016b0169a62450e</flow_id>
        <hash>b0d4d3c99d291d5bcd8ffe67495ded7504d9c44d5ccc7ae1e5c501467c55aa1c</hash>
        <iocs/>
        <name>xb0d4d3c99d291d5bcd8ffe67495ded7504d9c44d5ccc7ae1e5c501467c55aa1c.exe</name>
        <report_id>57675db8-c8b1-4cbf-8028-e299c7e091b3</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
          <value>dcrat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a2ff251395e9f34a538c6692e41104eb4646fdaed03c06420bcb348b90162aba</id>
    <title>Analysis Report for a2ff251395e9f34a538c6692e41104eb4646fdaed03c06420bcb348b90162aba</title>
    <updated>2026-07-06T21:56:05Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c248774fb2f5922b6ca40</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c24749016b0169a624474</flow_id>
        <hash>a2ff251395e9f34a538c6692e41104eb4646fdaed03c06420bcb348b90162aba</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.microsoft.com/SMI/2016/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>26a2adc72c2bc61a12f80be892d78507a151267d608db7a9d7ac1adc1abf49ad</SHA-256>
              <SHA-1>fef621deafec859dd4ff83b6a9b0b04d2a1305f8</SHA-1>
              <MD5>f3cda81c8b07cd511eee761ec908616a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>4becb10e71c54ef45b6ba3491ee70b5d1982b824ba269540427cd0c5f9cf272c</SHA-256>
              <SHA-1>2ae1329b7cc62bce0d568aa428a01506e9712a79</SHA-1>
              <MD5>c639b2a655149c1c81e08eeb8a658107</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>780410a19f42d051b9aa93e50226ac9c4c31e40165904e2dad0fca5e526d3397</SHA-256>
              <SHA-1>1fa1ee334eb86d96572872bd7c53068f80e7161c</SHA-1>
              <MD5>19765df51644a925026a6997df8d255a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>7a717b0fcb9883523dbe86cdba085ada9f2e087cc782df4510f997718c1dba4e</SHA-256>
              <SHA-1>c2b694e935e4d7d1f85fc6ad6b1d39a4c63144ba</SHA-1>
              <MD5>0282a97bb2cccbafb5110967dacf2bd0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>a4dbfe7f0cc07967a9fb803ed4ed3f6686e9bbbe1b953ebf6e1c59c1981cf2c4</SHA-256>
              <SHA-1>0376127bc271a8264641509ce23b70b5f88c250d</SHA-1>
              <MD5>f003dd15be573a32f3df106cd297cdcf</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11</SHA-256>
              <SHA-1>5f8991f3e065fd95614859a293f88b9c70e4bb23</SHA-1>
              <MD5>84da8dee6b319ea0b10b6de5489c6aae</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>c89e7075fa0a818e4ced000032fba41c772ddfe6de94ab51580daeb9915d6c1b</SHA-256>
              <SHA-1>fe3f7bb574216a8b156b81d893e184e280d68504</SHA-1>
              <MD5>ec9a3a8de5a1616871291f5abce024c6</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>cea28be7173f46aacc7d5b51ba1684c5801d30b5397a72b45ec738a94b40d2ce</SHA-256>
              <SHA-1>a147cd975091ac09d73b2172dbfcd6355a949aa9</SHA-1>
              <MD5>f2f3366c3d7b334b7dc9d2e381c27e63</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/zlib</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>_a2ff251395e9f34a538c6692e41104eb4646fdaed03c06420bcb348b90162aba.exe</name>
        <report_id>373ad86b-f4e6-4e4a-bed5-62599ae48058</report_id>
        <tags>
          <value>peexe</value>
          <value>packed</value>
          <value>anti-debug</value>
          <value>overlay</value>
          <value>expand</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>pyinstaller</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>452bb23fdaa738f102c07c140b5b0dafbaa19e2ec2c8dc0367d15b34653b730a</id>
    <title>Analysis Report for 452bb23fdaa738f102c07c140b5b0dafbaa19e2ec2c8dc0367d15b34653b730a</title>
    <updated>2026-07-06T21:54:31Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c242a74fb2f5922b6ca2f</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c24152c562ae7c822f2ef</flow_id>
        <hash>452bb23fdaa738f102c07c140b5b0dafbaa19e2ec2c8dc0367d15b34653b730a</hash>
        <iocs>
          <urls>
            <value>
              <url>http://127.0.0.1:5052</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://curl.se/docs/alt-svc.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://curl.se/docs/hsts.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://curl.se/docs/http-cookies.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>curl.se</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>ftp@example.com</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>151.101.193.91</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>140.82.121.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>045.3.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>045.4.3.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>045.4.3.2</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>045.4.3.3</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>045.4.3.4</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>1.3.14.3</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>40.1.101.3</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.10</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.11</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.12</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.13</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.14</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.2</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.4</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.5</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.9.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.9.2</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>14980197a39672e5f74d75bbb776f6cb316e4c1908a5a126722502cdd79e8186</SHA-256>
              <SHA-1>37a431f2f885143c505444a230453104a32906d9</SHA-1>
              <MD5>4b8f4daaf8d8dafc63f1043dddd8871b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>78cb502af301d5254e9f339b96a15995c2c637c2d94ce11ac2cd0a03d10ae9b4</SHA-256>
              <SHA-1>d8864eb28a0b06b675dea33702fb3b5b1d1310ca</SHA-1>
              <MD5>9bf3ecb10415e26850f0f79e9b69a8e0</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>6ffd4e185d42cf665356b786251483f8c2c708705521967f272219f41df12df9</SHA-256>
              <SHA-1>2e6443ba8baada3c9e56506a8e5dbf8a991431c0</SHA-1>
              <MD5>fefb75208de50aff8073a27b04a14966</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>e68e0765942c67bc938f691004479e075f40c5666b33f76c4f2f1b007daef382</SHA-256>
              <SHA-1>5355ba5cf6aa897515aba7f5e404cd79aa9626e6</SHA-1>
              <MD5>5f7f8eaaec39cae278426c4bd7e3f7f7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>2f20ca9002e829495e760cf1acdc9903fd68e8ba3748c26c0db778752846b8c0</SHA-256>
              <SHA-1>2abb4c316b7aeaa85b6c0c6118a54b7d7a083ff8</SHA-1>
              <MD5>24702b4faa13a3bb77e612b580099f64</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>5f11d3bd79677bd377fe31beeccd90d94c0903541bfed25a9fe58e146d6c86ab</SHA-256>
              <SHA-1>c0319357632294984ff1f03e553a95c2a6a017fa</SHA-1>
              <MD5>36ead39e171b2ee1563c89e140160c6b</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b1172fe69d1746922614cc74ad1a077c05880f4b89148d21c0a6c2d839669b41</SHA-256>
              <SHA-1>5a1dc82ab0342b0aa99af833c74c916b64a8494c</SHA-1>
              <MD5>047ef546139294fd196a140ac5112bf8</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>UnityPlayer.dll</name>
        <report_id>71a3a9ee-a209-4ab8-a001-2cc472d11292</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>html</value>
          <value>json</value>
          <value>anti-debug</value>
          <value>hacktool</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>base64</value>
          <value>obfuscated</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>745bc96dbdb925464114af9bd3ebabc88cdf21e9427dfa30322ea49c5df76b73</id>
    <title>Analysis Report for 745bc96dbdb925464114af9bd3ebabc88cdf21e9427dfa30322ea49c5df76b73</title>
    <updated>2026-07-06T21:53:52Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c240c74fb2f5922b6ca29</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c23ef2c562ae7c822f2d1</flow_id>
        <hash>745bc96dbdb925464114af9bd3ebabc88cdf21e9427dfa30322ea49c5df76b73</hash>
        <iocs/>
        <name>x745bc96dbdb925464114af9bd3ebabc88cdf21e9427dfa30322ea49c5df76b73.exe</name>
        <report_id>b47b87e9-a0a5-4294-9e94-05d3738ab1b1</report_id>
        <tags>
          <value>peexe</value>
          <value>golang</value>
          <value>lummastealer</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a2ff251395e9f34a538c6692e41104eb4646fdaed03c06420bcb348b90162aba</id>
    <title>Analysis Report for a2ff251395e9f34a538c6692e41104eb4646fdaed03c06420bcb348b90162aba</title>
    <updated>2026-07-06T21:52:35Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c23d974fb2f5922b6ca1e</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c239f3abf2760bd72e4f1</flow_id>
        <hash>a2ff251395e9f34a538c6692e41104eb4646fdaed03c06420bcb348b90162aba</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.microsoft.com/SMI/2016/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>26a2adc72c2bc61a12f80be892d78507a151267d608db7a9d7ac1adc1abf49ad</SHA-256>
              <SHA-1>fef621deafec859dd4ff83b6a9b0b04d2a1305f8</SHA-1>
              <MD5>f3cda81c8b07cd511eee761ec908616a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>4becb10e71c54ef45b6ba3491ee70b5d1982b824ba269540427cd0c5f9cf272c</SHA-256>
              <SHA-1>2ae1329b7cc62bce0d568aa428a01506e9712a79</SHA-1>
              <MD5>c639b2a655149c1c81e08eeb8a658107</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>780410a19f42d051b9aa93e50226ac9c4c31e40165904e2dad0fca5e526d3397</SHA-256>
              <SHA-1>1fa1ee334eb86d96572872bd7c53068f80e7161c</SHA-1>
              <MD5>19765df51644a925026a6997df8d255a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>7a717b0fcb9883523dbe86cdba085ada9f2e087cc782df4510f997718c1dba4e</SHA-256>
              <SHA-1>c2b694e935e4d7d1f85fc6ad6b1d39a4c63144ba</SHA-1>
              <MD5>0282a97bb2cccbafb5110967dacf2bd0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>a4dbfe7f0cc07967a9fb803ed4ed3f6686e9bbbe1b953ebf6e1c59c1981cf2c4</SHA-256>
              <SHA-1>0376127bc271a8264641509ce23b70b5f88c250d</SHA-1>
              <MD5>f003dd15be573a32f3df106cd297cdcf</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11</SHA-256>
              <SHA-1>5f8991f3e065fd95614859a293f88b9c70e4bb23</SHA-1>
              <MD5>84da8dee6b319ea0b10b6de5489c6aae</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>c89e7075fa0a818e4ced000032fba41c772ddfe6de94ab51580daeb9915d6c1b</SHA-256>
              <SHA-1>fe3f7bb574216a8b156b81d893e184e280d68504</SHA-1>
              <MD5>ec9a3a8de5a1616871291f5abce024c6</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>cea28be7173f46aacc7d5b51ba1684c5801d30b5397a72b45ec738a94b40d2ce</SHA-256>
              <SHA-1>a147cd975091ac09d73b2172dbfcd6355a949aa9</SHA-1>
              <MD5>f2f3366c3d7b334b7dc9d2e381c27e63</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/zlib</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>default.dat.exe</name>
        <report_id>aa6c5be5-77a3-4fda-967f-2a90ed921477</report_id>
        <tags>
          <value>peexe</value>
          <value>packed</value>
          <value>anti-debug</value>
          <value>masquerade</value>
          <value>overlay</value>
          <value>expand</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>pyinstaller</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>0d99337ed54c9e393097945d53450832f1cdff18b972f9ca721dc63bba9240d3</id>
    <title>Analysis Report for 0d99337ed54c9e393097945d53450832f1cdff18b972f9ca721dc63bba9240d3</title>
    <updated>2026-07-06T21:52:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c23a274fb2f5922b6ca0e</_id>
        <file_type>application/x-mach-o-universal</file_type>
        <flow_id>6a4c23812c562ae7c822f28d</flow_id>
        <hash>0d99337ed54c9e393097945d53450832f1cdff18b972f9ca721dc63bba9240d3</hash>
        <iocs>
          <urls>
            <value>
              <url>http://crl.apple.com/codesigning.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://twitter.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://twitter.com/share?text</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://www.apple.com/DTDs/PropertyList-1.0.dtd</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://www.apple.com/appleca/root.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://www.facebook.com/profile.php?id</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.apple.com/appleca/0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>apple.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crl.apple.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>facebook.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>twitter.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>17.253.144.10</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>163.70.128.35</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>17.253.15.145</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.0.227</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>ddb17d259447b422d85da3a545288adb696d499fd0080223cf8b3642e4630b2f</SHA-256>
              <SHA-1>0fb797d943161882753d755df20ac778befec2d1</SHA-1>
              <MD5>377db9a37a858df8ea2e06a27d0e4f1a</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml-dtd</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>1f439862f824b9833106eee79f91ff13c3393d80b0f3cd53fd6117e33d58ba0f</SHA-256>
              <SHA-1>e46fd0d504a838464f6cd7570b97f876dda4622a</SHA-1>
              <MD5>45fe0d214a8ea6a9c96ac9155dc261df</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>a6ca5d39c46c4ba8eadac5a443e6dd05991c202944944c0fa4ad9364773ffddc</SHA-256>
              <SHA-1>d64141e43bd0ecaef314205f60f7aff63a15ce25</SHA-1>
              <MD5>311434f73112127dc165c6c01b87ef3e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>ff9328dc9ce6e4487ad2445d661914ad56de6eb602890d684b0b855d88e44b08</SHA-256>
              <SHA-1>1ac9f9fd857ad56ef377bc8ca37dbbece3c4cee8</SHA-1>
              <MD5>930784992f2af76d8dd1015654eac9b7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>AddressBookUrlForwarder</name>
        <report_id>dd85b518-c548-426e-a041-409d0420028e</report_id>
        <tags>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0</id>
    <title>Analysis Report for 82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0</title>
    <updated>2026-07-06T21:52:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c238a74fb2f5922b6ca06</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c23812c562ae7c822f28d</flow_id>
        <hash>82502191c9484b04d685374f9879a0066069c49b8acae7a04b01d38d07e8eca0</hash>
        <iocs/>
        <name>PkgInfo</name>
        <report_id>323f5d7c-4ec8-4171-a7c9-ca9d469a895e</report_id>
        <tags>
          <value>txt</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>6eea366941243d70f92507bf1590ea84d6b916820e8ba633d658ee07ace0ef57</id>
    <title>Analysis Report for 6eea366941243d70f92507bf1590ea84d6b916820e8ba633d658ee07ace0ef57</title>
    <updated>2026-07-06T21:52:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c23d474fb2f5922b6ca1b</_id>
        <file_type>application/octet-stream</file_type>
        <flow_id>6a4c23812c562ae7c822f28d</flow_id>
        <hash>6eea366941243d70f92507bf1590ea84d6b916820e8ba633d658ee07ace0ef57</hash>
        <iocs/>
        <name>ABUrlForwarderMainMenu.nib</name>
        <report_id>54c740ee-8cda-4e17-95a5-d8bb1d1451af</report_id>
        <tags>
          <value>data</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>f5b823ce31a5abaca8589d79cb3fc996a28e0c5751654fd91c5ced77ed17549d</id>
    <title>Analysis Report for f5b823ce31a5abaca8589d79cb3fc996a28e0c5751654fd91c5ced77ed17549d</title>
    <updated>2026-07-06T21:51:15Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c237474fb2f5922b6ca00</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4c23509016b0169a6242f7</flow_id>
        <hash>f5b823ce31a5abaca8589d79cb3fc996a28e0c5751654fd91c5ced77ed17549d</hash>
        <iocs>
          <btc_wallets>
            <value>
              <btc_wallet>1ff7288d12fb79218df67b4e88b6fe57</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>f5b823ce31a5abaca8589d79cb3fc996a28e0c5751654fd91c5ced77ed17549d.elf</name>
        <report_id>294ed98e-6e70-46ec-92a6-b9752ebd1fa9</report_id>
        <tags>
          <value>elf</value>
          <value>expand</value>
          <value>lolbin</value>
          <value>gcc</value>
          <value>rust</value>
          <value>mirai</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>bd1e2c8c672c81a58c4167aabd95bbe61fcf6cb5267906ddebdb0970c57fbb30</id>
    <title>Analysis Report for bd1e2c8c672c81a58c4167aabd95bbe61fcf6cb5267906ddebdb0970c57fbb30</title>
    <updated>2026-07-06T21:50:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c231f0bc678ad76e5cab5</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c23092c562ae7c822f254</flow_id>
        <hash>bd1e2c8c672c81a58c4167aabd95bbe61fcf6cb5267906ddebdb0970c57fbb30</hash>
        <iocs>
          <btc_wallets>
            <value>
              <btc_wallet>149bfb22b7f6cb2edd99b15e5e94e7fd</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>163ebe726dee511b1e567355bdd99c55</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>1e85a928f3384b32fc1f2e4af8be2fee</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>3235c2aa784e232853fe9a8d3586ee5e</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>347e598e17c5ca4943ead17ffd2e7b46</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>37d65b25b4e7af941163158be32bffae</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>37de2e16d964236fa67a2d1ea963f3ab</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
          <eth_wallets>
            <value>
              <eth_wallet>0xa788f:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0xa78dd:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0xa79bf:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0xa7d4e:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0xa7ddf:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0xa8003:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0xa8265:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0xa889b:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0xa91fb:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0xa9267:$eth: 59807616e1fa2540724bfbac14d7976d7e4a3860</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </eth_wallets>
        </iocs>
        <name>steam_api64.dll</name>
        <report_id>bd675aa8-5d14-4cd5-9f77-54ddb50f9421</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b677e8e5c88896d52378aa8f16a200226deacc07013e0f25c82de33c544787ab</id>
    <title>Analysis Report for b677e8e5c88896d52378aa8f16a200226deacc07013e0f25c82de33c544787ab</title>
    <updated>2026-07-06T21:49:58Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c23230bc678ad76e5cab7</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c23049016b0169a624277</flow_id>
        <hash>b677e8e5c88896d52378aa8f16a200226deacc07013e0f25c82de33c544787ab</hash>
        <iocs>
          <urls>
            <value>
              <url>https://partner.steamgames.com/doc/store/localization/languages</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://steamcommunity.com/sharedfiles/filedetails/?id=</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.iban.com/country-codes</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>iban.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>partner.steamgames.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>steamcommunity.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.102.49.106</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>34.89.152.107</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>34.89.152.107</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.102.49.106</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>d3fd541dd6204c2a57a2b7eeb9c1f985</MD5>
              <SHA-1>282b0531d857b5b657324a400bcd03f19e0d9913</SHA-1>
              <SHA-256>2320fb41e4a674f48160a303706867f45c2ae098fcb21310eb7a481f39b571bd</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>1e4a89b11eae0fcf8bb5fdd5ec3b6f61</MD5>
              <SHA-1>4260284ce14278c397aaf6f389c1609b0ab0ce51</SHA-1>
              <SHA-256>4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>828ebed736a24c40bc229566fe17b3b5</MD5>
              <SHA-1>1573d175b4ba8b8168d5bc894fa3b422912218c8</SHA-1>
              <SHA-256>ac2c461e12335b35372c4b529980d009cadbfb8c354b388062b9fa28a199fceb</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>text/plain</file_type>
            </value>
            <value>
              <MD5>da795caca3c633919b2405e4c26015d8</MD5>
              <SHA-1>21ed00bbd20683f64b8c9a8cbfd9c103b9fbc477</SHA-1>
              <SHA-256>f8ad03206e2ddb6ec8a5ef6f52554658ac902fa9cc633ed43c2c0a50214474d3</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>95cb55350c0f5f6831077c326a086e86</MD5>
              <SHA-1>cf5bafaeee5eb5afbad1f3af592d53df0cc26386</SHA-1>
              <SHA-256>91e70e726cbdb00bf086f83a9d5b1a9b81f6b01c31ac1482e0cabd6aa500f9e9</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <MD5>c2f43153b7d564b3c9188b6aac7eaa21</MD5>
              <SHA-1>33e840f2e4d288e83bd5e05fce59c126ad5312cf</SHA-1>
              <SHA-256>72b2d9a896adc01acc521df7f428e5b82be61e4087cc559f1008492154fe68ba</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <MD5>40e6047f90d0f34f95b191afe36bdac5</MD5>
              <SHA-1>19418b2398f2636f532ab1fcc7b8938366b4aceb</SHA-1>
              <SHA-256>b7b9d6c4e457accacfa92ddad78b041f63162a95589d8acc46c74ff9af7c08f1</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <eth_wallets>
            <value>
              <eth_wallet>0x544e10:$eth: 961c151d2e87f2686a955a9be24d316f1362bf21</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </eth_wallets>
        </iocs>
        <name>steam_api64.dll</name>
        <report_id>a51b7ab9-35a5-4d07-a33d-65b701f3448e</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>xml</value>
          <value>pedll</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>base64</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>f480de9ae15e17fb6e84ad0efa8a386095700cfb7f405bfd64aa61d518587b79</id>
    <title>Analysis Report for f480de9ae15e17fb6e84ad0efa8a386095700cfb7f405bfd64aa61d518587b79</title>
    <updated>2026-07-06T21:49:51Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c23160bc678ad76e5cab3</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c22fc9016b0169a62426a</flow_id>
        <hash>f480de9ae15e17fb6e84ad0efa8a386095700cfb7f405bfd64aa61d518587b79</hash>
        <iocs>
          <urls>
            <value>
              <url>http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedRootG4.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.digicert.com/CPS0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>cacerts.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>crl3.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>crl4.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>45.60.131.229</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.11.40.157</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.11.40.157</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>45.60.131.229</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>53cf51ac6bc90793d966be8efc8595ac</MD5>
              <SHA-1>2d2a6c6291baa9968137f4dbcc6d5771d206613b</SHA-1>
              <SHA-256>6421a0667cab1c290867d3e59a02f600ba5c2cca8db4afc97caa230d86aaa1b9</SHA-256>
              <origin>PE_UNPACKING</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>acab94f712e43374fb78051d5ea98a0a</MD5>
              <SHA-1>2eab3c4ab07b32c0bfcdeaea4132a138def0bbc5</SHA-1>
              <SHA-256>a39dbc33df641d1b388ec2b72c1009b9b08d5a076540ab66c89cf562f8e6498a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>1ac063be369d01ab6d18bb645645abed</MD5>
              <SHA-1>44d0486fd08391ba124a9ce19cf59b7465a9683b</SHA-1>
              <SHA-256>f9a5b26d0075cbbbfadb191916a91ee2f71e8e1b2d3431d41e3b274e8067dc4b</SHA-256>
              <origin>PE_UNPACKING</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>465a1aac8113bfb5c421518b330a91ac</MD5>
              <SHA-1>30d7b15cf67a542d6c017eb4ee21f4dc3ace8653</SHA-1>
              <SHA-256>5f0ec94bd61a88cc853387675f4a2d045a7d719e8b248fb6bd5aa4cfc1aba201</SHA-256>
              <origin>PE_UNPACKING</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>f9fec36b46a7d2b853e304c5611ce456</MD5>
              <SHA-1>6f2df3f6be00a06b031689b324d2fe8cdb13285a</SHA-1>
              <SHA-256>84126796378cc46246f8e026c35f4e9a739d814f806febd92a9a7c448072cc6f</SHA-256>
              <origin>PE_UNPACKING</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>steam_api64.dll</name>
        <report_id>17a35a52-dde5-4532-b8aa-b46efadaa537</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>overlay</value>
          <value>packed</value>
          <value>microsoft_visual_cc</value>
          <value>upx</value>
          <value>invalid-signature</value>
          <value>signed</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>7a991d4a08a51e34721eafb439ac0a144bee410817411b2f9aa3c74425a997f1</id>
    <title>Analysis Report for 7a991d4a08a51e34721eafb439ac0a144bee410817411b2f9aa3c74425a997f1</title>
    <updated>2026-07-06T21:49:32Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c22faff2e0900e305afe4</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c22eb9016b0169a624243</flow_id>
        <hash>7a991d4a08a51e34721eafb439ac0a144bee410817411b2f9aa3c74425a997f1</hash>
        <iocs>
          <urls>
            <value>
              <url>http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedRootG4.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.digicert.com/CPS0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>cacerts.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>crl3.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>crl4.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>23.11.40.157</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>45.60.121.229</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>93ddfeeab4111a9073318fe50d90d08b381fbd0d7f8931ed31c9a928d583a93e</SHA-256>
              <SHA-1>085e0533be10284fdced3e3d9f3f965934547347</SHA-1>
              <MD5>6dc765d3a6ac9cd59fb57f9c5d7c0a01</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>c2b63471dcb8668b842bf3513bda1f5d555d4bbab2da87d6211083327334000d</SHA-256>
              <SHA-1>1afd98c066d2587818f272e633e1b9352e461360</SHA-1>
              <MD5>6b62fb962e723e26c12c28e51a68d3dd</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>ccf28929d92cd10d0366a57e2877e4cb2a62c18bdf3369dd8225f29c1734ff57</SHA-256>
              <SHA-1>f5608f027b1cba12cfbea603d39e8f79412a142b</SHA-1>
              <MD5>053e8329910920317506bc2e4b551645</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/plain</file_type>
            </value>
          </files>
          <registry>
            <value>
              <registry>Software\Valve\Steam</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Valve\Steam\ActiveProcess</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
        </iocs>
        <name>steam_api64.rne</name>
        <report_id>fa041fd1-98fc-4645-a3de-264e48beb8ff</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>anti-debug</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>d36bc7d9670c36ab468ce895535379aa45aafa18dc046e2f428a8d357bfc4075</id>
    <title>Analysis Report for d36bc7d9670c36ab468ce895535379aa45aafa18dc046e2f428a8d357bfc4075</title>
    <updated>2026-07-06T21:49:26Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c2307ff2e0900e305afe7</_id>
        <file_type>text/x-ini</file_type>
        <flow_id>6a4c22e39016b0169a62422c</flow_id>
        <hash>d36bc7d9670c36ab468ce895535379aa45aafa18dc046e2f428a8d357bfc4075</hash>
        <iocs>
          <registry>
            <value>
              <registry>Software\iirmart891iirmart'').GetValue(''upl'');if(-not $hx){$ok=$false;$u1=(gi ''HKCU:\Software\iirmart891iirmart'').GetValue(''mka'');$u2=(gi ''HKCU:\Software\iirmart891iirmart'').GetValue(''fox'');foreach($u in @($u1,$u2)){try{[Net.Servic</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
        </iocs>
        <name>d36bc7d9670c36ab468ce895535379aa45aafa18dc046e2f428a8d357bfc4075.unknown</name>
        <report_id>ff0fdfc5-891c-4d6e-bc92-a67ec4dd8c06</report_id>
        <tags>
          <value>txt</value>
          <value>ini</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>d90a52716c714e10b7c06ea3708dc34aa7cc6ffc055e1773d6a8a9d7c69af77a</id>
    <title>Analysis Report for d90a52716c714e10b7c06ea3708dc34aa7cc6ffc055e1773d6a8a9d7c69af77a</title>
    <updated>2026-07-06T21:48:50Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c22ca0bc678ad76e5caa6</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4c22bf3abf2760bd72e3f6</flow_id>
        <hash>d90a52716c714e10b7c06ea3708dc34aa7cc6ffc055e1773d6a8a9d7c69af77a</hash>
        <iocs/>
        <name>d90a52716c714e10b7c06ea3708dc34aa7cc6ffc055e1773d6a8a9d7c69af77a.elf</name>
        <report_id>92bcf055-fa95-402f-a031-f937973b4181</report_id>
        <tags>
          <value>elf</value>
          <value>gcc</value>
        </tags>
        <verdict>UNKNOWN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>44e8ea0e28d5437bca02db1dfaea9219f32cd56b53f8afc8fcd920faa1073d91</id>
    <title>Analysis Report for 44e8ea0e28d5437bca02db1dfaea9219f32cd56b53f8afc8fcd920faa1073d91</title>
    <updated>2026-07-06T21:48:47Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c22c60bc678ad76e5caa3</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4c22bd2c562ae7c822f209</flow_id>
        <hash>44e8ea0e28d5437bca02db1dfaea9219f32cd56b53f8afc8fcd920faa1073d91</hash>
        <iocs/>
        <name>44e8ea0e28d5437bca02db1dfaea9219f32cd56b53f8afc8fcd920faa1073d91.elf</name>
        <report_id>42a76a3d-8eb1-4090-93ba-b7425c528abc</report_id>
        <tags>
          <value>elf</value>
          <value>gcc</value>
        </tags>
        <verdict>UNKNOWN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>418cf1a2236dad2f0412b739368ff886149c6fb2f61726bef1d9e1bac9d4d42b</id>
    <title>Analysis Report for 418cf1a2236dad2f0412b739368ff886149c6fb2f61726bef1d9e1bac9d4d42b</title>
    <updated>2026-07-06T21:48:45Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c22dd74fb2f5922b6c9e3</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4c22b93abf2760bd72e3f0</flow_id>
        <hash>418cf1a2236dad2f0412b739368ff886149c6fb2f61726bef1d9e1bac9d4d42b</hash>
        <iocs/>
        <name>418cf1a2236dad2f0412b739368ff886149c6fb2f61726bef1d9e1bac9d4d42b.elf</name>
        <report_id>08711aa2-57cd-48b0-bef2-2775d4ae03ba</report_id>
        <tags>
          <value>elf</value>
          <value>bash</value>
          <value>lolbin</value>
          <value>gcc</value>
          <value>mirai</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>36ed5ebf33568bfbb5b7a752a7c35f7852a3bca605536a7d1d6a054037e804c1</id>
    <title>Analysis Report for 36ed5ebf33568bfbb5b7a752a7c35f7852a3bca605536a7d1d6a054037e804c1</title>
    <updated>2026-07-06T21:48:32Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c22e774fb2f5922b6c9e6</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c22b09016b0169a6241d0</flow_id>
        <hash>36ed5ebf33568bfbb5b7a752a7c35f7852a3bca605536a7d1d6a054037e804c1</hash>
        <iocs>
          <urls>
            <value>
              <url>https://peazip.github.io</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://peazip.github.io/</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schemas.microsoft.com/SMI/2</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://peazip.github.io</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>peazip.github.io</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>jrsoftware.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>peazip.github.io</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>75.119.223.113</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>185.199.108.153</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>0325466b6e0a27607d5074611e0a581c87b63237e3637bda52b7f4d9c33e4e33</SHA-256>
              <SHA-1>26522c3da571c99107c4e9fa3953d8538f9fb7ca</SHA-1>
              <MD5>e6fb11f52230f4cb1c3e0f0ece501143</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>116388b8d83fae52a7617532a0db09ff8547f1990b249525f9d014e57665babf</SHA-256>
              <SHA-1>59a24ff72813a0746e628ccc48f6be5230e8783c</SHA-1>
              <MD5>d46e0fef6005c127b8bbe3bca0be0901</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>5bf96f7ea1c90cc4cb7da53ff19cefaf508e256a401c8c06841e83f90400188b</SHA-256>
              <SHA-1>67efc21fb9d95873a187af87f5631cd74f6f6966</SHA-1>
              <MD5>aec4ceda7f593725dec755945fc4a69b</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-innosetup</file_type>
            </value>
            <value>
              <SHA-256>75629b32dddea5cad28d841182cf86642c4ba405d774c105dac824d2b6848473</SHA-256>
              <SHA-1>c499de5b1fa0512ff0cade757ca86c077f9443db</SHA-1>
              <MD5>078a9b6cc1b6e646616e8f5226b1076b</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>7ed27e0a30127c8a0c4b779e6bfc48ab4202babfa3740c979cf0a3133a5d364d</SHA-256>
              <SHA-1>44a2d4666b1e4a770f2ce32768f3bac711f68dc6</SHA-1>
              <MD5>87fe0e52e1be3309fd6dbecc1ab011d4</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>e6e617341038a99a41f1d34bfca09f06f83537ad2fc934ece405e6ddbdb38c50</SHA-256>
              <SHA-1>a3ce893dfbfb5fe2c9d5d016d12e7af445b57b19</SHA-1>
              <MD5>17c8aa581213922e49df84563a7fc594</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>a3897eadba8827f68ae929ac36a4dc2ee9107434a8026b065ef02a184b0411af</SHA-256>
              <SHA-1>8c438b1cd0dba9ebdf7867359c21f0cf3826b930</SHA-1>
              <MD5>7168d5ae841e8463f3f18a3b7597e762</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>adb81901042f2654154a003d72e83217aed1403ab25978494cae1df247fec716</SHA-256>
              <SHA-1>be01dc45b5dd45a6ef45a59bd99035b8f5822497</SHA-1>
              <MD5>5decd90cee87bb0ceab8762287b90be0</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>5A2BC38A-406C-4A5B-BF45-6991F9A05325</uuid>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <uuid>5A2BC38A-406C-4A5B-BF45-6991F9A05325</uuid>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>Software\Borland\Delphi\Locales</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Borland\Locales</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
        </iocs>
        <name>peazip-11.1.0.WIN64.exe</name>
        <report_id>0d199325-dccc-4585-87c9-3d8ea9ab7afc</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>packed</value>
          <value>fingerprint</value>
          <value>installer</value>
          <value>reconnaissance</value>
          <value>inno</value>
          <value>embarcadero_delphi</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3fcc8667d73fc631206bd32191db3d5ab96667a1fe6e9d67e15892e0f3a9f122</id>
    <title>Analysis Report for 3fcc8667d73fc631206bd32191db3d5ab96667a1fe6e9d67e15892e0f3a9f122</title>
    <updated>2026-07-06T21:47:05Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c228c74fb2f5922b6c9d2</_id>
        <file_type>application/x-powershell</file_type>
        <flow_id>6a4c22572c562ae7c822f1a5</flow_id>
        <hash>3fcc8667d73fc631206bd32191db3d5ab96667a1fe6e9d67e15892e0f3a9f122</hash>
        <iocs>
          <urls>
            <value>
              <url>https://nodejs.org/dist/v24.13.0/node-v24.13.0-win-x64.zip</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>nodejs.org</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.16.212.131</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>24cd5fa0d9b52adc085ab910ccf0e4e1cf991a56345ddfbd8c8cc9dc22ad8095</SHA-256>
              <SHA-1>ffca6b81ce8854b96a9e6d27147ba6b7afb1a16c</SHA-1>
              <MD5>00c0fc5b44b5d14c43abebcce7ff61dd</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b2212b871f2c2c4a597b892846f639f929566ab9e3543dade607dc59854e6f02</SHA-256>
              <SHA-1>334716a3aab5475f5507d96a608cfe2c65e9066f</SHA-1>
              <MD5>aabf318bab833fd49647c045c54e262f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/zip</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>x153a4:$btc: 1NQoZfMNQeEXjTv7gg8hFN2e6CLe</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x1af08:$btc: 3aZnh2dKUYEkgyJLYkF5zeibWsgQot</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x2df3e:$btc: 3Gn2BmN5ZX9uWffNCP6n5rXtacam1</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x3a9f5:$btc: 34mz6vxVKCW4GzeQzNQXewTA3F</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x42c48:$btc: 3yTWzZTsdEFApCs7fTb3c86ePek</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x44b95:$btc: 3Ad9KRcXzXXoPgaV29nDDFTVFL</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x48854:$btc: 3iztKufYJvDinB6bbPzJX7LZD</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x523b4:$btc: 1snKKHx35QygA68EhM7UaXE5DhPKoir5u</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>mwZhV1.ps1</name>
        <report_id>a9af7f2d-db7c-4bd9-8f4d-b69b19464e9d</report_id>
        <tags>
          <value>powershell</value>
          <value>html</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>opendir</value>
          <value>base64</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>49e6ff325975d496653390e90614be2ec412cf62f95a3f9d0c5616721e4ac98c</id>
    <title>Analysis Report for 49e6ff325975d496653390e90614be2ec412cf62f95a3f9d0c5616721e4ac98c</title>
    <updated>2026-07-06T21:45:31Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c220274fb2f5922b6c9b9</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c21f93abf2760bd72e2f6</flow_id>
        <hash>49e6ff325975d496653390e90614be2ec412cf62f95a3f9d0c5616721e4ac98c</hash>
        <iocs/>
        <name>hvc.exe</name>
        <report_id>f6a52ba0-5f73-4ad9-9f66-441abc566167</report_id>
        <tags>
          <value>peexe</value>
          <value>stealer</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e5b5f73d2e6866c78ac4dc15ebad3a1d67bb5883721ad47b130e517949ba1974</id>
    <title>Analysis Report for e5b5f73d2e6866c78ac4dc15ebad3a1d67bb5883721ad47b130e517949ba1974</title>
    <updated>2026-07-06T21:43:24Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c21a874fb2f5922b6c9a7</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c217b2c562ae7c822f106</flow_id>
        <hash>e5b5f73d2e6866c78ac4dc15ebad3a1d67bb5883721ad47b130e517949ba1974</hash>
        <iocs>
          <urls>
            <value>
              <url>https://spotfypremiums.secureepayment.com</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>google.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/jadeite-cabbage-unknown/TgGKKWQUwn0sRA?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/lady-with-an-ermine-leonardo-da-vinci/HwHUpggDy_HxNQ?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/maple-viewers-kano-hideyori/oQF0nQM_PVBZeQ?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/radha-and-krishna-in-the-boat-of-love-nihal-chand/FgEEOnrrqsn9OA?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/saint-john-the-baptist-ii-kehinde-wiley/twHIJUf9gllKbw?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/sights-in-and-around-kyoto-unknown/8QHASebeKxBYFA?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/the-rosetta-stone/DgH6pMM1guUUPA?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/the-starry-night/bgEuwDxel93-Pg?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/the-two-fridas-frida-kahlo/zAHG4EZ1WrwVYg?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/the-water-lily-pond-claude-monet/nQExbyttj8z58A?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/african-artists-foundation?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/archaeological-survey-of-india?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/grotte-chauvet?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/museu-do-futebol?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/nasa?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/national-gallery-of-art-washington-dc?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/smithsonian-national-museum-of-natural-history?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/sydney-opera-house?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/the-munch-museum-oslo?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/unep-united-nations-environment-programme?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/partner/unesco?hl=de&amp;gl=de</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/&amp;ec=futura_exp_og_so_72776762_e</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/&amp;gl=DE&amp;m=0&amp;pc=shp&amp;cm=5&amp;hl=de&amp;src=4</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/search?q=Orionnebel&amp;um=1&amp;ie=UTF-8&amp;tbm=isch&amp;csf=b</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/search?q=Reflexionsnebel&amp;um=1&amp;ie=UTF-8&amp;tbm=isch&amp;csf=b</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://about.google/?fg=1&amp;utm_source=google-DE&amp;utm_medium=referral&amp;utm_campaign=hp-header</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://accounts.google.com/ServiceLogin</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://accounts.google.com/ServiceLogin?hl%5Cx3dde%5Cx26continue%5Cx3dhttps://www.google.com/%5Cx26gae%5Cx3dcb-none</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://accounts.google.com/ServiceLogin?hl=de&amp;passive=true&amp;continue=https://www.google.com/&amp;ec=futura_exp_og_so_72776762_e</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/girl-with-a-pearl-earring-johannes-vermeer/3QFHLJgXCmQm2Q</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://artsandculture.google.com/asset/girl-with-a-pearl-earring-johannes-vermeer/3QFHLJgXCmQm2Q?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw13pyg64CC3HczdDEA248m9%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/sights-in-and-around-kyoto-unknown/8QHASebeKxBYFA?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw1lu215bKEMX9-pW4lPQTen%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/radha-and-krishna-in-the-boat-of-love-nihal-chand/FgEEOnrrqsn9OA?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw1T64E6AatYTfA6-6rLpf46%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/the-starry-night/bgEuwDxel93-Pg?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw0yFSjbabwhgZ-M6bFWjlDE%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/maple-viewers-kano-hideyori/oQF0nQM_PVBZeQ?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw3mR3uE93cQssmOjXtkTr-e%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/saint-john-the-baptist-ii-kehinde-wiley/twHIJUf9gllKbw?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw3UaBjryQ-f2HcRoTj5xNiV%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/lady-with-an-ermine-leonardo-da-vinci/HwHUpggDy_HxNQ?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw2MBgQ-nyxirDxcAQUEcIKC%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/the-water-lily-pond-claude-monet/nQExbyttj8z58A?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw3ZcDXmSy1TiX5Ej7MRvfw3%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/jadeite-cabbage-unknown/TgGKKWQUwn0sRA?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw0YOkRJSLXMjrnOqMg_Labk%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/the-two-fridas-frida-kahlo/zAHG4EZ1WrwVYg?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw1GMb3O-8hRrFvNqYJ1R0QV%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/asset/the-rosetta-stone/DgH6pMM1guUUPA?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw04ZnvFEEyL3dd6tc29g4C-%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/smithsonian-national-museum-of-natural-history?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw2nQLxa7ceYAQLYRhTriY4k%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/the-munch-museum-oslo?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw0ImkVzBy5oVLWKLKt7noEG%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/african-artists-foundation?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw2OY70wLi3m4gHDJdbEpEzs%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/unep-united-nations-environment-programme?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw32_MAGnfMRjjJPDDNlLbbf%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/nasa?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw27x4dYMma-1pn1_VYoxKUm%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/archaeological-survey-of-india?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw07ZLEiriBrfnNKvP2O88TY%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/museu-do-futebol?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw3Lgt7TobT_xvwvTqmHxOfv%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/national-gallery-of-art-washington-dc?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw2ATZZBINOeBczsGOQXhSJU%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/unesco?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw0yzgltBh84Jbp6OnM6Nozm%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/grotte-chauvet?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw39V877-XirmuedURyT0rWg%5Cx22,%5Cx22/url?url%5Cx3dhttps://artsandculture.google.com/partner/sydney-opera-house?hl%3Dde%26gl%3Dde%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw2AaXj2Lky436h9QqGtMjkl%5Cx22,%5Cx22/search?q%5Cx3dber%C3%BChmte+Kunst%5C%5Cu0026csf%5Cx3db%5Cx22],%5Cx22id%5Cx22:%5Cx22artistic%5Cx22,%5Cx22msg%5Cx22:%5Cx22Heute</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://consent.google.com/d</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://consent.google.com/d?continue%5Cx3dhttps://www.google.com/%5Cx26gl%5Cx3dDE%5Cx26m%5Cx3d0%5Cx26pc%5Cx3dshp%5Cx26uxe%5Cx3dnone%5Cx26cm%5Cx3d2%5Cx26hl%5Cx3dde%5Cx26src%5Cx3d2%5Cx26escs%5Cx3dAZ8E49AbaMoRg1qgNcLn_4cxScueAq5guW_mVmgDZBjejFZJ-cRD4TVTWVrAoGQm8G-UO-rvMtlh6BaDQoevrgvvfKfj_otJc4zu</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://consent.google.com/d?continue=https://www.google.com/&amp;gl=DE&amp;m=0&amp;pc=shp&amp;cm=5&amp;hl=de&amp;src=4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://consent.google.com/save</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://consent.google.com/save?continue%5Cx3dhttps://www.google.com/%5Cx26gl%5Cx3dDE%5Cx26m%5Cx3d0%5Cx26pc%5Cx3dshp%5Cx26x%5Cx3d5%5Cx26src%5Cx3d2%5Cx26hl%5Cx3dde%5Cx26bl%5Cx3dgws_20260701-0_RC1%5Cx26uxe%5Cx3dnone%5Cx26cm%5Cx3d2%5Cx26set_eom%5Cx3dfalse%5Cx26set_aps%5Cx3dtrue%5Cx26set_sc%5Cx3dtrue%5Cx26escs%5Cx3dAZ8E49CEGQecafI2KuEeqqvWMz0foOl1q7UeW1RfaCPsYJyXpgRMt_U7oXC8nv2CyjFb5CH43z5Yz47J_584uzct84EjfxBo7YbY</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://consent.google.com/save?continue%5Cx3dhttps://www.google.com/%5Cx26gl%5Cx3dDE%5Cx26m%5Cx3d0%5Cx26pc%5Cx3dshp%5Cx26x%5Cx3d5%5Cx26src%5Cx3d2%5Cx26hl%5Cx3dde%5Cx26bl%5Cx3dgws_20260701-0_RC1%5Cx26uxe%5Cx3dnone%5Cx26cm%5Cx3d2%5Cx26set_eom%5Cx3dtrue%5Cx26escs%5Cx3dAZ8E49Bw8almhzOrcHbCCHXZStAvGxNWkqGMG7zV6zjzBtISBftDKx9NPiTi2MzSWuCfbuFPP2VY8qonBVH-u5yYxKAN824fcu45</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://google.com/search/howsearchworks/?fg=1</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://mail.google.com/mail/&amp;ogbl</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://ogads-pa.clients6.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://ogs.google.com/widget/app/so?eom=1%5Cu0026awwd=1%5Cu0026em=2%5Cu0026scv=1%5Cu0026dpi=89978449</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://ogs.google.com/widget/callout?eom=1%5Cu0026dc=1</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://policies.google.com/privacy?hl=de&amp;fg=1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://policies.google.com/privacy?hl=de&amp;fg=1&amp;utm_source=ucbs</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://policies.google.com/technologies/cookies?utm_source=ucbs&amp;hl=de</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://policies.google.com/terms?hl=de&amp;fg=1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://policies.google.com/terms?hl=de&amp;fg=1&amp;utm_source=ucbs</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://store.google.com/DE?utm_source=hp_header&amp;utm_medium=google_ooo&amp;utm_campaign=GS100042&amp;hl=de-DE</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://support.google.com/chrome/?p%5Cx3dui_voice_search%5C%5C%5Cx22</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://support.google.com/websearch/?p=ws_results_help&amp;hl=de&amp;fg=1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://support.google.com/websearch/answer/106230?hl=de</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://sustainability.google/intl/de/klimaschutz/?utm_source=googlehpfooter&amp;utm_medium=housepromos&amp;utm_campaign=bottom-footer&amp;utm_content=</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://trends.google.com/trends/trendingsearches/daily?geo%3DDE%5C%5Cu0026sa%5Cx3dt%5C%5Cu0026usg%5Cx3dAOvVaw0QpMFYFB8nlEzwfPRBPxWf%5Cx22],%5Cx22id%5Cx22:%5Cx22trendy%5Cx22,%5Cx22msg%5Cx22:%5Cx22Heute</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.google.com/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/imghp?hl=de&amp;ogbl</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/intl/de_de/ads/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/intl/de_de/ads/?subid=ww-ww-et-g-awa-a-g_hpafoot1_1!o2&amp;utm_source=google.com&amp;utm_medium=referral&amp;utm_campaign=google_hpafooter&amp;fg=1</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/preferences?hl=de&amp;fg=1</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/search</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/search?q%3DNebel%2Bim%2BWeltraum%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3Db%5Cx22,%5Cx22/url?url%5Cx3dhttps://www.google.com/search?q%3DOrionnebel%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3Db%5Cx22,%5Cx22/url?url%5Cx3dhttps://www.google.com/search?q%3DReflexionsnebel%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3Db%5Cx22],%5Cx22id%5Cx22:%5Cx22stellar%5Cx22,%5Cx22msg%5Cx22:%5Cx22Heute</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/services/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/services/?subid=ww-ww-et-g-awa-a-g_hpbfoot1_1!o2&amp;utm_source=google.com&amp;utm_medium=referral&amp;utm_campaign=google_hpbfooter&amp;fg=1</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/setprefs?sig=0_f2J-gtlnt-Bmu6Y7yg9o-IhCWmU%3D&amp;hl=en&amp;source=homepage&amp;sa=X&amp;ved=0ahUKEwio4tbRgr-VAxW5VKQEHceFAogQ2ZgBCBc</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.de/intl/de/about/products</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.gstatic.com/og/_/js/k=og.asy.en_US.PhFAqlkH-m0.2019.O/rt=j/m=_ac</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.gstatic.com/og/_/js/k=og.asy.en_US.PhFAqlkH-m0.2019.O/rt=j/m=_ac,_awd,ada,lldp,qads,abld/exm=/d=1/ed=1/rs=AA2YrTs7cU8uR_Gvt5MxLbVMCfcZk2xF7w</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.gstatic.com/og/_/ss/k=og.asy.rmDKsWSOTEE.L.W.O/m=ll_tdm,adcgm3,ll_fw,abld/excm=/d=1/ed=1/ct=zgms/rs=AA2YrTvVbU6kFYShmb37FXVbeSuk0QBnfQ</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://spotfypremiums.secureepayment.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://spotfypremiums.secureepayment.com/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>about.google</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>accounts.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>artsandculture.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>consent.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>google.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>mail.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>ogads-pa.clients6.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>ogs.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>policies.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>store.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>support.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>sustainability.google</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>trends.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.google.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.google.de</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>spotfypremiums.secureepayment.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>142.251.127.102</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.94</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.250.154.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>188.114.97.3</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.84</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.14.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.104</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.250.154.18</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.250.154.139</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.20.139</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>216.239.32.29</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.102</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.150.119</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.94</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.138</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>216.239.36.21</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.102</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>f1480b2b4bb9abd703c20053a1fdf0a0cf8a4b37928ba37f79926db0e095231a</SHA-256>
              <SHA-1>a35accae886c747dbc760d8736624fce8b6b1464</SHA-1>
              <MD5>24b31450864b256d3bee1f2aa19863f5</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>c49c0948b4125fcc2fe8a560846753921301a4a45a59ef4ee48c88358bf0f98f</SHA-256>
              <SHA-1>aed31ef2a634d85b2153594f77e1e7e31a51fac5</SHA-1>
              <MD5>9809a1f73a9f7a67d8a6e7ef76c739ba</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>0eebf8e0ff0e3cd98252a05c8224574ca3af0f8f85f0ab603499ca015a8a6760</SHA-256>
              <SHA-1>9fccb72a4fa638811e54a799e632b6f07fd41249</SHA-1>
              <MD5>6e6793c94fe0d2a77318b22d10f231ec</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>42f2376624b20dc36263f9e9ad387ded7b844db3d992144cf5428d1cf679693c</SHA-256>
              <SHA-1>38662675db93520945c89b9bb40c703f6225ba5f</SHA-1>
              <MD5>5e0247833f6f82ca38e53a9068079bd3</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>c0f36320441fe85a7de6ce19969aff5980985b79ff5299572895ff710a7b9c8b</SHA-256>
              <SHA-1>e95c251a78ec5fddab580fa23eff1cb7e85837ea</SHA-1>
              <MD5>3f9a5892062d0fd7b533599e1827d2f4</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <SHA-256>28baa8479d08eaf8adc1b955a68cd009f6c326299bb720561ec875c9dbe32c07</SHA-256>
              <SHA-1>e26962be403a4543714c299a32f3ab6cbde9afd2</SHA-1>
              <MD5>c461561398a01969489563ee4eb7cade</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>f4954dba973986f528ef9ecdc8fc01cfe021730bcc792bb605a34b4cb5e90d98</SHA-256>
              <SHA-1>b9eaa003af63f0930c7d8c18d2f75fa58b2dc322</SHA-1>
              <MD5>196c4569c4df44aa49d3d48534956382</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>e3594475219d64ad721386bf9461f39790f71b91f105baa68ff95678d67f87af</SHA-256>
              <SHA-1>eae9535808dd147cfd79e2b869b1157697578311</SHA-1>
              <MD5>1698cec58b1ce453993067d59eb573b7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>c63a8a3262a12e39a5d504e1589c02d3f0c5259bacc0b92cb0d01ecb2c9ba838</SHA-256>
              <SHA-1>a8123b11a1319a6ce372c958f076baedd8a6bbf8</SHA-1>
              <MD5>c0072ed47b6fa5383ed38870f47069ff</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>hxxps://spotfypremiums.secureepayment.com</name>
        <report_id>6effc515-d527-4eef-960c-bd513a833310</report_id>
        <tags>
          <value>html</value>
          <value>base64</value>
          <value>obfuscated</value>
          <value>captcha</value>
          <value>aidetect</value>
          <value>phishing</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>05b0c6e205850a67405800e0c060f3c15065c468c39df61e58d91475217100e4</id>
    <title>Analysis Report for 05b0c6e205850a67405800e0c060f3c15065c468c39df61e58d91475217100e4</title>
    <updated>2026-07-06T21:43:05Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c219a0bc678ad76e5ca6e</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c2166327f9453dea7d63a</flow_id>
        <hash>05b0c6e205850a67405800e0c060f3c15065c468c39df61e58d91475217100e4</hash>
        <iocs>
          <urls>
            <value>
              <url>http://luajit.org/</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>luajit.org</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>163.172.177.144</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>2df88c5e3730d5a1cca00fbd1a2d28e594de3b80fb305e1e3a01295e287da6be</SHA-256>
              <SHA-1>b9270c4f613e3becea0a5a6352971df2fc6a3c09</SHA-1>
              <MD5>ebf698f98023235e8ad24fcea7cef77e</MD5>
              <origin>JAVASCRIPT_EMULATION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d</SHA-256>
              <SHA-1>6c93b8c5fde8be4b2231dca6b8ec513cdc82c991</SHA-1>
              <MD5>5aa04ce935e78505e230765e85c34355</MD5>
              <origin>JAVASCRIPT_EMULATION</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>d275912bed6d6f05885e1869608b713654cd915b04b797a4aa69d5b07c29b964</SHA-256>
              <SHA-1>b3e36803e368ef36c668cf5fb55d73c7e6335fbd</SHA-1>
              <MD5>86aee30d516ff92de631fce1ce663816</MD5>
              <origin>JAVASCRIPT_EMULATION</origin>
              <file_type>text/plain</file_type>
            </value>
            <value>
              <SHA-256>d447a06cba8d3dbe80e09d73dd64576836b258961ee0d3ba56cf26cea7962b49</SHA-256>
              <SHA-1>145c72f8acdcd366869f955dffd000d3bc146b6e</SHA-1>
              <MD5>7675b38aabebc8427171447edd484b5b</MD5>
              <origin>JAVASCRIPT_EMULATION</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>66c50d2a5ba0a96d30be3d64fcdf344912799375fcd093735824af43ab991e87</SHA-256>
              <SHA-1>3212975408dc753eaa6ceff270a107fafc862aeb</SHA-1>
              <MD5>f853f444a788183296e243a0af587288</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>EXTRACTED_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>ENQ-NO-057909-PO-06970-MQQ-06870-07-2026.JS</name>
        <report_id>7bbed5c1-d434-4bc4-a000-d2887debe831</report_id>
        <tags>
          <value>javascript</value>
          <value>html</value>
          <value>xloader</value>
          <value>downloader</value>
          <value>dropper</value>
          <value>evasive</value>
          <value>masquerade</value>
          <value>obfuscated</value>
          <value>anti-debug</value>
          <value>packed</value>
          <value>repaired</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3c891a08bb69e041bf836b7c1759efdb1a20925eecea3eff20d39ffcac461569</id>
    <title>Analysis Report for 3c891a08bb69e041bf836b7c1759efdb1a20925eecea3eff20d39ffcac461569</title>
    <updated>2026-07-06T21:42:55Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c2168e094c2d95806162f</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c215c2c562ae7c822f0f0</flow_id>
        <hash>3c891a08bb69e041bf836b7c1759efdb1a20925eecea3eff20d39ffcac461569</hash>
        <iocs>
          <files>
            <value>
              <MD5>2a8b8657fc4ccb58a4507f27a2e8aab4</MD5>
              <SHA-1>cc90eb883f64589dc46407189c3cd80cbda97c71</SHA-1>
              <SHA-256>067c5765a6a11c469273d76b8fffc3c0ef0bb38beee06240045568cf91c8867b</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>178c27c204f21a13ee023fdb6ff0f89c</MD5>
              <SHA-1>8ebde618d224e6ad4a033c66a9576242cfa78b87</SHA-1>
              <SHA-256>49322c84efd52cb4e1e15c134f408bcb603087c47cff20a49ed11a1c163cb01a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>ef063ea37573161aedca29c71fd7580b</MD5>
              <SHA-1>a61a4d5095f997ed253c712bcb86d8e9d19cd8d8</SHA-1>
              <SHA-256>6860c7ceb0d4bf851a1152c2108ea7a247430313fe2fef82e7311c0207284e6a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>baa3174276f9b75546f7bf298cb18550</MD5>
              <SHA-1>51617c01abaa2a8f62c69d5501aa1d7021a6585a</SHA-1>
              <SHA-256>911646c3659fcbbcc393d8b9b9408a3ccbb9ff79c4b656a88083d6852f07b651</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>fd9b946afde3b1a9c7af5d23ccd624e8</MD5>
              <SHA-1>92589a8c999b3431b6d25fd792f33ea4e029ebc8</SHA-1>
              <SHA-256>a7cd575077e27e04b4218d69a48424264a0f281f784c892d16561fd772d61b4e</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>a19a2658ba69030c6ac9d11fd7d7e3c1</MD5>
              <SHA-1>879dcf690e5bf1941b27cf13c8bcf72f8356c650</SHA-1>
              <SHA-256>c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>22f84de84263bbd88d202c673863d161</MD5>
              <SHA-1>ec098766e5b916356485a898e70fe6b7b4adfc71</SHA-1>
              <SHA-256>dc5d65a653cb9c3586345fa6ee7b0204f28e27b6d26a4f3a30f3fc4a2b29c318</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>5b552f97bd01500c25b48ffb5b68ea34</MD5>
              <SHA-1>3024b34bf3906a2bb92f9240f47cbab736bdae85</SHA-1>
              <SHA-256>e19054eea94360cafec9eda5dabf365da73e78fa5e5306f8bd0cbfe4130b9886</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
          </files>
        </iocs>
        <name>3c891a08bb69e041bf836b7c1759efdb1a20925eecea3eff20d39ffcac461569.exe</name>
        <report_id>b563b0be-6343-4e4a-85f4-484abef3c55b</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>packed</value>
          <value>reconnaissance</value>
          <value>overlay</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>86fd6919b12f627f6b80d2d4a980d70ddc1228678182f471863a7557d3d1558a</id>
    <title>Analysis Report for 86fd6919b12f627f6b80d2d4a980d70ddc1228678182f471863a7557d3d1558a</title>
    <updated>2026-07-06T21:42:52Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c217374fb2f5922b6c99d</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c215a3abf2760bd72e249</flow_id>
        <hash>86fd6919b12f627f6b80d2d4a980d70ddc1228678182f471863a7557d3d1558a</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>22813a19603dfdabbc152571db92cadd0f0a4192d8cff8942baae650c820c808</SHA-256>
              <SHA-1>60bf529178e5f05463719555bd52551798e6ac88</SHA-1>
              <MD5>e602c6a4d4ddd15813cc8ab00888f496</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>28ae1807e280b537ef8a9b5df66942cd52adf418cd5a2e0b07ef48b25bd08955</SHA-256>
              <SHA-1>240236f7e7f1c2cea21c1d5eac0bef98094eb18a</SHA-1>
              <MD5>6b0f04cd06a91ff5ee96decd8eb6dbc6</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>2c1a56eba6748d328b230178eb17963fdbf29d99162641b90b758987f4c6658b</SHA-256>
              <SHA-1>9867311a9a4297f474513b7f69cf029a3b8d809c</SHA-1>
              <MD5>f0a968ef352ba94d7c78e37d86ac7260</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>308d9ab341983dbe017e822ce543fd57f3b191763cc776c93606a5e913d5a3d4</SHA-256>
              <SHA-1>ce93ee5e4f2ec5d4756565dae7e95be9d5946ebe</SHA-1>
              <MD5>37ae141df713f3f9047edf4bdd2486ea</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>352de19e58307439924e17bf1f8e53d7ee87bb6b799db151a187f06cf2e54072</SHA-256>
              <SHA-1>286f284014052b9c70581c0aec6f008f1bf33962</SHA-1>
              <MD5>78a359f0fba9302b7ba3515728189416</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>6a73143cfacd86719eecf2cc45bb66c23391ac62d0ffa167a1acda97b218a1a1</SHA-256>
              <SHA-1>bde6c7a67f2b92f27aa875d4955999a9772ff2bf</SHA-1>
              <MD5>4b54f097cdb6fa39423033d47fa200db</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>6bd1990b830571c05426131c936352f081dbf227a5f1f8708be380bb68c0ef1e</SHA-256>
              <SHA-1>9430e62b31117c2a62b30d5067a9a485b2b92262</SHA-1>
              <MD5>c2624d0a67009076569b24ceaf5c25f0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>70c44df2204ba02cef387313aed59a095724ba4b8e0213b68e41418b1236e140</SHA-256>
              <SHA-1>65f4cefce100e60fb5f37ee84f6c6079d8925964</SHA-1>
              <MD5>e113b50b534c1cf282bd8b50aa427dfe</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>91b02dbfc7de3d446cfa0c582ffcd94754e063ab54450b8545e926755c301d9f</SHA-256>
              <SHA-1>c8df9419ceba783553fc9f5da52146a52d950867</SHA-1>
              <MD5>5862fb822647bb0222206552d93026f2</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>96c7b054d2e1d983e964da4f6749b7a8e4fe6296cb4803b5668bf61a1d5deda4</SHA-256>
              <SHA-1>7d4428613b8ec9c1380ed96e18d4f2d0c380c94a</SHA-1>
              <MD5>892f0f6732ef0f73cf6db51e62017a74</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>b45c6a3366adc913f8d1f3cd2289aeddc2b4dae28c0e39daa911009f50234c43</SHA-256>
              <SHA-1>d78e110cb30ccff6366e410f6a16009383f8f2e9</SHA-1>
              <MD5>ac3f07c5aa93e413823a32f659240ad1</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>be0095738818ab878ec12febc789952dec0e68e9b24546336772d3697a15e431</SHA-256>
              <SHA-1>8307d4ea365d2d7f6682849914ddf590b5b9f844</SHA-1>
              <MD5>1ee15bd7258378b45d8af26ff483d629</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>c967b6ff098566e1b57b4e41edb8bb77d0c0dcb731587ccd09855d3d5da1a267</SHA-256>
              <SHA-1>57b0fe9cdc4510648de0c30b14163d6b6d3bb8c7</SHA-1>
              <MD5>2979f9bd2e0d5f61067a35ab7dad13ba</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>d1762780507b7007b8aef463b9bde5ae42d7c2fe7ef17e86ac6761d74ca4b6de</SHA-256>
              <SHA-1>18ed4b469a53a1d18e0c58ecbba69eb3e1c20f3d</SHA-1>
              <MD5>860dd9e8323f5e1f205cea45129e8653</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>f07f55d8a2d3e560f02673c49c8469b51a8d3548d7a1f0ee47355d6f080c9de8</SHA-256>
              <SHA-1>e1b814c0073be99d0f28e2ddb7d13b073f3dc67c</SHA-1>
              <MD5>713948be21003dfb618ecdb185e50a59</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
          </files>
        </iocs>
        <name>ufo50.exe</name>
        <report_id>d0681026-5113-4b9e-873f-ebd041122ea2</report_id>
        <tags>
          <value>peexe</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>base64</value>
          <value>keylogger</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>166e9fb5cbee9b653c3bf16405257030393edd7b3dce39ab6158233fd006dab0</id>
    <title>Analysis Report for 166e9fb5cbee9b653c3bf16405257030393edd7b3dce39ab6158233fd006dab0</title>
    <updated>2026-07-06T21:42:33Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c215774fb2f5922b6c996</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c21472c562ae7c822f0df</flow_id>
        <hash>166e9fb5cbee9b653c3bf16405257030393edd7b3dce39ab6158233fd006dab0</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>36ab845d3d6257bb8a086437fc7c11b95c29e3c63d857139917679e472c71590</SHA-256>
              <SHA-1>c25b5c175268b373925b9fccf6382d25e6a8a693</SHA-1>
              <MD5>70db2e11d67285768df932c25910a403</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>9bae54c9f5a766763cbc3bd7b862167f9181e15649d98ffdae65f163b82929c3</SHA-256>
              <SHA-1>1f123dfebd20864934707156452073f73ad55bfc</SHA-1>
              <MD5>6cfe45251d9f16dae5a1b2d640b62a50</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <registry>
            <value>
              <registry>Software\StubForgePractice\AVTraining_51231</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
          <btc_wallets>
            <value>
              <btc_wallet>12123a72172a56613bbe12dbabfc518a</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>166e9fb5cbee9b653c3bf16405257030393edd7b3dce39ab6158233fd006dab0.exe</name>
        <report_id>cf269dd4-e816-4151-baaa-68a25c6fd9b7</report_id>
        <tags>
          <value>peexe</value>
          <value>packed</value>
          <value>anti-debug</value>
          <value>overlay</value>
          <value>mingw</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c0d2e1aa85b01d4bf875c4ae49852f863a8cc4e7848cef910030956484c47dd2</id>
    <title>Analysis Report for c0d2e1aa85b01d4bf875c4ae49852f863a8cc4e7848cef910030956484c47dd2</title>
    <updated>2026-07-06T21:41:34Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c21200bc678ad76e5ca57</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c210c9016b0169a623f0d</flow_id>
        <hash>c0d2e1aa85b01d4bf875c4ae49852f863a8cc4e7848cef910030956484c47dd2</hash>
        <iocs>
          <urls>
            <value>
              <url>http://www.zhlt.info/common-mapping-problems.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>zhlt.info</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>vluzacn@163.com</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <files>
            <value>
              <MD5>bd62b6f553a2d1d012cc53fc325221d2</MD5>
              <SHA-1>c5353cec27b30fb35e414dd5f3d0e9205aaf1c07</SHA-1>
              <SHA-256>388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
          </files>
        </iocs>
        <name>hlbsp.exe</name>
        <report_id>2f14482d-7b9c-42d2-8038-352e8c5868d1</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
          <value>anti-debug</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c0d2e1aa85b01d4bf875c4ae49852f863a8cc4e7848cef910030956484c47dd2</id>
    <title>Analysis Report for c0d2e1aa85b01d4bf875c4ae49852f863a8cc4e7848cef910030956484c47dd2</title>
    <updated>2026-07-06T21:41:15Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c212b74fb2f5922b6c98c</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c20fa9a9579027330a5ac</flow_id>
        <hash>c0d2e1aa85b01d4bf875c4ae49852f863a8cc4e7848cef910030956484c47dd2</hash>
        <iocs>
          <urls>
            <value>
              <url>http://www.zhlt.info/common-mapping-problems.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>zhlt.info</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>vluzacn@163.com</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <files>
            <value>
              <SHA-256>388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6</SHA-256>
              <SHA-1>c5353cec27b30fb35e414dd5f3d0e9205aaf1c07</SHA-1>
              <MD5>bd62b6f553a2d1d012cc53fc325221d2</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
          </files>
        </iocs>
        <name>hlbsp.exe</name>
        <report_id>169b90d4-1989-4e80-b760-6ed4c9f2fb89</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
          <value>anti-debug</value>
          <value>evasive</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b8979e31b0e18fd57d4e0a7512e9e0109d68312fd9a5837d62fcb11ace457c2f</id>
    <title>Analysis Report for b8979e31b0e18fd57d4e0a7512e9e0109d68312fd9a5837d62fcb11ace457c2f</title>
    <updated>2026-07-06T21:41:06Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c211174fb2f5922b6c987</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c20f03abf2760bd72e1bb</flow_id>
        <hash>b8979e31b0e18fd57d4e0a7512e9e0109d68312fd9a5837d62fcb11ace457c2f</hash>
        <iocs>
          <ips>
            <value>
              <ip>255.255.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>11516533895adca7e3024656c04f4f52b653e97d278bae0b3d40006d3124e5e4</SHA-256>
              <SHA-1>ece90301e15bde6e4082107a4777079b8aef2951</SHA-1>
              <MD5>4ed699b8f804510f947368522a395b79</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>157a1b16f44cb13ad3594ae46a7acc15836ea74318bfd547edb011e0ddd6c0e8</SHA-256>
              <SHA-1>1551d0ca913933ab4aa4458321cb57e1259ed6c2</SHA-1>
              <MD5>79b58342a7c4c7dd9dc136349001b102</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>2519cbe9220396ebe60121daf54fa5862cb7561ae27db445a2cbf95565357b94</SHA-256>
              <SHA-1>733d54b4aed595627280c1bcdb6d5c95c95c56cd</SHA-1>
              <MD5>052d563a1dafafd9cc9791349c00ea10</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>3099c708fd7ded98b38970519176cfdf9fc732c5dab3a637b29b4004df95dd52</SHA-256>
              <SHA-1>c9fe7df76c32b7911b70ed7065067cedf0ca5e9d</SHA-1>
              <MD5>29b291ad75c93524e2d6b72a2e77f183</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df</SHA-256>
              <SHA-1>4260284ce14278c397aaf6f389c1609b0ab0ce51</SHA-1>
              <MD5>1e4a89b11eae0fcf8bb5fdd5ec3b6f61</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>53b5b946a89e8878929a1e5bde0af7f44e63c258c21994b473202ddd92728da2</SHA-256>
              <SHA-1>4dc82e7d566eb9e52b0ce613c32e862946bbe677</SHA-1>
              <MD5>2065035fbc5003c4369ccf7dcf3313a8</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>5572c3b79eac05b505d3d987874f83a02861ac4f311a787a1b029b53b7d95451</SHA-256>
              <SHA-1>3667781deeabb173f4b7bd47eda7015697bbf440</SHA-1>
              <MD5>a59782bf04b60c20449363adcedfc281</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>5c2ac990dd964e264ff8a82670ad73b29a27367804c63063223fc8a9751c75fc</SHA-256>
              <SHA-1>a574ba550d1324827fbdb0146616aa2d80da1844</SHA-1>
              <MD5>c0b1a95d8e2191de7db362cc6405fe80</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>62783dc154551d28c259472228007058cbbf44fbc549c2036f3775364f5ddb9c</SHA-256>
              <SHA-1>67c977f2bd5d27f7395e871be02bb8738bf5be02</SHA-1>
              <MD5>acab3c15838798165f41deb1dd1b623e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>64142af48f0b6d56aab5faf535359989f9e0bb458cc9784b630663fec55a3553</SHA-256>
              <SHA-1>42e942232c84220493407dc0f4fb11daf966dcde</SHA-1>
              <MD5>f6a9c501aac7dce9ac5ccf82bbdc404e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>6543ddb4447151489ba0048d6d1f3cd3662ad370aed4b3c625098440e291ffc4</SHA-256>
              <SHA-1>a372d9ba4435b6be6c44d3015c303faee1d4fc7a</SHA-1>
              <MD5>c8fb5228d8e77325d27463d338276b73</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>7a7b1ac915ec71eb3c78695ff34b58c82edbd87eef7406644cc8631821becd1b</SHA-256>
              <SHA-1>3d76c15715b621be81b17815daf9d114166b0f96</SHA-1>
              <MD5>cc772b157f2abf3bd2c38752a32a3940</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>9008e797d18615a535bf28ebc7f10b94934215943a897d8239c24d3d5b9134de</SHA-256>
              <SHA-1>09116d0b5bbbc0d7c8e7ecd03a96738955c6bf1a</SHA-1>
              <MD5>956f2e53d4962a64fbffb90146b6dad3</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>9529dce94d76746ee2f93dcf9f94109afd39b13a390b8d8ad1de7468bcb48da8</SHA-256>
              <SHA-1>8a9e6008965dae6326142e4b9d066de9416df86e</SHA-1>
              <MD5>2e25811c524abe0a72ea1240da9e00fc</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>9b157b77c144a7e5788d5180b7010f5cf1cd46f27219957723f5f7dbe4589177</SHA-256>
              <SHA-1>f208e1980306bb639280debaee2550d014008342</SHA-1>
              <MD5>5c07aab22bb3fa82f91bf9dc34bf3d43</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>a72a147c6fa80dbfaecd05d3036917af0b0a097c15edb9637adbc1909e1f65bd</SHA-256>
              <SHA-1>a128fe813eb2a8d9abeddd159239581ce7a892a4</SHA-1>
              <MD5>4b24253682a617f11dd97303fe0eed65</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>ae0f371ea2dfc2fdd363df9f10651dcddfd0e9169aba8d26e43702a5f8e4abfa</SHA-256>
              <SHA-1>8f1289333a69cffda8288d2c69473056b8938122</SHA-1>
              <MD5>c21c852b74b17597be42e28d58739efe</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>b3d471522da13c59548e82c33570784408316049b2f5d110411d2637cf6d2ded</SHA-256>
              <SHA-1>f7fd34e94a45c2e11f0e2cc2add2aa0a0d5cb916</SHA-1>
              <MD5>ffca4b680c5bbc45b7218541811b2f23</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>bbeab64c89fc0ca4b898377256594c921ab41ea223afc7b5d727a4c5eb484c45</SHA-256>
              <SHA-1>b8b941c08c126f96332d56cbab9b2f6b761a494e</SHA-1>
              <MD5>3fad76ba87d6ede772739be863c83b5a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>d52541dbc7b729adba08166c7964ac835974b586c0e88fa35620ad48b585c1a8</SHA-256>
              <SHA-1>dc4473a7eb0da7d2aecda506bff595943b2b67b5</SHA-1>
              <MD5>273c67ea195d0f3e8fbb3ee6f4200ddf</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>f29a7666cb7cb0b2209448cabdfd58c8edd3dd6c113a88b1b249886a8940ab02</SHA-256>
              <SHA-1>6a113744bbde1889e2b20d680d695e36db045358</SHA-1>
              <MD5>fe5312d721b8a2da30d5c84e039651cb</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>fb5f9c28900dcc3e25341f246d238600c87cf480c3a2705ba1e58fd1ef90784e</SHA-256>
              <SHA-1>21b9eff639f41758258ae5025ee50d92737b24f2</SHA-1>
              <MD5>0e62f26e6da7388b9f54faabb1e16c08</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>20D04FE0-3AEA-1069-A2D8-08002B30309D</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>55c92734-d682-4d71-983e-d6ec3f16059f</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>Software\Classes\</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Policies\Explorer</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Policies\Network</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
        </iocs>
        <name>b8979e31b0e18fd57d4e0a7512e9e0109d68312fd9a5837d62fcb11ace457c2f.exe</name>
        <report_id>84274c26-2d62-4806-b486-75ecf41a31e1</report_id>
        <tags>
          <value>peexe</value>
          <value>keylogger</value>
          <value>anti-debug</value>
          <value>adaptive-context</value>
          <value>anti-vm</value>
          <value>cmd</value>
          <value>packed</value>
          <value>overlay</value>
          <value>fingerprint</value>
          <value>crypto</value>
          <value>expired-cert</value>
          <value>explorer</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
          <value>runonce</value>
          <value>wmic</value>
          <value>microsoft_visual_cc</value>
          <value>invalid-signature</value>
          <value>signed</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>806c3a04fea4896fed832cbabd873a758b644219eb94bb129967cefa408408a1</id>
    <title>Analysis Report for 806c3a04fea4896fed832cbabd873a758b644219eb94bb129967cefa408408a1</title>
    <updated>2026-07-06T21:40:10Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c210574fb2f5922b6c983</_id>
        <file_type>application/vnd.android.package-archive</file_type>
        <flow_id>6a4c20b72c562ae7c822f071</flow_id>
        <hash>806c3a04fea4896fed832cbabd873a758b644219eb94bb129967cefa408408a1</hash>
        <iocs>
          <urls>
            <value>
              <url>http://example.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://example.com/playlist.m3u</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://api.flutter.dev/flutter/material/Scaffold/of.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://api.kgvplayer.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://example.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://example.com/epg.xml</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://github.com/dart-lang/language/issues/3488</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://github.com/media-kit/media-kit#installation</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://pub.dev/packages/media_kit#installation</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://socket.io/docs/v3/migrating-from-2-x-to-3-0/)</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>api.flutter.dev</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.kgvplayer.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>example.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>pub.dev</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>socket.io</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>_ByteBuffer@8027147._New</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>_Double@0150898.fromInteger</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>_GrowableList@0150898._literal</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>_ImmutableList@0150898._Tk</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>_TypeError@0150898._create</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>_pca@360287047.une</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>76.76.21.142</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>199.36.158.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.147.243</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.21.75.223</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>140.82.121.4</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>34.36.0.14</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>ff67a9d764d6a2367a187734e697f6a53217db9a21c101d410a113ca871a299d</SHA-256>
              <SHA-1>51591dc40201f393e8e650deed960e1b1dbba13f</SHA-1>
              <MD5>c35dafa74975d89a1236a2591acb3616</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>bdeca1e16b65779e2835f803c5ebe175da16f6759e323774cbb88728d020cf37</SHA-256>
              <SHA-1>ca5ecfc24ec8873bbc821c025eba9bcd558c93a3</SHA-1>
              <MD5>4b2fc00d938de9d353581a9af4e72997</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>ceaf61387be7b18784964bfee77424ab9a8e58e71476ee6283613aece598232e</SHA-256>
              <SHA-1>6b5db227a6aa2228c777b0771108b184b1fc5df3</SHA-1>
              <MD5>2a2e12c8edad17de62354ea4531ac82c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>ebc04486f2f2a32cf0907f0ec1d8f909d61101019bcbf8dea85baa1217615af9</SHA-256>
              <SHA-1>cabe5f47e205abca36149fea0cd298adba4292ba</SHA-1>
              <MD5>dac69e54bca4271e3dfc5ce115d9de22</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b7f0dc902b01bbda14dd40b3eef563d28da24537af75473e204a7d7bc881278c</SHA-256>
              <SHA-1>3f4dcafc0cd24cefd1f45e2dd10dd91b4b3b34e1</SHA-1>
              <MD5>768193aa58b442a7af2a683e9dda7986</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>cd7bd6164ddf2e192ebf68c82f522fd521aa14142e0cb07f807d2b39a9d993cb</SHA-256>
              <SHA-1>6ff78f2e659021460558cee8dfcc760b3d5dd3ed</SHA-1>
              <MD5>fd1899f0063be711733552accc778ae7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>095d5aa41f70a10097e63bccccf485a9750868199f4628f535f9c36439209ea2</SHA-256>
              <SHA-1>f373bf423bbb999aea08573a4e2d0a378c937d41</SHA-1>
              <MD5>739a458f3e1d75c61c1a2e999ca9cd11</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>0f0a0432722ae3af2ce8c78def07e205e207ea8980bb90b3c5a8ab74d7497ae3</SHA-256>
              <SHA-1>167d0f855a96d8c3e6fb55e3e722a84fdd57abc8</SHA-1>
              <MD5>3ad71cbad2ce55358b4d6e932e193f6f</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>587ee1e4b7b4873e4919401c13582bb83dd0d6eaae912576ceb7a79ea90e300b</SHA-256>
              <SHA-1>c50d375f74ed7110d3db8b6d3e5dc2a2f7e0b517</SHA-1>
              <MD5>400ac5a86bbb26e102cf985e3428b833</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>6f727970eb8144c02d3fd152024be10b38e97c85f9ac23baedbc4b4bde670fe0</SHA-256>
              <SHA-1>4d912301a00f20edd22d01d965e87c70fc72c702</SHA-1>
              <MD5>4a6b850489b8af8a02271d41dbc777cb</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>7fca495d393e95c9aec0f97642ac2dcd576e87433be8650c13f6adfaf1ab432d</SHA-256>
              <SHA-1>3a2033b0bce91f85dddc6ff82496ccaa9b63ac79</SHA-1>
              <MD5>5cfa0fa2d302587316f128c89b795ea0</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>d92ee7714f8287c4a74f5c015efe4cab2b327e2606aa76632abc6b184655142f</SHA-256>
              <SHA-1>80543f4e34e2c185451c42add34d93af5a749cee</SHA-1>
              <MD5>b6b78a53dea987ba087d5807ce360463</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>175ea1796b950eff2b5c122846e4febbc708ded8c9ffb27837749ad8ab76d702</SHA-256>
              <SHA-1>622f821faaca2238e01c42a3fc59f9b326ee0fe3</SHA-1>
              <MD5>3cea0ca56c74cc318b1be4e989a1c620</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>437fcf2ae1207e69be5a8c1f9b8db68994755edbead9c116974546df333f39b0</SHA-256>
              <SHA-1>ebc85664df00fbb5f8644cf6cacc4a0d1c19df86</SHA-1>
              <MD5>5a6b44464554e270f06dab56163a5f2c</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>78df4fbf9c1d37d52cd02acaa3b386a836f0038b4878a807d0107ea192cb34d2</SHA-256>
              <SHA-1>1f21dc1c818017ede2ab6adf21a3818e39b58a21</SHA-1>
              <MD5>4b44a36c774585a0e4e847e31bdd9a4e</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>7dfd5316a83dc04b51c46c7a9fa989ea3eb60f18e24d11c37a407cb37fd74f55</SHA-256>
              <SHA-1>816a318aa28e91a384fa809e7ec4e8dd870c237e</SHA-1>
              <MD5>fdb24c532dffae1ac14a625c25dd8fa5</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>a5c9e1ee72f08f59ee9ff50fa9c18b6059c96a6b685837d0eda5b95e2b0468b8</SHA-256>
              <SHA-1>1c4a1d86d5afa619327f05ff78cb3a2c770e8fb0</SHA-1>
              <MD5>dcbe1937c927eb32cf42e9b057ee7776</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b5ac0f1d2446a335fb1a356aaa8d7b0431b0365758510f8c87df7c4d15b3d106</SHA-256>
              <SHA-1>e2cdfbcef60144e03fc36c64b028a72e8eb45b6a</SHA-1>
              <MD5>704cea161f5e457ca91db2179baf6321</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>dd781b9081599e8e341ade8b28c183e7e03679a5a2bfabaac378b9f3912f8e87</SHA-256>
              <SHA-1>b5e3954ec22500cc6381141f7d74365aff3413fc</SHA-1>
              <MD5>0cad89ba605ad808a283c0fcba6e7b2d</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e6359c85087b76b63880b36236cd0cbc25150292e5f6ed051b5ce7c4196aaaa4</SHA-256>
              <SHA-1>d4c14c4588a06acecae8503a7b94e270c6779fb9</SHA-1>
              <MD5>8a8dbc5c7290c7186b0e8c0b272a40e1</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>ef50df3ef0f9b37a30f10977a0000650917a93720cdea7eb6b39ce88525cc0a9</SHA-256>
              <SHA-1>e4fb00597b344b06d4b15eca08a1ffc2a200b7c1</SHA-1>
              <MD5>45d05fb3839a50e39953721dd4da54da</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>258EAFA5-E914-47DA-95CA-C5AB0DC85B11</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>6ba7b811-9dad-11d1-80b4-00c04fd430c8</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <btc_wallets>
            <value>
              <btc_wallet>x829a1a:$btc: 33333333333333333333333333333</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x8330d0:$btc: 1111111111111111222222222222222</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>config.arm64_v8a.apk</name>
        <report_id>9ac6aaff-1476-4c1b-8d0b-baaf135a1f0e</report_id>
        <tags>
          <value>apk</value>
          <value>html</value>
          <value>txt</value>
          <value>json</value>
          <value>signed</value>
          <value>base64</value>
          <value>obfuscated</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e7397af0f9904409dc0d1abf35654f8b311414982897b7ade6e41d565d59849c</id>
    <title>Analysis Report for e7397af0f9904409dc0d1abf35654f8b311414982897b7ade6e41d565d59849c</title>
    <updated>2026-07-06T21:39:29Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c20b974fb2f5922b6c973</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c208f2c562ae7c822f055</flow_id>
        <hash>e7397af0f9904409dc0d1abf35654f8b311414982897b7ade6e41d565d59849c</hash>
        <iocs>
          <urls>
            <value>
              <url>file:///tmp/tmpk8wshegd.html</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <emails>
            <value>
              <email>ca@dbrs.de</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <email>ca@dbrs.de</email>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <email>ca@dbrs.de</email>
              <origin>EMAIL_BODY</origin>
            </value>
          </emails>
          <files>
            <value>
              <SHA-256>6c547737d5f289c3062ef635bd210da8d8538431fc1d6db929b1437a65c3a2d8</SHA-256>
              <SHA-1>3100b822eea77898c7935e3e0f7f6dd6b15dadd4</SHA-1>
              <MD5>278ba2deda82f94a6d5a28062fb4d35f</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/plain</file_type>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>ddd941b3-48be-4a7b-9f2b-95b8990beecd</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>obfuscated</value>
          <value>aidetect</value>
          <value>phishing</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>55208c44a3678c4ef9e701cf9dbf50064ab8fd98da60eb725d840bfb0797949b</id>
    <title>Analysis Report for 55208c44a3678c4ef9e701cf9dbf50064ab8fd98da60eb725d840bfb0797949b</title>
    <updated>2026-07-06T21:39:17Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c20a6ff2e0900e305af7a</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c20829016b0169a623e3d</flow_id>
        <hash>55208c44a3678c4ef9e701cf9dbf50064ab8fd98da60eb725d840bfb0797949b</hash>
        <iocs/>
        <name>x55208c44a3678c4ef9e701cf9dbf50064ab8fd98da60eb725d840bfb0797949b.exe</name>
        <report_id>c7c45807-8dde-45f6-b587-5cfb872d680e</report_id>
        <tags>
          <value>peexe</value>
          <value>golang</value>
          <value>lummastealer</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>402f19e4ac0f0aad5305e007a0b6f92335a8ddd9406977ade10808e6c5ed6609</id>
    <title>Analysis Report for 402f19e4ac0f0aad5305e007a0b6f92335a8ddd9406977ade10808e6c5ed6609</title>
    <updated>2026-07-06T21:38:59Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c209974fb2f5922b6c96b</_id>
        <file_type>application/vnd.android.package-archive</file_type>
        <flow_id>6a4c20709016b0169a623e0f</flow_id>
        <hash>402f19e4ac0f0aad5305e007a0b6f92335a8ddd9406977ade10808e6c5ed6609</hash>
        <iocs>
          <urls>
            <value>
              <url>http://ns.adobe.com/tiff/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0/mm</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0/sType/ResourceEvent</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://purl.org/dc/elements/1.1</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://www.gimp.org/xmp</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://kgtv-player.firebaseio.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://crbug.com/388824130</url>
              <origin>APK_DECODING</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://docs.flutter.dev/deployment/android#what-are-the-supported-target-architectures</url>
              <origin>APK_DECODING</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.googleadservices.com/pagead/conversion/app/deeplink?id_type=adid&amp;sdk_version=</url>
              <origin>APK_DECODING</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>gimp.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>kgtv-player.firebaseio.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ns.adobe.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>purl.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crbug.com</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>docs.flutter.dev</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>googleadservices.com</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>199.36.158.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>207.241.225.157</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.154</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>35.201.97.85</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>151.101.193.91</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>216.239.32.29</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>d280c49d0b7424a084271143953cab608b305d23e52f2d062397de7475d7354f</SHA-256>
              <SHA-1>afa3379b1e9a0f0e913b4fda53e1f30e607ba8b1</SHA-1>
              <MD5>998f7fd7f12f80dfb580b408c5587eb0</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>aca0d9166a4adfe9e543b255968c53a8acad767f5ae963f74f34b61c752e5aa7</SHA-256>
              <SHA-1>5af1142f5379e9d521e7b88fa73459b764bd5249</SHA-1>
              <MD5>56aa32d0df941bd1385584a7f6b2f370</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>f94b977b3fd54e1a156eac90744339cd103036202a515f00725f4b01e8d19a5e</SHA-256>
              <SHA-1>f5b59bb33685d36b93951bf7527eba349b35f545</SHA-1>
              <MD5>bbd170391fa0cde5c30c09a2a322f70f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>695d4dca03bc5ceec1362eabf13a1f8e6d0e77229129402de926b075d69d7a74</SHA-256>
              <SHA-1>46186835ad16c169f8e903078f3bb5e8bb60b048</SHA-1>
              <MD5>3851ab2cf8262d2295dfef2a95438906</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>00000000-0000-0000-0000-000000000000</uuid>
              <origin>APK_DECODING</origin>
            </value>
            <value>
              <uuid>02204032-1119-4e52-9e1f-aa9d97d5d83b</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>2c722d7e-4324-46e4-8304-aba4e36caa7a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>6438c481-a378-4ab1-af75-ea0dc47c72d9</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e72b07a9-333a-43c5-aef5-3d49caa2c97d</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>tk.kgtv.apk</name>
        <report_id>b7f7340e-4b2f-48fb-8ace-a4925f3b34c8</report_id>
        <tags>
          <value>apk</value>
          <value>html</value>
          <value>masquerade</value>
          <value>obfuscated</value>
          <value>captcha</value>
          <value>signed</value>
          <value>base64</value>
          <value>crypto</value>
          <value>evasive</value>
          <value>fingerprint</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>1b4f759dfeabd19ce023a27dba75265e910a98abbec326bb5925492b6da800d1</id>
    <title>Analysis Report for 1b4f759dfeabd19ce023a27dba75265e910a98abbec326bb5925492b6da800d1</title>
    <updated>2026-07-06T21:36:49Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c200974fb2f5922b6c950</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1ff19016b0169a623d1b</flow_id>
        <hash>1b4f759dfeabd19ce023a27dba75265e910a98abbec326bb5925492b6da800d1</hash>
        <iocs/>
        <name>t7n74szb9fu529ov.exe</name>
        <report_id>661824bd-3a1d-4468-9939-dfee11679730</report_id>
        <tags>
          <value>peexe</value>
          <value>obfuscated</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>5c32a73aa52fff523c45b460af8b88b723c928bdda24d54150ab772b1366dc69</id>
    <title>Analysis Report for 5c32a73aa52fff523c45b460af8b88b723c928bdda24d54150ab772b1366dc69</title>
    <updated>2026-07-06T21:36:17Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c202f0bc678ad76e5ca2b</_id>
        <file_type>application/vnd.android.package-archive</file_type>
        <flow_id>6a4c1fce327f9453dea7d60b</flow_id>
        <hash>5c32a73aa52fff523c45b460af8b88b723c928bdda24d54150ab772b1366dc69</hash>
        <iocs>
          <urls>
            <value>
              <url>https://developer.android.com/training/articles/direct-boot</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://issuetracker.google.com/issues/241760537</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://issuetracker.google.com/issues/new?component=907884&amp;template=1466542</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://android.googlesource.com/toolchain/clang</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://android.googlesource.com/toolchain/llvm</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://android.googlesource.com/toolchain/llvm-project</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://github.com/Kotlin/llvm-project</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://streams.videolan.org/upload/</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>developer.android.com</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>issuetracker.google.com</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>android.googlesource.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>streams.videolan.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>ffmpeg-devel@ffmpeg.org</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>142.251.20.139</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.20.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>213.36.253.119</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>140.82.121.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.127.82</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>16b004487eed2c17b3f1576c2f7da51cf57758fda52910652fa31b1c35661044</SHA-256>
              <SHA-1>919f26ab5973b5c0628e19861d5d5863fbd3c41c</SHA-1>
              <MD5>54870c2eddab38d7945a4f0f276a1ee7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>8b78f7018de06b474363b70eb83007adfbaee7b98abd1370c8602f26c4f2df1d</SHA-256>
              <SHA-1>ff0d406edcac22764e1bab230a5b40ee7f32f686</SHA-1>
              <MD5>25d1aca2a49388d8153cc2b9878df68b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>779d064aec3d2680bc2f354c377437e86c7aedbfd87a3f0160e7a6720ceb5189</SHA-256>
              <SHA-1>063b2eb40e262594d89b4df9db8dd4131a909a59</SHA-1>
              <MD5>dc9f80cabaf40cef94775cb8070477b2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>e1a518afc5d77650008a218e2e1b685eaf5c3bcb5129b83856016b8ea698a10d</SHA-256>
              <SHA-1>b5f32802687a0755d2e85d43f07a82d28f531352</SHA-1>
              <MD5>34b83a8b7026f1001bc3e1f6f040a4a3</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>3845d1d7f7c27c7fc625927c539e5f22fb589f2ac274b544a1c8aa41c50f0379</SHA-256>
              <SHA-1>256b89abc0c5607dd6aa9853e77bc4835baa53ca</SHA-1>
              <MD5>1083f466e6c831656796d8168d56481e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>6b01c526e95458471fca187475b6e8c1656111131e9d53e412564a555ca22f4c</SHA-256>
              <SHA-1>6728ceb677ba60c676fa45d9f38decb91d876e4b</SHA-1>
              <MD5>d7c7280b0517aba4807970f03203450e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>aac201dbedaf2efbaca835cc390919fd7583fe5727b522611f8280dec0a0ffdb</SHA-256>
              <SHA-1>3f3c70e2af8eb21dc578571b79ed78db58289064</SHA-1>
              <MD5>a07f7fdcd28212f7c6d9e0d4edc0270b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>1e38c9168221c4187120560b1e4e9c9d6ada78f839157ed71e31ec96c73f8dcb</SHA-256>
              <SHA-1>19dfb74a8f8cb02fdc47ebb0a010767d30669936</SHA-1>
              <MD5>068008ac8dafe271e85c0f81b98bca8b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>95ed6082-b8e9-46e8-a73f-ff56f00f5d9d</uuid>
              <origin>APK_DECODING</origin>
            </value>
          </uuids>
          <btc_wallets>
            <value>
              <btc_wallet>xdc5f7a:$btc: 11Zichtbaarheidswijziginge</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>StreamVault-1.0.15.apk</name>
        <report_id>4e0e8ec5-d398-4c1c-b420-9949d94024a1</report_id>
        <tags>
          <value>apk</value>
          <value>html</value>
          <value>anti-vm</value>
          <value>persistence</value>
          <value>base64</value>
          <value>crypto</value>
          <value>evasive</value>
          <value>fingerprint</value>
          <value>signed</value>
          <value>obfuscated</value>
          <value>captcha</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>472d6e41cd2508b73ed755e1505b73c3651dd83775540d1a1aaa28af7daf81ab</id>
    <title>Analysis Report for 472d6e41cd2508b73ed755e1505b73c3651dd83775540d1a1aaa28af7daf81ab</title>
    <updated>2026-07-06T21:36:10Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1fe474fb2f5922b6c946</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c1fc99016b0169a623ccc</flow_id>
        <hash>472d6e41cd2508b73ed755e1505b73c3651dd83775540d1a1aaa28af7daf81ab</hash>
        <iocs>
          <urls>
            <value>
              <url>https://171588.square.site/</url>
              <origin>INTERNAL</origin>
            </value>
            <value>
              <url>https://171588.square.site/</url>
              <origin>MSHTA_EMULATION</origin>
            </value>
            <value>
              <url>https://171588.square.site/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>file:///tmp/tmpk7hhm7hh.html</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>171588.square.site</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>171588.square.site</url>
              <origin>MSHTA_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>74.115.51.4</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>6d4481b75c2492513d1e0fa7aea0446e3e0d9af5afb39d59b6be9e956737c03e</SHA-256>
              <SHA-1>420d2dad71ccb4816424eb35ce33e80af4a72e01</SHA-1>
              <MD5>0ae2ef5a5f02c8af53fa7d82606fc8aa</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>Final Closing Package #1003.pdf .htm</name>
        <report_id>4588547a-d8c3-4b6f-a3cc-96325a0711ef</report_id>
        <tags>
          <value>html</value>
          <value>phishing</value>
          <value>masquerade</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>61be94e5601b43039a465f7d0370c007a3cf2111b2f77593ebd11796498e3d09</id>
    <title>Analysis Report for 61be94e5601b43039a465f7d0370c007a3cf2111b2f77593ebd11796498e3d09</title>
    <updated>2026-07-06T21:36:10Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ff674fb2f5922b6c94a</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1fc99016b0169a623cd0</flow_id>
        <hash>61be94e5601b43039a465f7d0370c007a3cf2111b2f77593ebd11796498e3d09</hash>
        <iocs>
          <urls>
            <value>
              <url>http://www.lennardigital.com/</url>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <url>http://www.lennardigital.com/favicon.ico</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://www.lennardigital.com/</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>http://www.lennardigital.com/favicon.ico</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://www.lennardigital.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://www.lennardigital.com/modules/sylenth1/version.php?version</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://www.lennardigital.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://schemas.microsoft.com/SMI/2</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>lennardigital.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>lennardigital.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>support@lennardigital.com</email>
              <origin>CONTENT_PARSE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>83.137.145.137</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>1116b5ea0f93f406ee681fd8042fa0af62d5e1043ec08515e6f77994d7887b0b</SHA-256>
              <SHA-1>d5842b4b11f1f9e9ddbcbab7e28ab212e2fb9743</SHA-1>
              <MD5>f739c878ab70036e49f82f51213e4bf6</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>14af6980c554aa39999d089f63eea9d8242852db2dc3c2d1e883fec125e1daeb</SHA-256>
              <SHA-1>452d84109330cc23642b6af70d21fb98e514c2a7</SHA-1>
              <MD5>d7ff776140e70fb719f0ca7c144a6d6c</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>3006c36fb20a5ef0e5b39435f74baf9268d71834ffe6ab1fc1f0ba89e5e41ab1</SHA-256>
              <SHA-1>0f93358b39f5915aa957f2ceb77dff54c8617c3b</SHA-1>
              <MD5>4dd805ef7c1842bd16a372a57cf635de</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>32190f2058856cd12baf008a3b997c8ee46c1c80e8f51222226ed17617c4ef17</SHA-256>
              <SHA-1>96e6393e2855fb093ee127c99a83544bce3894c5</SHA-1>
              <MD5>206234c722024da309aa24315ed41f21</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>3c6b978e7ea363a97b90ce5cd28a3fe6c8582a91ebe44464051e895cd04e4417</SHA-256>
              <SHA-1>93491ea7be6c7adc14ef7a117abd0bff1759d53a</SHA-1>
              <MD5>d0c9294e1aa1f573844e96dda78a8d52</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-innosetup</file_type>
            </value>
            <value>
              <SHA-256>40828fa5e6111761022af5b5a076a9e206f636f14150f0ad51ef46693184fedb</SHA-256>
              <SHA-1>f8bda55a478b60871c373c48df8bd297eb7ef461</SHA-1>
              <MD5>8f4dae3a35784d276511e9e8b32f5cdf</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>685df2a5859f69c4711bfcff82cd0361af7d159a3d0d7e5a85b2d561ea095dcd</SHA-256>
              <SHA-1>dbc7ced632637c084630d26c3d9c0d0c54ba7eab</SHA-1>
              <MD5>365f3704858f597e0e041934220fe7ac</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>71c4283a503f65c791189906b4cffb311028ac19f4df2c7ce4e6dd7db0eec501</SHA-256>
              <SHA-1>8f2fff65b486514e6885f38b7a86877573e74a05</SHA-1>
              <MD5>0c2ba530d37299b3d99868a3fa19538e</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>89b8374fb9d511c562bfbf95e1e0c23becb98de53a76448e43bc20e188b3cc18</SHA-256>
              <SHA-1>10f98fdaedc21d38c7ac910ec2bec62ca83c08d8</SHA-1>
              <MD5>ab6110fa2e4ba945327f7be88906afc8</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>8b4e1b7fdb713f89972354357cd5de0d9b628acb93c84dd37a2c33b38acf3928</SHA-256>
              <SHA-1>5e7ba17bac6396e76a8d8011b37ba63142d94fd9</SHA-1>
              <MD5>8281bd9534500f3a90e7fb76f155fe9e</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>919e1132996e8a51d60845bf856c9b9d0a9524ef20ce80dc07c31e586e74072b</SHA-256>
              <SHA-1>b3dd404ba94e50080ddec58700e8bb2944bb07da</SHA-1>
              <MD5>31f6bda86d794895ff5ba6e4b560e3d0</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>a9ca9792c1bc1a00c4d0a592b755083c5401c4a177d35f541b62e58b88ceb954</SHA-256>
              <SHA-1>773b08511d64200337c1b54c2cec3955b66811ac</SHA-1>
              <MD5>e12cddbe440450f1bb8c112eeafc7b39</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>b3154d4f2156d25e75ea8ca089765d0626312547e349bbb38fe822b7f4f5b47f</SHA-256>
              <SHA-1>dd2332b3dd2cdf41f57b676876dc4f9b1a5ab27e</SHA-1>
              <MD5>e470d0b679b7e97e3e000c11722d52f9</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>c292b3ea91fdff89cced4fa5995a65ec10026940223e218810352bb1f1312254</SHA-256>
              <SHA-1>7cd7e15410398907d337b374c47a3cf9e0e9d132</SHA-1>
              <MD5>8ecfc02baa88f56a4e25065888d84760</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>c2ec615b02b3100a849ec6147e0a09b6e2397b28e9c7f01804f7824a05c4ece1</SHA-256>
              <SHA-1>447fb875f3ad14cffb69458e0b93dd4fcf25c804</SHA-1>
              <MD5>984fca810a57b883e9d6620bd9817a68</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>cbbc36dbf5fabcc56b8f1c1045e1d8d21ce8fee50dc7fd332099232f4583f1d3</SHA-256>
              <SHA-1>3d93c95eda1891b0d4c26b45c79e07d97fb79288</SHA-1>
              <MD5>f53e3cb7118da12bd02314ed30522345</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>cc513202633a69e173de324fe7a9296636218515905ce76a4d3f500005e8f456</SHA-256>
              <SHA-1>a7a646144c4cc492c8297e353ad61f561c24985e</SHA-1>
              <MD5>235a4a2fb00bc2114e10c96668480785</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>d5bcada6349be31023836f1e12ea78df2c7963c10be5b63d39eb24f2db926422</SHA-256>
              <SHA-1>bb1089da6124d4ab49bccb47d986339c01d347af</SHA-1>
              <MD5>86e883b4d81d04849ac23e2cf8b97367</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>de4ab3f14b8317eabc42384bc44ca4ddaf939a7900fa09321776189a9ecf3f53</SHA-256>
              <SHA-1>f55db11f478e7dc5807d00e76249e10cd4b8c46b</SHA-1>
              <MD5>650b5c99ea25a2b173c5a0a6a222e4c8</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>e04bc1d77b9c1415d4d0e3381034bd560c69f4c75be1463b7da8dbf6093ff71a</SHA-256>
              <SHA-1>63eda41bdb55ca397d2efea60d5c2a88c3ce2b01</SHA-1>
              <MD5>91e992e66e33fad40ecdcccc8df242ff</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>e07f26f152b9a13c49d496a9d5c9d9c4a1680e4f1386ff0053b4a0bcb39568e2</SHA-256>
              <SHA-1>318f2a253d6f028e0af9bd8e72f6e28d9aba96f7</SHA-1>
              <MD5>9afb5a64ed059ea473ec882780d80bde</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>e9791fd5d529e5a6eb91372fafd5b4d71dd26763cae39b1bf8fa265e4cff51fe</SHA-256>
              <SHA-1>2fa48e5e12158cd9af24731f4091f63b670c724b</SHA-1>
              <MD5>39621315ef4a7500f2d3573b85aed2d8</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>eb3df4f13c1038b691c831760bdfef36ee9c3aa17860c3801439dc2fcff99f80</SHA-256>
              <SHA-1>aa37f39afe2d7637411d7fa7451a1356b815f5eb</SHA-1>
              <MD5>0b65b89df4e59e176bd5ad6ebaea3345</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/pdf</file_type>
            </value>
            <value>
              <SHA-256>ee6b1759b1ce1e3c9f4741f0c488b50128d284ae5cc6692eac1912f07b2ea4fd</SHA-256>
              <SHA-1>c2926cba7ba0437558f80c214e85007ac6148939</SHA-1>
              <MD5>f76633c0c53cf99ea77fecc9d7167204</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>f2d7dbeb89c0944c36fa3647f6d6482490ea4e022534f86f5b02d9a31d1b8536</SHA-256>
              <SHA-1>34dc65fbc94e85c982200df67a0fe0cf9668614f</SHA-1>
              <MD5>af03d389f0e272abaa1c39e01cffa993</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-ini</file_type>
            </value>
            <value>
              <SHA-256>fd1638d900eb5accf7b2f43207f34d352d1ccdbbb35b4552e9ea7f774cf6d466</SHA-256>
              <SHA-1>1460eab87c8e185fb51036d61f23febaf29d080c</SHA-1>
              <MD5>ef9018d60bd70f7ebd6d87cdd6f1de47</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>7a697bfce403069543ad080503248fcc54cebe29355a89a0381b313a75ca536e</SHA-256>
              <SHA-1>db605735ead7e4ab73f16044a4d4f5f46ad9c649</SHA-1>
              <MD5>7dbdcaed48756bcbcec2d3ac1b331a72</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>2cd77758307f25b1d936fc295bdee69e01d4d8e9d67f4f4be7123b0b51bbda0f</SHA-256>
              <SHA-1>823fa30220ab3a2decd7f18a3e4fc57a46869a68</SHA-1>
              <MD5>9a98a7d31d791cb8b8112dddbdc4b2be</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>Sylenth1_v3.exe</name>
        <report_id>1a194f19-76e6-4c31-8f1b-ec13c659f432</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>xml</value>
          <value>fingerprint</value>
          <value>installer</value>
          <value>reconnaissance</value>
          <value>inno</value>
          <value>borland_delphi</value>
          <value>adaptive-context</value>
          <value>packed</value>
          <value>anti-debug</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>365e6a2883f0c68c890872d8b0aaa82e088d23956d3f63e81a4950528b8d0b13</id>
    <title>Analysis Report for 365e6a2883f0c68c890872d8b0aaa82e088d23956d3f63e81a4950528b8d0b13</title>
    <updated>2026-07-06T21:34:05Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1f660bc678ad76e5ca08</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c1f4b2c562ae7c822ef44</flow_id>
        <hash>365e6a2883f0c68c890872d8b0aaa82e088d23956d3f63e81a4950528b8d0b13</hash>
        <iocs/>
        <name>x365e6a2883f0c68c890872d8b0aaa82e088d23956d3f63e81a4950528b8d0b13.exe</name>
        <report_id>fd12b2a8-bfec-41ed-8285-10bdaf9eb42f</report_id>
        <tags>
          <value>peexe</value>
          <value>anti-vm</value>
          <value>golang</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>28c11e0d0f897cdf0c91c75dbe5f3268fff37ce02608cb2b4eac0cce8c0f1c54</id>
    <title>Analysis Report for 28c11e0d0f897cdf0c91c75dbe5f3268fff37ce02608cb2b4eac0cce8c0f1c54</title>
    <updated>2026-07-06T21:34:00Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1f5574fb2f5922b6c928</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1f479016b0169a623bdb</flow_id>
        <hash>28c11e0d0f897cdf0c91c75dbe5f3268fff37ce02608cb2b4eac0cce8c0f1c54</hash>
        <iocs/>
        <name>x28c11e0d0f897cdf0c91c75dbe5f3268fff37ce02608cb2b4eac0cce8c0f1c54.exe</name>
        <report_id>b74f7098-eb61-4d89-b65c-65bf37f45147</report_id>
        <tags>
          <value>peexe</value>
          <value>bankingtrojan</value>
          <value>golang</value>
          <value>lummastealer</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e2da30af17f4d7fc30fbf1110ce395b40b6247362297bb96d615901a506bbbdf</id>
    <title>Analysis Report for e2da30af17f4d7fc30fbf1110ce395b40b6247362297bb96d615901a506bbbdf</title>
    <updated>2026-07-06T21:33:33Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1f5374fb2f5922b6c926</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c1f2a9016b0169a623ba5</flow_id>
        <hash>e2da30af17f4d7fc30fbf1110ce395b40b6247362297bb96d615901a506bbbdf</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>01e222821906b0967f540360a1a83ab97e40e7780ec0c33894bddc789b14aae3</SHA-256>
              <SHA-1>f379246703d0989f14b34581311e6bed4631886d</SHA-1>
              <MD5>3c38d403307351eb9de68fd048f3222d</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e</SHA-256>
              <SHA-1>bac45b86a9c48fc3756a46809c101570d349737d</SHA-1>
              <MD5>24d3b502e1846356b0263f945ddd5529</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
          </files>
        </iocs>
        <name>vpHalfLifex86.dll</name>
        <report_id>44794ed3-4593-4b5f-8266-96aa17284ff6</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>microsoft_visual_cc</value>
          <value>anti-debug</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>f70dc3354cca5820019e9160f0ab5a4a3dbdb9d19a1edf39c0d2fc00425f4ced</id>
    <title>Analysis Report for f70dc3354cca5820019e9160f0ab5a4a3dbdb9d19a1edf39c0d2fc00425f4ced</title>
    <updated>2026-07-06T21:33:06Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1f8774fb2f5922b6c933</_id>
        <file_type>image/svg+xml</file_type>
        <flow_id>6a4c1f109016b0169a623b6f</flow_id>
        <hash>f70dc3354cca5820019e9160f0ab5a4a3dbdb9d19a1edf39c0d2fc00425f4ced</hash>
        <iocs>
          <urls>
            <value>
              <url>https://static.zohocdn.com/forms/css/formslive.179bc154c933c9b1af0427928230279f.css</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://static.zohocdn.com/forms/css/formsthirdparty.2755260429cd02c98112dac6f4b5b8ce.css</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://static.zohocdn.com/forms/css/themes/classic.54abffd1ed538cf1dc5ebd966664dadf.css</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://static.zohocdn.com/forms/css/themes/media.125a7965f01fa8d3696cce1709b350c4.css</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://static.zohocdn.com/forms/css/themes/media/classicMedia.4ac9c8a1c4ed87fb5f3bbd85a23556ed.css</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://static.zohocdn.com/forms/js/formsthirdpartylivejs.62943a8ee9919d8253e7be70bab3de1c.js</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://static.zohocdn.com/forms/js/formstplivejs.5598e1e583c1d09fc270b76b7bc87fed.js</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://zfrmz.com/BTwdue2WsAefcRLJ7YDb#michelle.esterman@altisource.com</url>
              <origin>JAVASCRIPT_EMULATION</origin>
            </value>
            <value>
              <url>https://zfrmz.com/BTwdue2WsAefcRLJ7YDb#michelle.esterman@altisource.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://zfrmz.com/BTwdue2WsAefcRLJ7YDb#michelle.esterman@altisource.com</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>static.zohocdn.com</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zfrmz.com</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zfrmz.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zfrmz.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>michelle.esterman@altisource.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>michelle.esterman@altisource.com</email>
              <origin>JAVASCRIPT_EMULATION</origin>
            </value>
            <value>
              <email>support@zohoforms.com</email>
              <origin>JAVASCRIPT_EMULATION</origin>
            </value>
            <value>
              <email>yourname@domain.com</email>
              <origin>JAVASCRIPT_EMULATION</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>204.141.43.178</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>185.20.209.147</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>3c941b1be2ea03ac26d080e40c150d64853c628ad2e40d84d0568cf598cdf64c</SHA-256>
              <SHA-1>79e40c0014a5462bd6e8b0c15fa2699cefa45524</SHA-1>
              <MD5>4ac9c8a1c4ed87fb5f3bbd85a23556ed</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>4f257370ca9bd41ccf4b69f224a368dce5b2278ef73ee3edb82e9b8f9a4a2aec</SHA-256>
              <SHA-1>4897e90529cb0a28bedabe768427ee087198b631</SHA-1>
              <MD5>54abffd1ed538cf1dc5ebd966664dadf</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>918241bf99a79fadd91b9f54a464c6c072fc09e9eb73825d25be6b345addede9</SHA-256>
              <SHA-1>663fc75822a83eb8518110fe4205d3bfdb166fe7</SHA-1>
              <MD5>125a7965f01fa8d3696cce1709b350c4</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b2cea84c60142ea60e4a2ce7ffc440387184266d0133f3141e5142ee4c160f8d</SHA-256>
              <SHA-1>c0fdd6ec5e0c9f2b85d42e517c375f07bec5bc2d</SHA-1>
              <MD5>2755260429cd02c98112dac6f4b5b8ce</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>0fa37d2cfc13b0ca5cd1c0fd4d44bafcd4de0427755543762f9124b487dffaa9</SHA-256>
              <SHA-1>5f8c75c4451e8c6312d9a3414d70674c0311f155</SHA-1>
              <MD5>179bc154c933c9b1af0427928230279f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>2e7c15301e12492efc8e8c11c6d0e5c166e0ce477c57fa3e7701e37364d1b470</SHA-256>
              <SHA-1>0408353dc8a14634933f63535ad7eadaff390001</SHA-1>
              <MD5>0e9ab314cadd3c8084f403f27c721e79</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>3bfb149e8bf4a2eff6a5c63ba4774384d554a5eed58656bceda211dc9a340c12</SHA-256>
              <SHA-1>2dfa880bfad0ba24f2bc9c7b86892dd2887e9aa7</SHA-1>
              <MD5>62943a8ee9919d8253e7be70bab3de1c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>e26f12c5c9b90fcacce612148fbbdd171302587188e66ff2511f8d1582d91a6e</SHA-256>
              <SHA-1>44876173255bcad92968aa09d26eb7361bd56369</SHA-1>
              <MD5>5598e1e583c1d09fc270b76b7bc87fed</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </files>
        </iocs>
        <name>Remittance.svg</name>
        <report_id>fc337132-8f7b-4eaa-8be9-c4c60d0e270a</report_id>
        <tags>
          <value>javascript</value>
          <value>svg</value>
          <value>txt</value>
          <value>html</value>
          <value>base64</value>
          <value>obfuscated</value>
          <value>zero-day</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>48278ca951ad5e0da437a8a702ead7870c04d40579a42de10bb99bea3ea3e83c</id>
    <title>Analysis Report for 48278ca951ad5e0da437a8a702ead7870c04d40579a42de10bb99bea3ea3e83c</title>
    <updated>2026-07-06T21:32:53Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1f23ff2e0900e305af35</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1f039016b0169a623b4f</flow_id>
        <hash>48278ca951ad5e0da437a8a702ead7870c04d40579a42de10bb99bea3ea3e83c</hash>
        <iocs>
          <ips>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>8.0.241.7</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>0af5f402d0b26ab544614614985a913bd0a36096daf85af7e29d4acc143ad7b2</SHA-256>
              <SHA-1>2725c61b5bcbb07270522c5c76337fd13ce7d1ec</SHA-1>
              <MD5>498745d88d7d011477735cf2c59d584d</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>0cde8d80e36be5b40ce99c7b298f2627743ea9bdc87c0d907fc3b649f70fdb9a</SHA-256>
              <SHA-1>166e0934969612f94975b4ee0735d7da1c8f4934</SHA-1>
              <MD5>5a1db7f400b037828c4c1d6344693086</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>6c0a7b27025a4aa6a10261c4c329f106f3b536ca1f0c14e65dc9c77d4af260c9</SHA-256>
              <SHA-1>6cb601930b85fc78d12fe6e34ec2ea8fb58f909e</SHA-1>
              <MD5>8d357837642fe2d813fd10abdaac9214</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>6f5947754e197bec8ddf9eb2b5a38fdaf90054d75cf6f975368b7e98e34aecac</SHA-256>
              <SHA-1>63756a9d3113b3e8614f5cc009b7658d66bd6e5f</SHA-1>
              <MD5>79c6aff7ea95a642b814beb95dd8631d</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <SHA-256>8ae9bdf95bd4ab5f92a6cf4515f80d3a0e67affff73eff225bbcc58a13fa4e4a</SHA-256>
              <SHA-1>3a3fe04571a9bfe1a83cce7960c467a9cf4c53f3</SHA-1>
              <MD5>6150a3c8074d7fef84a7ea5c0eddf4c9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>b5fae454eae83931e8508b3c158b122f7100b65d70065e8af2aaeddb639a5c40</SHA-256>
              <SHA-1>f51d2ad16dc79373001160a2b5e7a2f861f60d5c</SHA-1>
              <MD5>0d62df6f0138e145185b2c1c45bf72bc</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f</SHA-256>
              <SHA-1>879dcf690e5bf1941b27cf13c8bcf72f8356c650</SHA-1>
              <MD5>a19a2658ba69030c6ac9d11fd7d7e3c1</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>eacc730ca97157f36075720833867d2d23199a2f0997d22ac521957c70825184</SHA-256>
              <SHA-1>1f121bfaf5bbec99cd174191a0d1e112106c0e56</SHA-1>
              <MD5>3c1fd0e26fd2f7e1ff69e67256eed383</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/plain</file_type>
            </value>
            <value>
              <SHA-256>ed151178bf5c80d0e4bdd58b50efbf53ab54c719e562209a2c7cd66dc091ad86</SHA-256>
              <SHA-1>362c8dc83fac6d7e2b28a491606f6cb0e4fac509</SHA-1>
              <MD5>0970e1c495b1982ceb8849be09d2b139</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>3fe8fa79-5dce-4503-ab23-464ea24babff</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </registry>
        </iocs>
        <name>x48278ca951ad5e0da437a8a702ead7870c04d40579a42de10bb99bea3ea3e83c.exe</name>
        <report_id>9b2abb73-76ab-4556-ac8a-a4541376f31e</report_id>
        <tags>
          <value>peexe</value>
          <value>worm</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>packed</value>
          <value>overlay</value>
          <value>anti-debug</value>
          <value>anti-vm</value>
          <value>microsoft_visual_cc</value>
          <value>xworm</value>
          <value>njrat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>8956ddc923a393763ede6b080bc7fb7e59d694048cd8f3efd3515ec048de6b12</id>
    <title>Analysis Report for 8956ddc923a393763ede6b080bc7fb7e59d694048cd8f3efd3515ec048de6b12</title>
    <updated>2026-07-06T21:32:44Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1f6174fb2f5922b6c92b</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c1efa9016b0169a623b2e</flow_id>
        <hash>8956ddc923a393763ede6b080bc7fb7e59d694048cd8f3efd3515ec048de6b12</hash>
        <iocs>
          <urls>
            <value>
              <url>https://advantage.mandiant.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://asm.advantage.mandiant.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://auth-autopush.proactive-autopush.virustotal.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://auth-dev.proactive-dev.virustotal.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://auth-staging.proactive-staging.virustotal.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://auth.proactive.virustotal.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://identity-proactive.virustotal.com/realms/master/login-actions/authenticate</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=GTM-KFBGZNL</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/ns.html?id=GTM-KFBGZNL</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.gstatic.com/dialogflow-console/fast/df-messenger/prod/v1/df-messenger.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Google+Sans</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/icon?family=Material+Icons</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/googlesans/v69/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/materialicons/v145/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://recaptcha.net/recaptcha/enterprise.js?render=explicit</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://recaptcha.net/recaptcha/enterprise/anchor?ar=1&amp;k=6Ldjgd0kAAAAAITm7ipWF7o7kPL_81SaSfdINiOc&amp;co=aHR0cHM6Ly93d3cudmlydXN0b3RhbC5jb206NDQz&amp;hl=en&amp;v=TnA7HacJFoBWt9hnlunBlYfK&amp;size=invisible&amp;anchor-ms=20000&amp;execute-ms=30000&amp;cb=t3mkgpfivg4p</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.google-analytics.com/g/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.google-analytics.com/g/collect?v=2&amp;tid=G-BLNDV9X2JR&amp;gtm=45je6711h2v9119290270z89133079464za20gzb9133079464zd9133079464&amp;_p=1783373568953&amp;gcd=13l3lPl2l1l1&amp;npa=1&amp;dma_cps=a&amp;dma=1&amp;_eu=AAAAAAAC&amp;are=1&amp;cid=1782508532.1783373569&amp;frm=0&amp;pscdl=noapi&amp;rcb=12&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;_s=1&amp;tag_exp=115938465~115938469~119027224~119576881~119576885~119576891~119576895&amp;sid=1783373569&amp;sct=1&amp;seg=0&amp;dl=https%3A%2F%2Fwww.virustotal.com%2Fgui%2Ffile%2F63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0&amp;dt=VirusTotal&amp;en=page_view&amp;_fv=1&amp;_nsi=1&amp;_ss=1&amp;tfd=434</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.google-analytics.com/analytics.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google-analytics.com/j/collect</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google-analytics.com/j/collect?v=1&amp;_v=j102&amp;aip=1&amp;a=1514959159&amp;t=pageview&amp;_s=1&amp;dl=https%3A%2F%2Fwww.virustotal.com%2Fgui%2Ffile%2F63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0&amp;ul=en-us&amp;dt=VirusTotal&amp;sr=800x600&amp;vp=1920x1080&amp;_u=YADAAEABAAAAACAAI~&amp;jid=975068606&amp;gjid=2124898347&amp;cid=1782508532.1783373569&amp;tid=UA-27433547-2&amp;_gid=658777931.1783373570&amp;_r=1&amp;_slc=1&amp;z=628830922</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-BLNDV9X2JR&amp;cx=c&amp;gtm=4e6711h2</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=GTM-KFBGZNL</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.gstatic.com/dialogflow-console/fast/df-messenger/prod/v1/df-messenger.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.gstatic.com/recaptcha/releases/TnA7HacJFoBWt9hnlunBlYfK/recaptcha__en.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/11571.860d78378b0a1963f5aa.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/13664.024248ffba35c1194555.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/1402accbefdec6a25762.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/14700.a79bdb4f5ac45a034bbe.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/1532.3ec387d012189863a521.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/18027.9af9001702afc1130b2f.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/2121f4aabac6fbe523ec.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/23140.e145398e1f65d71a8226.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/27248.050280beca0d90e26310.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/2949.24824163215faf57579d.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/31645.102d8c592a7bf8a96aee.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/32549.d4421358442b3f1afc4d.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/34518.cca6c814e38f88ceb9ea.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/35834.57e36243a12840bd51e0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/41628.3ace109f1e30616c492a.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/46695.3c499776f2c377ecbd9e.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/47203.1cbe838674ada44b5799.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/48691.7e9180e37597ca48b78b.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/48913.45e9f842537c0286ea58.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/49550.8a428f69438ecbba2f2d.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/53909.c143c1f9ca4326827f13.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/56610.7bc310a11977e2eedfea.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/58571.b17a2eb96612d4c3d603.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/60748.e7bbec75f2ce5d1fba07.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/61569.e236a9593d273152dbd7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/62454.bfae3a6d5faab34dce00.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/64917.18c46d9d508249c12fce.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/65610.3fcf4f6f1d553cf5673f.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/70308.487e485b9ad5b9af706e.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/76078.83ee590c157de6ac114a.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/76232.94c8f174e3edda1e0563.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/7727.01cb2a4345585bff267b.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/80725.72e7096c4e1e37adc292.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/85546.f8039784c76990fd2c20.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/90009.fe359e11286e3998e2bf.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/90305.215e8160761ff10ad9b8.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/91216.7584fcf2163e9960e4f3.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/91804.059caf3f59a39f21fd40.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/9521.0461947dbe7b3ee28b6c.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/96791.fd21a80e15ae5b4fd67a.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/97263.af38294a2cec33f9db37.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/97885.e6113a0d5bf93d93f6c6.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/ee990a93df71bfdfb3b5.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/file/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/icon.types-peexe.6e062c20d1024614e6ee.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/images/favicon.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/images/manifest/icon-192x192.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/main.dd0332e5bced8d0d847a.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/manifest.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/stackdriver-errors.279e1f38f1416237d153.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/static/qrcode.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/vt-ui-shell-extra-deps.34a5ab410bc18f0e5ba3.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/vt-ui-sw-installer.9e2c29138c767606acb1.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/cookie_disclaimer</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/behaviour_mbc_trees</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/behaviour_mitre_trees</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/behaviours?limit=40</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/bundled_files</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/comments?relationships=item%2Cauthor</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/contacted_domains</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/contacted_ips</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/contacted_urls</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/dropped_files</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/dropped_files?limit=10&amp;cursor=eyJsaW1pdCI6IDEwLCAib2Zmc2V0IjogMTB9</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/execution_parents</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/graphs?relationships=owner%2Cviewers%2Ceditors</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/pe_resource_children</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/pe_resource_parents</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/files/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0/votes?relationships=item%2Cvoter</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/intelligence/rules_matching_iocs</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/me?relationships=active_group%2Cparent_group</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/ui/user_notifications</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/file/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0&amp;dt=VirusTotal&amp;en=page_view&amp;_fv=1&amp;_nsi=1&amp;_ss=1&amp;tfd=434</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/file/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0&amp;ul=en-us&amp;dt=VirusTotal&amp;sr=800x600&amp;vp=1920x1080&amp;_u=YADAAEABAAAAACAAI~&amp;jid=975068606&amp;gjid=2124898347&amp;cid=1782508532.1783373569&amp;tid=UA-27433547-2&amp;_gid=658777931.1783373570&amp;_r=1&amp;_slc=1&amp;z=628830922</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.virustotal.com/gui/file/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>advantage.mandiant.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>asm.advantage.mandiant.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>auth-autopush.proactive-autopush.virustotal.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>auth-dev.proactive-dev.virustotal.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>auth-staging.proactive-staging.virustotal.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>auth.proactive.virustotal.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>identity-proactive.virustotal.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>recaptcha.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>region1.google-analytics.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google-analytics.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.virustotal.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>142.251.13.138</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>34.117.43.50</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.127.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>35.244.150.64</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.127.129</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.20.120</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.250.154.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.13.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.20.138</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.20.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.34.36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>34.54.88.138</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>34.49.12.12</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>2ca64efe2860212f37df224b5a678ef0c60391240e01fc7b6e6c2118036de61f</SHA-256>
              <SHA-1>7028874e21fc64bbad0dff081593335ff3a57195</SHA-1>
              <MD5>625ee434ee057121dc83823b6a2794a2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>38e0c358a601c0b732ecee676ae0ee122033f1c0cab89c64d53d7491383aaffa</SHA-256>
              <SHA-1>d70a4d72eb57077d611d0ebc7a9b39427269d52b</SHA-1>
              <MD5>902db6d41a5a44cbe7fc2178fdc510d4</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>bc7987d19ad7ac631a2586188ff9661379ed4738fdc593adc22642d88c76370c</SHA-256>
              <SHA-1>6f1897b7d339351b4e5932f661ccd53aeb8c8cb3</SHA-1>
              <MD5>581343c81bf30857a2b178009250f3f3</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>1508490e2a7f3949d866ce8f032895224c55a02eb24f9ada50c7cb79a4c887c8</SHA-256>
              <SHA-1>54bf6901325ffea201bbe2087f45f728c4cabb90</SHA-1>
              <MD5>503957084b1a48219ecf52a5b81ca4cd</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b574b643f32efbca4670da9ff4f81dff88925d1f4ddcc78139e4cd23da5a5698</SHA-256>
              <SHA-1>5caea6ae21a615cd364bf4b1b1b007dec7e108ec</SHA-1>
              <MD5>0411506dbfde3633526a5942281bff00</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>da047a37a62e099a0926389dc6492a7ff8e0e80ff75a942de9f735e7a3c426e4</SHA-256>
              <SHA-1>8787d929eaa6d8ef85c8c08add2f47c9ae711500</SHA-1>
              <MD5>d02309e46223c55867b5130f77918108</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>c4fea5a7f0e0769c55fcaabedd317f9f19124f9397f77bbb614c5053a9339f91</SHA-256>
              <SHA-1>e599fbf91d67ce3f7ea9844a555081e384e7d73a</SHA-1>
              <MD5>b9949df91ed7e79cc673d2848645e769</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <SHA-256>1d6d3349d1d45cd86a8190d79af5f0a406eab468d256ac52efe4c2b52d5736bd</SHA-256>
              <SHA-1>6b82d47972fa40c520c85b5fb9e1d03bd990354b</SHA-1>
              <MD5>191cd7230b6893b0e52a588a9eff7d8c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>2166e570-8173-4c94-8270-6d559fed63b0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxps://www.virustotal.com/gui/file/63dbca0c3559bf21d051223ba8db2188112625c4b515dc58e0649fd20646aaa0</name>
        <report_id>90e07703-845f-413b-9a6f-374ca0e7bde3</report_id>
        <tags>
          <value>html</value>
          <value>javascript</value>
          <value>obfuscated</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3088c01234ef610f0219c6d7ef01f9b07ec7a2ea3c09ec266418b0eefca57bd2</id>
    <title>Analysis Report for 3088c01234ef610f0219c6d7ef01f9b07ec7a2ea3c09ec266418b0eefca57bd2</title>
    <updated>2026-07-06T21:32:19Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ef7ff2e0900e305af2b</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c1ee29016b0169a623af2</flow_id>
        <hash>3088c01234ef610f0219c6d7ef01f9b07ec7a2ea3c09ec266418b0eefca57bd2</hash>
        <iocs>
          <urls>
            <value>
              <url>https://github.com/andrew-paglinawan/QuicksandFamily.git),</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://scripts.sil.org/OFL</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://scripts.sil.org/OFLThis</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>scripts.sil.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.20.27.136</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>140.82.121.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>be8918559280a2e74748bf8f6238b568ed7cbf75183b2180a6a8a979a1ebf243</SHA-256>
              <SHA-1>655380fb2cca01b0ca707f748fc7dcf006732518</SHA-1>
              <MD5>7cb71b006fcdcf8ade80e31fd5ab8060</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>c070f388cf94deec56df64de5eab16d77f537506ec8495721c949da27a7d7a3f</SHA-256>
              <SHA-1>4af5d4175f7a91865ac60f640c9df381a5642fa4</SHA-1>
              <MD5>da9c3221bf8695459c4c40066e1422cb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>33a7c8f95fb7774b98f3687cc45fd726</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>HorseMenu.dll</name>
        <report_id>3972a511-972d-47e8-bf0f-03d197eb152f</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>pedll</value>
          <value>keylogger</value>
          <value>anti-vm</value>
          <value>anti-debug</value>
          <value>crypto</value>
          <value>explorer</value>
          <value>finger</value>
          <value>fingerprint</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>7112834ce4b693f7bb29af78a9a2f11f9302e783b0947462f9d5e7fff2ba6125</id>
    <title>Analysis Report for 7112834ce4b693f7bb29af78a9a2f11f9302e783b0947462f9d5e7fff2ba6125</title>
    <updated>2026-07-06T21:31:44Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ef474fb2f5922b6c913</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c1ec03abf2760bd72dea1</flow_id>
        <hash>7112834ce4b693f7bb29af78a9a2f11f9302e783b0947462f9d5e7fff2ba6125</hash>
        <iocs>
          <urls>
            <value>
              <url>file:///tmp/tmp513f74zl.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>file:///tmp/tmp513f74zl.html#</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://urldefense.com/v3/__https://www.facebook.com/n/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://urldefense.com/v3/__https://www.facebook.com/n/?events*2Finvite_off_fb*2Fblock_user*2F&amp;invitee_id=1417395200199032&amp;inviter_id=61591341210733&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTbjgjQK8$</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://urldefense.com/v3/__https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://urldefense.com/v3/__https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTQ__xwvg$</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://urldefense.com/v3/__https://www.facebook.com/people/Frances-George/pfbid02g1yHNUqhzThd5RLtWdZb37yt6WTCqS2kC6hccQRX8i89KsSJfbALxQCPZLh1Aj49l/__;!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTX4U-I0O$</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/email/oneclick/unsubscribe?identifier=Afn3IaaKqKGgO1EUg2rRJV9RZox24t0gXaGaW2Qt-zIoajiUZQ-QFknmhN4kfRsuM7PkUmu3SaL--CahC8a5CA6gBNuKRCd5exkgGqavN7ozoMoYn_kvjju5VNFdA0Ji4koeoQlVBWVXCO7c32owaxy15UnwcW_74uOArYXRI1atPxdgNrrwtyvR_WXyryBvcw25zi76CWG6V3F7vSZREPRK-8J8gtG96EMVVZp2C7Xj4Lmj6QDv3sJudHL9iDL9VouRkC7cv5AQ_SxHaPjXDRWYuijRb1EwzxBPALbwxxNbVJdEykM2lOk4BTmcJCrE4OzrBvPNX3tTbdl11MB8giSmqaHIIvcEv9Th3HxM2us</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mailto:b28%25tiolisaragejh%40gmx.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mailto:noreply%40facebookmail.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mailto:notification%40facebookmail.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mailto:tiolisaragejh%40gmx.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>40gmx.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>40gmx.de</url>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <url>https://urldefense.com/v3/__</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/</url>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=declined__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTUejRYdG</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=going__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTb2QAMW</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=maybe__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTbjsr-PG</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTQ__xwvg</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://urldefense.com/v</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://urldefense.com/v3/__</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://urldefense.com/v3/__https</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/email/oneclick/unsubscribe?identifier=Afn3IaaKqKGgO1EUg2rRJV9RZox24t0gXaGaW2Qt-zIoajiUZQ-QFknmhN4kfRsuM7PkUmu3SaL--CahC8a5CA6gBNuKRCd5exkgGqavN7ozoMoYn_kvjju5VNFdA0Ji4koeoQlVBWVXCO7c32owaxy15UnwcW_74uOArYXRI1atPxdgNrrwtyvR_WXyryBvcw25zi76CWG6V3F7vSZREPRK-8J8gtG96EMVVZp2C7Xj4Lmj6QDv3sJudHL9iDL9VouRkC7cv5AQ_SxHaPjXDRWYuijRb1EwzxBPALbwxxNbVJdEykM2lOk4BTmcJCrE4OzrBvPNX3tTbdl11MB8giSmqaHIIvcEv9Th3HxM2us</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?e</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?ev</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_f</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsi</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsin</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_i</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>40gmx.de</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>https://urldefense.com/v3/__</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=declined__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTUejRYdG</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=going__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTb2QAMW</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=maybe__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTbjsr-PG</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTQ__xwvg</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://urldefense.com/v3/__</url>
              <origin>EMAIL_BODY</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=declined__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTUejRYdG</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=going__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTb2QAMW</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0&amp;action=maybe__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTbjsr-PG</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/n/?events_invite_off_fb*2Fsingle_invite*2F1417395200199032*2F&amp;sig=KyitL7ICWkTRq9_rMzPSDxp8RjrYvF9fMTtj5XiE59A&amp;nid=nid&amp;surface=email&amp;mibextid&amp;aref=1782841786157359&amp;medium=email&amp;mid=HMTc4Mjg0MDU1MTU4OTQ2OTpiMjgldGlvbGlzYXJhZ2VqaEBnbXguZGU6OTI3&amp;n_m=b28*25tiolisaragejh*40gmx.de&amp;n_sg=Q6bPBAK6hgNuzeUfocWe1GQTO3KQ9Ch8KnltqL1DDFm1cJ-pFw&amp;rms=v2&amp;irms=1&amp;lfes=0__;JSUlJSU!!AaG5Gbqq9twG!SGmuAujKeUkQjwpHXOCpJG3E8gThasE0YjuC89w3hPJwG46jA_RyBMDBjn7_6GEQG-patrKaCarI4rdIA-mQrj2WUzwRC1GPTQ__xwvg</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>40gmx.de</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>facebook.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>urldefense.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>facebook.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>urldefense.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>urldefense.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>facebook.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>urldefense.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>facebook.com</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>urldefense.com</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>tiolisaragejh@gmx.de</email>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <email>tiolisaragejh@gmx.de</email>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <email>59c64281-0300-4862-abc0-72fafe8505c8@facebookmail.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>isaragejh@gmx.de</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>noreply@facebookmail.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>notification@facebookmail.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>ragejh@gmx.de</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>tiolisaragejh@gmx.de</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>webmaster@teachersfcu.org</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>tiolisaragejh@gmx.de</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>52.204.90.22</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>163.70.128.35</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>10.167.244.104</ip>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>15.21.159.19</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>15.21.181.6</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>15.21.202.3</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>17.12.100.49</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>205.220.181.224</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>212.227.15.151</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>212.227.17.21</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>69.171.232.143</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>bb76baa22b9ceb7a0dbc4610afd8517120a2069b2b99cdeacb44d89aef23ec06</SHA-256>
              <SHA-1>def0dde83f3f558aff9abfc06b3e0098a77fd861</SHA-1>
              <MD5>4f831ee704624a2b0905cda097ae263d</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/x-ini</file_type>
            </value>
            <value>
              <SHA-256>59c1897141b1f4d49e0586ccd7bcac3b639688b9eec16daaeb50474cc051d47c</SHA-256>
              <SHA-1>07901cf6940458d62adb27ce6dfe5dda86cf868b</SHA-1>
              <MD5>10d4c9a55c664e6f9dd580f8745d6e94</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>6ce7b492e1fe42dcd069074764c43efd744b4166dfa877d10c0f22d37f9aeaf8</SHA-256>
              <SHA-1>b61c50b20225977d019058ff4a5065392d6ab34b</SHA-1>
              <MD5>eaaa6d70eb4562a8844bcf265f77c3d0</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>75c6f7a7b4e61d59b5b7a686b2d29e8e4f94b838f979b7eca7788115d477763d</SHA-256>
              <SHA-1>14df70dc83b3c37877cbf3384f48fbb901170f01</SHA-1>
              <MD5>6de797871955f1f97236a89d83ae30ec</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e951f8300061684bc50f52e00bec0216c588b2bfb06dc0f2cf3d46a26ea88a32</SHA-256>
              <SHA-1>6bf3bf664a023ed2f023906c197eeac10323fd72</SHA-1>
              <MD5>f338b4083b8d749057df5943db122ad8</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>cd1ad1707a1a18b6a9001af7fb126cd5840178bf97c1933dc179a05e212532a9</SHA-256>
              <SHA-1>cdb911caf946957b387768194d9e3cf416b75d0b</SHA-1>
              <MD5>9113118ed5eb154501ad847872d82fcb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>417bb64702c4126fa11164d5812f3716df0e6a1d800fd6b95cb7f9f3717b51b7</SHA-256>
              <SHA-1>04a6b92dc86fe3a73190aba06ecaf131d4168206</SHA-1>
              <MD5>8fc5b0a59cf1a0d432179530b0d7d60e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>f6c9f8f31f6dbd8b55bac99ae546ac084af3fcaa337bdd1426e948f7d08a5d49</SHA-256>
              <SHA-1>9ff139c56a224c89967da2aef39b61ce295cbf42</SHA-1>
              <MD5>4435c088071c897d1c819c2cea0d1377</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>59c64281-0300-4862-abc0-72fafe8505c8</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>9e63742d-1c41-47a8-8515-cb3e0789a84d</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>f52244a1-783c-4d53-1a7a-08ded6d17688</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <btc_wallets>
            <value>
              <btc_wallet>x78ef:$btc: 3DQ6bPBAK6hgNuzeUfocWe1GQ</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>Potential Phish.eml</name>
        <report_id>aee24b8d-e6d3-4258-aa5e-99a04029967b</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>html</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a9c3b4f8bceca86712e01504d67382dee433277e3bd891b383eb42791956e506</id>
    <title>Analysis Report for a9c3b4f8bceca86712e01504d67382dee433277e3bd891b383eb42791956e506</title>
    <updated>2026-07-06T21:31:39Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ef2e094c2d9580615c1</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1eb93abf2760bd72de93</flow_id>
        <hash>a9c3b4f8bceca86712e01504d67382dee433277e3bd891b383eb42791956e506</hash>
        <iocs>
          <urls>
            <value>
              <url>http://www.dywt.com.cn</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>http://www.dywt.com.cn</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>dywt.com.cn</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>dywt.com.cn</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>appro@openssl.org</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>58.220.33.218</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>5.2.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>58.220.33.218</ip>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>717434e636786d3d0fb3f571f6109660</MD5>
              <SHA-1>2ed8ddea1a94e39f624dd752c1843648e5ad2aa6</SHA-1>
              <SHA-256>06db3222f267c74b72573a349de6a24bcfbb4bba9656d3dd6b50f4f64326e156</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>d7695115e7bac1d15222e0175a65b708</MD5>
              <SHA-1>5fd3d7d64f408b24fa608bc69f25c530a0548f7a</SHA-1>
              <SHA-256>0bd99b232e9948e04a8b4f7d1e749b489a9bbcb44c8480679cd8f044ce5fbdd0</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>183d8a3baf701df4e91536b7c0fb6708</MD5>
              <SHA-1>cea4c1e3ced978a45d2c9f9ee824826255e933af</SHA-1>
              <SHA-256>14aefadf556412e384eed999d54d1570293c0339939ee94b9deb2e8a2c5eb2a3</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>94064de55e6dae8fc14dc6770ada3c49</MD5>
              <SHA-1>47c44081e0b706dbec63a736538c72d43c498253</SHA-1>
              <SHA-256>1c42f53f38e2be5707aaaf5fd9f4751406142b012e2341b94da9362882c9c65d</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>51a205fe41fd67de0f8c28fe76a1c056</MD5>
              <SHA-1>4772bced59b1d818fc1a0549ae161ce9a94832cb</SHA-1>
              <SHA-256>1dd7412ea4e2e68a788248153e8e01b7d85ed0eaf271de6a6e7ba213fdb2e609</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>ece3494890b3cee5ca6f0b15fac7a02f</MD5>
              <SHA-1>a1eb4525e2431bddefadf27a41fc55ce3c8cf612</SHA-1>
              <SHA-256>1eace13e2a54b2355a547fa2338b98cace255bd9eb1570f48a2f9b14efbc5c65</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>500c8bf60469d605663fdef92b2c986e</MD5>
              <SHA-1>f5d85975e97cb021069250e19ba3a2418632376f</SHA-1>
              <SHA-256>23293319f404051db0d58c45b20757e962ee821effb0d41ed71dcd8175f88b63</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>14a8d213994c484121f0f0d63746601d</MD5>
              <SHA-1>3ad42569021b69060eb157875531fa0310b48e86</SHA-1>
              <SHA-256>2d2aea139c8f41675322a459ce75295ac168eb0e925ed5a75c0981b3693069aa</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>4251333f6352c21a7a3b02f721b54cde</MD5>
              <SHA-1>099640cc28243fed3a8356bbe1a6c613f5b72c9a</SHA-1>
              <SHA-256>2ee9724bce706e3de6d52a1ad0d9838e1e90bcbc50a7025853f303c913053511</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>b5e0dac4bcfa0ddb246e9b3308f5587f</MD5>
              <SHA-1>968fae8b0fe7794d15a60f40f4c69045d12c1894</SHA-1>
              <SHA-256>31bd6e016282edd27fedc9dff210486dea81e78c66f6f9f1b3fd839f41608a5c</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>039076f7fd5f5fdc8ba1364ce9a1fd64</MD5>
              <SHA-1>1d6ef2cc50a77585f2f9c2b7014b3ca67dccd88e</SHA-1>
              <SHA-256>35c764272e688195eefd421b169776f1e87f3f924c1a66c7e2b2682f22835c2f</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <MD5>758f6db8cc33328697552b7fbacbaa7c</MD5>
              <SHA-1>c9c4926be4ba2ada8985fd5b9fbbfec15ffc0912</SHA-1>
              <SHA-256>38fcfed63365448c8399c8268c1814a27ce55b0026c33a8e1e18d7b6a2c33968</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>cf84168a17fde45a77563bf301c7e4c1</MD5>
              <SHA-1>f4510d423d1295249be23b46d043641ce29f9f90</SHA-1>
              <SHA-256>44e6301acc159a5e95e46fa5bcd3c45d9d2a8c72cb41937be42297a60f65806a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>983c1066b8da83907ccb829dc9c725e6</MD5>
              <SHA-1>e5e00901ed07ee44b324ec54a39dbc7f998d1872</SHA-1>
              <SHA-256>4b345f7ee4c62582d946797d37a7dd8498af15f4afda496999d1ac54c108714a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>text/x-csrc</file_type>
            </value>
            <value>
              <MD5>c65e4e7627c11195b31545f8e3164ba7</MD5>
              <SHA-1>0feddb751ac2aad549520f464776436835a42d42</SHA-1>
              <SHA-256>4eef9597d5719de21537d7f14e95e9ff946fb9333686e528e68f518ab91803eb</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>f3c8f8a03b20276e1639e954f54900de</MD5>
              <SHA-1>8613bc00df897beaac7f6dc9b6163d3f1632792e</SHA-1>
              <SHA-256>514c2906aeee533f585972c46187427a1e52aa9941e4fbd9f11944756faf9542</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>8ef7201191780e973dce0102f6fefb81</MD5>
              <SHA-1>44e9bcc350bcf5171f4c67ec6eb6b9aceb3a929f</SHA-1>
              <SHA-256>5b307e70dd01cb65696f2c5186909178df8661624905ca84ee1253a03331970a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>f81ecaca4db901fd70858265fe46e226</MD5>
              <SHA-1>6a96a5189b31682c9537583934510938e181ee7d</SHA-1>
              <SHA-256>5b74f5f96e790889ab95b41a0a6c115441e28096bea721d861dd4f99daa863e5</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>6db8e8e4fda116ee803a922b586110be</MD5>
              <SHA-1>8ae85e71bbfdeb3dae354880a3ef32dbfe45cf76</SHA-1>
              <SHA-256>627600d7167cc133d70f9cfcce3b9638145e8ffceb28d1711ca1ed13ecbc6b62</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>c6d46ff8789173bcbc09ded239d367cf</MD5>
              <SHA-1>c1dcf27f5385ea95dab154d3a25d6e3e54ca5bdf</SHA-1>
              <SHA-256>64fe3e38310a20e9e542a7ffc2f773bb9984c9089cbcf11cffe51291f6cc0c60</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <MD5>4352d88a78aa39750bf70cd6f27bcaa5</MD5>
              <SHA-1>3c585604e87f855973731fea83e21fab9392d2fc</SHA-1>
              <SHA-256>67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>d083aed9031c1a8516694f6f3a3935c4</MD5>
              <SHA-1>87324ec2f020b2cbef4aa0fb5f8e8e3a1b0b6b65</SHA-1>
              <SHA-256>67f2fd2ba60b46e11c78b767c021945bd2e6551bea2511cb48dac98f504b67cc</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>934ab0dfc39a3fed5e82bfdcc52b2d55</MD5>
              <SHA-1>d4e773cde498484538d79e86a2f5b5dce9336444</SHA-1>
              <SHA-256>6aa42178ccb20565b75e564c55d12f1da26ff19677721c13838098d9acf8f68c</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>7a9605cb416b1a091d889b9d9f37ec66</MD5>
              <SHA-1>866c01641d672b6cd69901c1e055f174f47b35bb</SHA-1>
              <SHA-256>6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>01f131e3dcf03bf3df5896de6ec649f3</MD5>
              <SHA-1>edea71955b72c0e020f584526081e6ade2188734</SHA-1>
              <SHA-256>7656af787999e6ec2fba323898784a1e8b0c49a6fc5613d53cc796ccdec68943</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>0174b80aba6359d1011cd22b880f1a72</MD5>
              <SHA-1>9be77da1b2e1d6f4c0c77630334cf0f2a5a17ce6</SHA-1>
              <SHA-256>7791d56b6792eb1836f2e46ea02d208ffb1343ae922d6c696ad04de2e2c09441</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>45b111fc42b5f62f59c321c76f937f49</MD5>
              <SHA-1>5121974c04a8033a400a364b401d004cee928c9b</SHA-1>
              <SHA-256>88cf051cafeef52b50c96d4d625588cadd299a373226c6183a4d434830333d82</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>d4ff4e9e724f25f5265a3b0cd07d03d4</MD5>
              <SHA-1>9777e4e59ce089e4c8727910586b325f1cbfe12d</SHA-1>
              <SHA-256>8c5a126b0e59e2927158fe5008c375aeef5396adb797c682e07578d13c283a3f</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>29df338603f114c03c5ecd399b916202</MD5>
              <SHA-1>070a02f2d753258b07f7abb6df0d7d22f3e5e27c</SHA-1>
              <SHA-256>8e6527f3ee50b04201d3372957a4e2b2915f0535317645541c68b508bf188733</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>2e79e5997187b51f6c0e82797408a162</MD5>
              <SHA-1>a6d8c9815e1cf864e09e224aec1079c530ee82fa</SHA-1>
              <SHA-256>8e8e9399d32759d47101606eba16c69f6ffb608605e8c025a05d418a32d84ba3</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>21d8765dd3e60b0c8a2504441785c181</MD5>
              <SHA-1>0bd152ea8976db6b5610eaa7ce7f8da0215dbff4</SHA-1>
              <SHA-256>8ecb5dc48d02f5cec71fc4772027d7f96e53534c42019132bd6a3f84022c05a5</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>97f6acbd9fba8933adafe9cef8193ff7</MD5>
              <SHA-1>3fcce71b59dd9806e573170748858cc02c00c260</SHA-1>
              <SHA-256>91baaad720c63aaff01b902deda14e2c8b355c31159b71c481dc6fb67bcbb4cf</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.zbrush.pcx</file_type>
            </value>
            <value>
              <MD5>6377db16f6b8e8117b06dfa94bdbec23</MD5>
              <SHA-1>d166c073bbf35b4b7ba416c7c7975eb4c6189097</SHA-1>
              <SHA-256>9d06ddd8bfcec1f6fc1696f5a09ee44951f2759455ec9e14d2fb8dca391164a8</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>b07c11b7e7734db14f8c6b15b23cf7e1</MD5>
              <SHA-1>02001528e47ad80cccce2950f84a4d6ce97f8ff7</SHA-1>
              <SHA-256>a093d723b9f19ec687d1e29e74e9560d4fa8a3966a0da7faf6e5074b165a67f6</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>42cf62b780813706e75fb9f2b2e8c258</MD5>
              <SHA-1>a022d5c1cfdd8aace0089f3e72f2eedd41bda464</SHA-1>
              <SHA-256>a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>fb55545befb26a3e25f3de0c8e77eaed</MD5>
              <SHA-1>5c95fc0f6ba160b113561a393c326d4e1f0ff414</SHA-1>
              <SHA-256>a26e0152eefbfdc46a756c807dc9deb30a7505a2ee1b780ee1d0f153501979a8</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <MD5>a6d0c950d4c99c5082ac5c79dd269b48</MD5>
              <SHA-1>eba0db9aba90acfd9454d65241dc9ec6a5c1985d</SHA-1>
              <SHA-256>a4561d969a46548855b59f1c52df4bcae7b3027be099e8cbcbd982ca79b58554</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>b3bad69116a95a2dbd41c21b952d1284</MD5>
              <SHA-1>5dd66dc4dcbb7d9c1c98ff39fc034c098ced7913</SHA-1>
              <SHA-256>ab9463f44814797b8ab01397e2b173baba25ef7538d0a41a20db1cdf3fff13b6</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>e1f984a0a74e9c68e261a5001bc40268</MD5>
              <SHA-1>a45acbe3d0878a2540718f2f9b8ec3229feb546f</SHA-1>
              <SHA-256>b0a0d633fc4421e0c368b1b1e9a7fff26e1b66cd967518a051ccf4f1edee007d</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>d59e0d372ea5fd8c1f4de744376a6af4</MD5>
              <SHA-1>6883ce60e71a83424db0b41d0ab6bf61080e3de2</SHA-1>
              <SHA-256>b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>90bcb29dc0fbf4cd830b234b5d777846</MD5>
              <SHA-1>04ea57a6f7c20060860c1732e50d35b4d1937766</SHA-1>
              <SHA-256>b2bb8bc098b457615d64a22fca0ea489abf47f40f8509a9e2c0037811f13fac2</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>3bb0590fc26dbf7f50e8d8fd67fb1ca6</MD5>
              <SHA-1>da53758d85448c6fd6720707db59e046d9c4e6c7</SHA-1>
              <SHA-256>b456bb829af1c7dbef43831b9cce822f21e91f21b7d144d9a70c3e0103f48978</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>04baafb1cb412eb582f4efeb62f9d253</MD5>
              <SHA-1>b9c642c5e7d067553012761b3f8347bfd84b0a23</SHA-1>
              <SHA-256>b54b26d3012d075025490b7fbe82ab78a8f224bfec327ab6729c1006fe96ee52</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>f7689df1f1046fd3a9329c2bed028a7a</MD5>
              <SHA-1>5c81380f4db520c34783768d528a1223ccc10298</SHA-1>
              <SHA-256>bfd6b9443d835d48f4872879c901fd73a9cb1dcd85ceb44ab769410cf282b756</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>9825b3c5165bba6225285074f748971f</MD5>
              <SHA-1>c77ccdda5fb6abdca5d2862217623d8479420ceb</SHA-1>
              <SHA-256>c0a15517e93daf029c52daa519290d0e060cc0fc0db5657f3631abefbb9456a0</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>f6a5e5bb7f579105a983bd290d286e27</MD5>
              <SHA-1>5d6dba2f800389533e476918343fe6a947e3cf2d</SHA-1>
              <SHA-256>c4f0133cb85c18a5ebb3e1b186a17297238e1c13865ca7658eb47f6719b709fc</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>b5845fd2b048c4320bafa4e4ea831079</MD5>
              <SHA-1>1cf6e45e26771344b16675a94ab1513cd76744cf</SHA-1>
              <SHA-256>c50a0df683c35b0b025235bca74b4baf4de520351b8e4b1548a34c7f7c0796db</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>0cb42696bae18798cb7086367e1c8648</MD5>
              <SHA-1>c8c1ea6ee6ae4285986c9ef7e3df213a32d76150</SHA-1>
              <SHA-256>c70bbabb35024b71265ad0cbc6b6553146b8417e6469c7031b292f87ac7f027c</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>0c1749046cef6c71cd2048451440f604</MD5>
              <SHA-1>2fee46824700f0087b77159744d549ce67fbaaf8</SHA-1>
              <SHA-256>c933572767c2dfa7246f9ffc3cf6a80e0a6acf7996ebee63b0618b4a7a6becb6</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>25ec83e762b87f7a2de5ce8ae069b8a1</MD5>
              <SHA-1>39045aa515e95fe3b0b141c9a1885d5e4239788f</SHA-1>
              <SHA-256>c9a42bba806842cf45fc99fcf9e2e9ce482f1406888e7ff5182aa3cd522b1bb5</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>58c683338c4b0455dd7bc65268c4260e</MD5>
              <SHA-1>5bdf028877958eb6ec877ccd9b2fc1386417262d</SHA-1>
              <SHA-256>ca929db222f2124d2e3aefe7e2cd1b1b55834da7fba299414617ff04005db304</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>bd2091f56bd28fbbab47b8a2127a4488</MD5>
              <SHA-1>3405f4c2b0c1d6fc06aa52c87d0db4a8d4cddc3a</SHA-1>
              <SHA-256>ce9f844f33f2d36cac627ea057a0ba54b3674eb8f4a710c2f0d65db16c71d0af</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>2d7d63a5f4ea9b39b8a6d9d830d371d1</MD5>
              <SHA-1>d64f9d04af611554f939a7394d60b81f6803f034</SHA-1>
              <SHA-256>d0e555c813ec98c6475785f46dc5823c88b71e60b7043b27e3e9c41a7eb855f2</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>10b6640d3859662b3f80b6e5eb5e77ce</MD5>
              <SHA-1>e6ce190126cea61a5dadb831cf89de3d4ec4325a</SHA-1>
              <SHA-256>d7a3ba5860f27c3cb90ae8fc5c370365f0b14d4d87fa3559e6dfc80082509930</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>6d3c30e34cb4df457f6927a8fe44a18d</MD5>
              <SHA-1>a0b9685a0caf365cbe4071164b0814d798093363</SHA-1>
              <SHA-256>dce66f3f25b1f0044281a4298d7516c0eb83edeef028a90b60ede1d3dadbad4d</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>f1d3ff8443297732862df21dc4e57262</MD5>
              <SHA-1>9069ca78e7450a285173431b3e52c5c25299e473</SHA-1>
              <SHA-256>df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>0f52e1f2bdc23fd1c08b0f04ecb4ef21</MD5>
              <SHA-1>064291365c5a89dd8955ef921f7cfb10c7a95e80</SHA-1>
              <SHA-256>e14a68922a609d5f34893f2ca7dda45224ac5c118629583d96e22d3532383154</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>f76ef3c29067dd16696f5af25cf5f225</MD5>
              <SHA-1>828fe6991baf5f768e66940ae2330c5c03dfa2c3</SHA-1>
              <SHA-256>e6d2f10977e4cb2f12b1aed5efdb9d1432ac180b874119a85b7b0e7da4b4b8af</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>b1feab05237beb3558dc3da814a3af98</MD5>
              <SHA-1>21cf68edd62bd20434948dc1afe8edad0e90f737</SHA-1>
              <SHA-256>eaf94684ccce3349c11cbc32ba6e31aac91727b454d72d17611d3c1f8ceda3c0</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>a17f3cbe92860f2e53febbe2a0e28282</MD5>
              <SHA-1>6f4ac372269b81bf959278441417e35f93d512a5</SHA-1>
              <SHA-256>ed925f9e8435bd13944040e3066e82dcc10150c75da39dade20bd2780315047f</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <MD5>1893574879e4e92b1110279f90b0f7ac</MD5>
              <SHA-1>f574ee23890c3caf65e30878a1d4e6166194e4bd</SHA-1>
              <SHA-256>f2edcc734b129b900853c3c61c66641aa262047ce45c99c28f8305528cb9d285</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>3ed96d1879af296c08aef6fa411ee00a</MD5>
              <SHA-1>553018460de325afc6f5e9ef0d34c777dc772876</SHA-1>
              <SHA-256>f44029983a06815fd53d1bf057250cb695e0afea413aecd1066b909f9cde3f68</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>86700593a9c322f6e9c33077d4081446</MD5>
              <SHA-1>cf4c00ffe79cb1830d58d8fdd606176e186fbc95</SHA-1>
              <SHA-256>f8f074bdaf02ffdf366b1c9a0f62e0c2adb41407937c938bb40ff20082e3607f</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>85874c0d5d5fd1bfdcf390fc0b94e3de</MD5>
              <SHA-1>17f362f9ac852b58f3e1131cee261c008dcd8e1d</SHA-1>
              <SHA-256>6f742ff7a04e3d766a2a344fceec27bbdea5d6fb1e44f46b6f2315748075e030</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <registry>
            <value>
              <registry>software\microsoft\windows\CurrentVersion\Run\spron</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </registry>
          <eth_wallets>
            <value>
              <eth_wallet>0x4b001c:$eth: a\x001\x00c\x002\x003\x006\x000\x00c\x005\x00b\x000\x002\x00a\x006\x00d\x004\x00d\x006\x00a\x00b\x003\x003\x007\x009\x006\x00a\x00d\x008\x00a\x002\x006\x008\x00a\x006\x001\x002\x008\x002\x002\x006\x00</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x7a7c9c:$eth: a\x001\x00c\x002\x003\x006\x000\x00c\x005\x00b\x000\x002\x00a\x006\x00d\x004\x00d\x006\x00a\x00b\x003\x003\x007\x009\x006\x00a\x00d\x008\x00a\x002\x006\x008\x00a\x006\x001\x002\x008\x002\x002\x006\x00</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </eth_wallets>
        </iocs>
        <name>a9c3b4f8bceca86712e01504d67382dee433277e3bd891b383eb42791956e506.exe</name>
        <report_id>4ecf0916-747c-44a5-9853-10ec0632177a</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>xml</value>
          <value>flystudio</value>
          <value>packed</value>
          <value>evasive</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>overlay</value>
          <value>keylogger</value>
          <value>lolbin</value>
          <value>rundll32</value>
          <value>reconnaissance</value>
          <value>fingerprint</value>
          <value>expand</value>
          <value>crypto</value>
          <value>microsoft_visual_cc</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>fe15926491afa92333b97fb2e8638739c35e1414522588e70356ea07554fc922</id>
    <title>Analysis Report for fe15926491afa92333b97fb2e8638739c35e1414522588e70356ea07554fc922</title>
    <updated>2026-07-06T21:31:11Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ebf74fb2f5922b6c908</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1e9d9016b0169a623a7c</flow_id>
        <hash>fe15926491afa92333b97fb2e8638739c35e1414522588e70356ea07554fc922</hash>
        <iocs>
          <urls>
            <value>
              <url>https://aka.ms/GlobalizationInvariantMode</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://aka.ms/dotnet-warnings</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://aka.ms/nativeaot-compatibility</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://github.com/EZIKALEXANDR/NoMatter</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>aka.ms</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>BSystem.Collections.Concurrent.dll@System.ComponentModel.Primitives</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>Y@System.GC.HeapAffinitizeRanges</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>140.82.121.4</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>95.100.102.9</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>00afe64ce6315f0e2f47894d416b5d85ae89bbabb1cff140841bcae9c678f7ad</SHA-256>
              <SHA-1>0df58f1533562dcf12de2e1053e714542baf7c83</SHA-1>
              <MD5>4791dd36ac53058933088925f91f8995</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>1c5aa4e05ac4a2ba7c11ce33700b06406349946d79394a6765dea2465c966653</SHA-256>
              <SHA-1>14ef588efd79620d31bc4261953db1cfdb4e6016</SHA-1>
              <MD5>0ffcb73fbda291095d0dfde144385dab</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>1ed0d5666cdbd3b5790a3f52d2e80a36990a5d7d90c8a2c1bf9d8cc49948e606</SHA-256>
              <SHA-1>4f738e5de27ab9c441e80c261bf0ddff41977276</SHA-1>
              <MD5>fb7b381b37d1426eb0be2de2f9676b11</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>245d4d899afb4e9d80964cf22d987fb9bf9d3fdd3bbde3d80a20a4631541ff4d</SHA-256>
              <SHA-1>cc99cc052e8a7b9a00c0637ac8a7e5373ed16104</SHA-1>
              <MD5>9b904735417fd037509641bfb20e8545</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>3822ad3016dc5765003a264ba39531d398fca1e1932e7832d281beed42fef626</SHA-256>
              <SHA-1>940e9ed0b1628d16caa2315de05067aa2fb0b74b</SHA-1>
              <MD5>8e79d1988afe464555fc229999837f1a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>4b700c37e6565a0496577200ac9b93a86f99d5e15a865da836cc38f03a6b83d1</SHA-256>
              <SHA-1>1af322df47b0a2d52558377853e431fdfb4ffd81</SHA-1>
              <MD5>dcd04ae3aa012517b09b44322d7262c2</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>599b19433852fb1f735d373c964bd1008a61b7ac0dde17bd3deeed3ad8c7e1a2</SHA-256>
              <SHA-1>553b10a7f9f0764af74079b294a7ea3d68267b99</SHA-1>
              <MD5>2657d5dac46d54e23c5410f52c16dd7b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>5d4fca6a7dd1c21bc68fbeb1ed723634784da77ce98ea50b64433179ffb02225</SHA-256>
              <SHA-1>4a872961c35db4ef2dfc1f32a8079517d1b6d048</SHA-1>
              <MD5>a87c549a89db2a099d5d9b9a92b1ae07</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>60b5c3d56192bbe3b6ebfd7c9bc99610e0575948922e854cebe719ea3b45abea</SHA-256>
              <SHA-1>9b59e907727505cda158f89d9f239c773687740a</SHA-1>
              <MD5>4b413975cd474aa7d4a993c1379a8f9a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>6baf283499c4a4f448b20318ee3b16ffd03995b5984192cec6677dc6fa2fdbca</SHA-256>
              <SHA-1>5ba571b7931282e86d4840bf70222a062f5e9bde</SHA-1>
              <MD5>98a58c5cc4e04ddb12ef8cf79a301d05</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>89efaddc8d99e6034aaaba195467fded90edcec43302a406c35c03ab7071723b</SHA-256>
              <SHA-1>9cc12ca94364d69c123072c88add9c5e141291f7</SHA-1>
              <MD5>31f35f846c019a0f82209dd454208c12</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>8d3724d9e50f0687175ae2f68a1b98b57e0a8989137372825d371509a65d1da2</SHA-256>
              <SHA-1>95bbc4c5860fd1bcad463853532181f9b8c1e231</SHA-1>
              <MD5>a3875776d7e1cf35aa7e58480605447f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>8e2367cb25fb8c9380bac523d87d5e45a80a2ab6307f0641194fabbfe23cd8ab</SHA-256>
              <SHA-1>902f7181e43bea8083b0f6f02c0f0fdd3338ee2e</SHA-1>
              <MD5>d4483073c918a708fc6f2494187e2f2b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>b60cd9fae0a4f6e9d305a8ff48ee7286ff19effe98b4a6ca34730d67aa013049</SHA-256>
              <SHA-1>9a7fbf3869eccb36728ff812d93b290225998345</SHA-1>
              <MD5>de5807ee708f88248d7f284c6b00223e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>b75bad42e55951d2be27f33cca339165b2ae17d1b0e74451bc8633177f767bc1</SHA-256>
              <SHA-1>8b81cd82e0e92cf885abec6885dec10cb324a2e7</SHA-1>
              <MD5>88aebc2353dfc82adf86e4e9e2499e83</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>caac8a99c9a1b2b5ac934573c9d60fd4d4da13e02b73892efa90f69e6e659c04</SHA-256>
              <SHA-1>61f095ac3f9f0fd89d42958d3ac4ab4a2c9e967d</SHA-1>
              <MD5>dfe8e4aabb2049c1fe1328239a4053fe</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>e561455d7b93d22bdac707e925cd5618d717487440f2e07315b2d3563a4cf9d4</SHA-256>
              <SHA-1>76bbb82657ea3277e95fb78b75feb93c92483a94</SHA-1>
              <MD5>d68b8533325079311b329d40d41ba577</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>f1d9b92bb7d5ffc4be090b44498313d037b7814e395653355363b0f6bfe29112</SHA-256>
              <SHA-1>e1d2db7606cd8b1b9638fa66d1ae0f0f223c84f8</SHA-1>
              <MD5>9178b5feb308808972443125cdcecce0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>f58fbb8795ec333509ae5a0f2fbf6fbc5f5866b074fb4a8deff7de3d57ccdb20</SHA-256>
              <SHA-1>d70fdfd1f31a769f7db8b4e3bde47f250fffe105</SHA-1>
              <MD5>f3468180284dc052e95614e0d16db9d2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>10267201029d05e9fa7c64e3ee1d19e39d35d7cc7f39ef9c34f7b4be37122974</SHA-256>
              <SHA-1>863cd7cad168bb9748b47259ea9d35c6ae81ac9e</SHA-1>
              <MD5>68d432dc47a22f7b71d94629fde4d48d</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>612a7d52c1dec77d65ed88f182c7af463ac7e77b19a1ad1c16b221b16b320584</SHA-256>
              <SHA-1>7a144561da2b1372f83e9d452a474f1d3f48e556</SHA-1>
              <MD5>8aa9efc39ee39d896fdd64005dab69ed</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>1dbe5ee3a1faa0a9136fe33df9fcb38c1c62a877acfc4c84a589582a95d05a6e</SHA-256>
              <SHA-1>bae2930b74a9f7f6ccef39e232877fc72683a516</SHA-1>
              <MD5>6b246384a0833397873ce3589cc01990</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>02fc6cd67a893ca272775b413761abf381626ddae8c2ef397623cfddea881e41</SHA-256>
              <SHA-1>e4c0febb966a731724f241afd52e8a4552b83a28</SHA-1>
              <MD5>6719a3a15c3aade95afb8b43d840f47b</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>41d24beaaa95230d7b9a6c8eedfb81145b5f087b384c736e2e2cfd07f47c6931</SHA-256>
              <SHA-1>e9e8eff5c56a121a0226c832918a900d010c67c5</SHA-1>
              <MD5>31d876c651473562b7afac6f2161f465</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>c7bece84bc392fb465d7be37d3f9fa50c0109c7ae7e6fe43ee1174d8fd26d823</SHA-256>
              <SHA-1>5244dbf84a57dbea729f11bcfd438d75a6f503af</SHA-1>
              <MD5>51270bf7ee87bca49bafd68f2f3c7ff5</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>496B0ABE-CDEE-11d3-88E8-00902754C43A</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <btc_wallets>
            <value>
              <btc_wallet>x1008ed:$btc: 14ArrayTypeMismatchExceptio</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>NoMatter.exe</name>
        <report_id>09a172d0-b23b-471a-ab43-ba1321ac1825</report_id>
        <tags>
          <value>peexe</value>
          <value>txt</value>
          <value>html</value>
          <value>json</value>
          <value>ransomware</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>anti-security</value>
          <value>hacktool</value>
          <value>crypto</value>
          <value>reconnaissance</value>
          <value>base64</value>
          <value>obfuscated</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b3f211df2eaf17fba9b14c0f91500239140f1b27b4f7077cf8dd931f105d6914</id>
    <title>Analysis Report for b3f211df2eaf17fba9b14c0f91500239140f1b27b4f7077cf8dd931f105d6914</title>
    <updated>2026-07-06T21:30:41Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ead74fb2f5922b6c903</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c1e7e9016b0169a623a51</flow_id>
        <hash>b3f211df2eaf17fba9b14c0f91500239140f1b27b4f7077cf8dd931f105d6914</hash>
        <iocs>
          <urls>
            <value>
              <url>file:///tmp/tmpweyqdgdv.html</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <files>
            <value>
              <SHA-256>9ff1544a793ea2cdf64e0cd95eaa9be3ee238c3bd54a4c3200ca7991722f4f0b</SHA-256>
              <SHA-1>364c7e9ecddaa0f897f86844c17c1d8610a44f6b</SHA-1>
              <MD5>a270d27753e72b68395a30969ad8c528</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/x-ini</file_type>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>ca4e3573-fef3-4a5a-ac01-fe6a14f8a836</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>obfuscated</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e815176238415808bfdea7b619a3b8b966250f98e4fc9c4b5c3df720a057827f</id>
    <title>Analysis Report for e815176238415808bfdea7b619a3b8b966250f98e4fc9c4b5c3df720a057827f</title>
    <updated>2026-07-06T21:30:07Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1e6674fb2f5922b6c8f2</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1e5e2c562ae7c822ee60</flow_id>
        <hash>e815176238415808bfdea7b619a3b8b966250f98e4fc9c4b5c3df720a057827f</hash>
        <iocs/>
        <name>Server.exe</name>
        <report_id>e4b309c7-c065-4fef-a842-3eeb4984755c</report_id>
        <tags>
          <value>peexe</value>
          <value>vbnet</value>
          <value>njrat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>89637072516824bd40f5e0f64f41f681ae1e308ddf53602b48a7bc127ef03379</id>
    <title>Analysis Report for 89637072516824bd40f5e0f64f41f681ae1e308ddf53602b48a7bc127ef03379</title>
    <updated>2026-07-06T21:30:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1e6974fb2f5922b6c8f5</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1e5a5a5245447d9c2fba</flow_id>
        <hash>89637072516824bd40f5e0f64f41f681ae1e308ddf53602b48a7bc127ef03379</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e</SHA-256>
              <SHA-1>bac45b86a9c48fc3756a46809c101570d349737d</SHA-1>
              <MD5>24d3b502e1846356b0263f945ddd5529</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <SHA-256>869ce49fc36ef39c96434c68b0bdffd76e147ad211f3f03f3eae6c649ba3484f</SHA-256>
              <SHA-1>c0c7a0b837135a3663b7579ffd2787d34eb9b847</SHA-1>
              <MD5>9da9f5baa5d9a03cc7334917193bf8a4</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>qgif4.dll</name>
        <report_id>2035b940-df62-41b7-b14d-104ddbb5f29b</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>anti-debug</value>
          <value>anti-vm</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>87db29d80e336b1575ae3557f205000b3ba27e8dd071fcf686d833e1b3f7306a</id>
    <title>Analysis Report for 87db29d80e336b1575ae3557f205000b3ba27e8dd071fcf686d833e1b3f7306a</title>
    <updated>2026-07-06T21:29:31Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1e5a74fb2f5922b6c8ee</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c1e3a2c562ae7c822ee43</flow_id>
        <hash>87db29d80e336b1575ae3557f205000b3ba27e8dd071fcf686d833e1b3f7306a</hash>
        <iocs>
          <urls>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css</url>
              <origin>INTERNAL</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css</url>
              <origin>MSHTA_EMULATION</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>file:///tmp/tmpi5z8t34t.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://gw-xyq6i4.deepmatrixai.com:8443/document_for_review</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://gw-xyq6i4.deepmatrixai.com:8443/document_for_review?Sxn=david.strathy@altisource.com&amp;p=david.strathy@altisource.com&amp;q=david.strathy@altisource.com&amp;s=david.strathy@altisource.com&amp;r=david.strathy@altisource.com&amp;v=david.strathy@altisource.com&amp;n=david.strathy@altisource.com&amp;ref=david.strathy@altisource.com</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>altisource.com</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>cdnjs.cloudflare.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>gw-xyq6i4.deepmatrixai.com:8443</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdnjs.cloudflare.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cdnjs.cloudflare.com</url>
              <origin>MSHTA_EMULATION</origin>
              <verdict>whitelisted</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>david.strathy@altisource.com</email>
              <origin>MSHTA_EMULATION</origin>
            </value>
            <value>
              <email>david.strathy@altisource.com</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>104.17.24.14</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.67.204.112</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.17.25.14</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd</SHA-256>
              <SHA-1>512c7d79033e3028a9be61b540cf1a6870c896f8</SHA-1>
              <MD5>269550530cc127b6aa5a35925a7de6ce</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>GUID resource unit AP AR FMMUYCE8AW.htm</name>
        <report_id>5602e5a5-2f84-400a-9a26-5cdf30acd64a</report_id>
        <tags>
          <value>html</value>
          <value>txt</value>
          <value>phishing</value>
          <value>aidetect</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>6474f0f55ba72d3c201e231dd9fd2ab6372c0674d033d45a616bfa64804ae857</id>
    <title>Analysis Report for 6474f0f55ba72d3c201e231dd9fd2ab6372c0674d033d45a616bfa64804ae857</title>
    <updated>2026-07-06T21:27:57Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1df274fb2f5922b6c8db</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c1ddcdef7044af0b84fda</flow_id>
        <hash>6474f0f55ba72d3c201e231dd9fd2ab6372c0674d033d45a616bfa64804ae857</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>3c224699de84a32da1ff151cda917310d9b11befb2988e7c10f8ba9556e4bb97</SHA-256>
              <SHA-1>ea8451666ddd1aaeb3a0b9dacc20970d85336379</SHA-1>
              <MD5>a1a173ccdd69aade2951d6810cde0b6c</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>6c5f283e265de2cb31e673c0c1d7364a1afa48b114ea154019ae94d737953946</SHA-256>
              <SHA-1>8535a3fbf151e9f1cb64472d4cc89230ac485d1f</SHA-1>
              <MD5>a34b2a422a9a9ec554bede2e8645edfa</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>961a0b88ac1d9d765b120580809f5ac2c513e9092b6c4503a1264f034bd2d938</SHA-256>
              <SHA-1>1f71519f9fd81839bbfee71f16612eb5cb576499</SHA-1>
              <MD5>3c63396f9df05c30fcf0457bdd2f12e1</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>969c17a1a4bd1f2bc831d1212956c9095aa310b307813bccfc12088df95d1c5a</SHA-256>
              <SHA-1>8cd52b313ba20a1e98b7f936c3042a7a34a9b313</SHA-1>
              <MD5>81f7331ee250ce678642c92838a70d0e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>b4bd9be28800a2e676cbbf5af8247b0236ad38cc3d5539196791beb2b904b99d</SHA-256>
              <SHA-1>975a056f808d8a44b41b3cb4a62a0162f6d981ae</SHA-1>
              <MD5>eb9c6c1edb743fc4dbcf2ba7f8da7188</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>b640d1b2dc4749e9af42f182320095f7bb2211afd11e26275ac84cc168752e0d</SHA-256>
              <SHA-1>b853a123740c5a33f63cfdc0f25a43708cb220cd</SHA-1>
              <MD5>8f4724d1df40e3dd37735dcdd0aa1b0a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
          </files>
        </iocs>
        <name>2026-07-06_c99f79550fab873ffcc5617fb2fda26a_.exe</name>
        <report_id>13c41fa3-1dee-40a3-936c-e2ea2cf2edc1</report_id>
        <tags>
          <value>peexe</value>
          <value>anti-debug</value>
          <value>packed</value>
          <value>overlay</value>
          <value>mingw</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3f165ba3cc944c816f4b0ae65b38c0b35e65d9f034d8017431571099b37e6349</id>
    <title>Analysis Report for 3f165ba3cc944c816f4b0ae65b38c0b35e65d9f034d8017431571099b37e6349</title>
    <updated>2026-07-06T21:27:39Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1de474fb2f5922b6c8d5</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c1dca9016b0169a623925</flow_id>
        <hash>3f165ba3cc944c816f4b0ae65b38c0b35e65d9f034d8017431571099b37e6349</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>eb57740b51240cfae5e458774bca8b1117535ef51477972994fb25785721f9d8</SHA-256>
              <SHA-1>ef412a5cfa498e7a2554a89dacd2c6f4a6cf8faa</SHA-1>
              <MD5>f4a28bcbd716a25726908c351d00fa7b</MD5>
              <origin>PE_UNPACKING</origin>
              <file_type>application/x-msdownload; format=pe64</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>7706395a-fda1-406f-9bfe-7071e294c914</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>Software\LennarDigital\Sylenth1</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
        </iocs>
        <name>Sylenth1.dll</name>
        <report_id>d1cf7625-663c-4634-b66d-40eee62843bc</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>hacktool</value>
          <value>packed</value>
          <value>obfuscated</value>
          <value>vmprotect</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>887b01aa48542eaf98bff94c895e1272aeccff8361a1c0e48f64bbe64ba31b2c</id>
    <title>Analysis Report for 887b01aa48542eaf98bff94c895e1272aeccff8361a1c0e48f64bbe64ba31b2c</title>
    <updated>2026-07-06T21:26:45Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1d9f74fb2f5922b6c8c8</_id>
        <file_type>image/svg+xml</file_type>
        <flow_id>6a4c1d922c562ae7c822ed93</flow_id>
        <hash>887b01aa48542eaf98bff94c895e1272aeccff8361a1c0e48f64bbe64ba31b2c</hash>
        <iocs/>
        <name>Delivery-Transcript.svg</name>
        <report_id>36f39dde-6677-4845-a61b-8e013c4d6df1</report_id>
        <tags>
          <value>svg</value>
          <value>base64</value>
          <value>masquerade</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>026a8d90fae2f2e256bbb9f095fed3296dff7b3f031d1178147d5e7f331beaf5</id>
    <title>Analysis Report for 026a8d90fae2f2e256bbb9f095fed3296dff7b3f031d1178147d5e7f331beaf5</title>
    <updated>2026-07-06T21:26:32Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1dd9ff2e0900e305aef8</_id>
        <file_type>application/x-powershell</file_type>
        <flow_id>6a4c1d859016b0169a6238ba</flow_id>
        <hash>026a8d90fae2f2e256bbb9f095fed3296dff7b3f031d1178147d5e7f331beaf5</hash>
        <iocs>
          <urls>
            <value>
              <url>https://icanhazip.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>icanhazip.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.16.185.241</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>1bc9275b0945905c0304de09eaa800c1c3145baaa20e285950ba1d0119c4a091</SHA-256>
              <SHA-1>47a507bdd8aa704b8d7ab86d87c01fa87f592500</SHA-1>
              <MD5>f5bd5c70ef883d057f10ca5e27161a5f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>agent_1780445774.ps1</name>
        <report_id>de3b8bb8-5dc3-4a92-9147-6f588e351b58</report_id>
        <tags>
          <value>powershell</value>
          <value>txt</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>encrypted</value>
          <value>base64</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>78d4e5c4ba904e9956255679a24e697c309973d0bac9a82c80e64a23b06ffe97</id>
    <title>Analysis Report for 78d4e5c4ba904e9956255679a24e697c309973d0bac9a82c80e64a23b06ffe97</title>
    <updated>2026-07-06T21:25:52Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1d800bc678ad76e5c9b2</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1d5d3abf2760bd72dce5</flow_id>
        <hash>78d4e5c4ba904e9956255679a24e697c309973d0bac9a82c80e64a23b06ffe97</hash>
        <iocs/>
        <name>x78d4e5c4ba904e9956255679a24e697c309973d0bac9a82c80e64a23b06ffe97.exe</name>
        <report_id>3356069b-a55c-41da-bc54-5fa374e61237</report_id>
        <tags>
          <value>peexe</value>
          <value>packed</value>
          <value>anti-vm</value>
          <value>crypto</value>
          <value>obfuscated</value>
          <value>golang</value>
          <value>upx</value>
          <value>similar-threat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>1fc8fb8d201439bb948274e247603eeec57c830e1ba49d05fdb361256103be45</id>
    <title>Analysis Report for 1fc8fb8d201439bb948274e247603eeec57c830e1ba49d05fdb361256103be45</title>
    <updated>2026-07-06T21:25:48Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1d750bc678ad76e5c9af</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1d5a3abf2760bd72dcdf</flow_id>
        <hash>1fc8fb8d201439bb948274e247603eeec57c830e1ba49d05fdb361256103be45</hash>
        <iocs>
          <urls>
            <value>
              <url>http://ip-api.com/json/?fields=status,country,regionName,city,lat,lon,isp,query</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://geolocation-db.com/json/</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://ipwhois.app/json/</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>geolocation-db.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ip-api.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ipwhois.app</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>208.95.112.1</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.67.70.190</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>159.89.102.253</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>1.1.1.1</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>118.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>119.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>120.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>13.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>16.10.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>2.2.5.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>2.3.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>4.0.1.2</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>4.0.3.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>4.0.5.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>4.1.3.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>4.1.4.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>8.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>159.89.102.253</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>208.95.112.1</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.67.70.190</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>b7db84991f23a680df8e95af8946f9c9</MD5>
              <SHA-1>cac699787884fb993ced8d7dc47b7c522c7bc734</SHA-1>
              <SHA-256>539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>21232626a65f67171227df8deae61da8</MD5>
              <SHA-1>1d1cda34a54824a2330cbe3dda93dff1f8764bdc</SHA-1>
              <SHA-256>bfca4de8a7ba301a8fd86926d2aafbd3bf2ba24a370acd15f498b6847083a560</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>812535d49ff02d8e3db86e25676882ed</MD5>
              <SHA-1>7e8ba2d1a44b2c0be72beb29e8a435e23ad23565</SHA-1>
              <SHA-256>1067bdcaa2fdc85ffa3691bd8e6098ac8efbbef6deb261fcaea93a5aeb5b6b19</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>9d8d37e81d7fe2a08971eefbf4407368</MD5>
              <SHA-1>d82e3a46aad8870d09bd3b950fe8cbe22a4ac245</SHA-1>
              <SHA-256>1880d776e3606f67b59c52c1a7cedaab9436e746b9a97237aced2bd3942a2a79</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>fa4eb7cd4e29c14687e43388253bd749</MD5>
              <SHA-1>c257d354e912f9c13bd4748609962345a43adc76</SHA-1>
              <SHA-256>22f7167979b327cf136bc8385da052deeab70e2da3beafaf56cd254139ede265</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>7a0f9de14d4575ca79f0bfbdda73fc9a</MD5>
              <SHA-1>ab2a7f82a41b778d60c7c02b548f53d01880c143</SHA-1>
              <SHA-256>2359c7410484951c5dd14d9fd5961dd0f07919448590a2bcf798e1d0f95ba2d1</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/x-font-ttf</file_type>
            </value>
            <value>
              <MD5>bbffe6b369d00230751a0c9fd769369b</MD5>
              <SHA-1>63393f28db2154c601122b02063c2551580f461b</SHA-1>
              <SHA-256>3043b8601c89d3f456d6d4689b74e9d2387e7a587dae50b6c3a76ef4bdc50f9e</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>2f76797a1fca316741184b94cfd273b6</MD5>
              <SHA-1>7d4ae858615d7e0ce536f89f6b2998609d91c879</SHA-1>
              <SHA-256>71937f2862410b7775026215f0e14b55eb861020ed4ee2fab36e1213227789e6</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>5126d96d30c1e5270501fd0f65683e92</MD5>
              <SHA-1>b71accfe691b9f679717a274396b9e4a3b6630a5</SHA-1>
              <SHA-256>7a31c904e49affe83a0d997df4883a0a9f9f51bb5e4360978a9d5f9dd1fef1bf</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>2dc239fa1198632cc64f8b0365d84d53</MD5>
              <SHA-1>8621036facdc629a64db8dacf25d8c8bf35cf7af</SHA-1>
              <SHA-256>cecdcce7a32044d57a4090b56466b6877444f399b82bd2d3a58d790014469ad9</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>4e940c3fa659b59ccf622bfed3851d3f</MD5>
              <SHA-1>a42e6fedce679c5b981e80897c629e2273343a53</SHA-1>
              <SHA-256>da5c166b48c9d42a1308ade1e0cd0c70c96cb7f0ccd43bf3e2f9aa5699ced5a9</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>9b17fab4fe89392776728218a42e32f9</MD5>
              <SHA-1>d3fcdaa92406efb51243dcd0061b4b491c8d9856</SHA-1>
              <SHA-256>ef35cd686b78e7a3f077900265517b0008da3d351aec37dc3c7a85598471427e</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>d7c6c7f2ec8c6373ca66d57e9b7539a5</MD5>
              <SHA-1>e16968ec8f417e93199984392b48e8cf18a6812b</SHA-1>
              <SHA-256>e84458a59743b1330f09396f37434fe365d666f94aa7c2d069c5d0dd418a4ca9</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <MD5>ea3ae1f3f386aa644809676f9fe882e1</MD5>
              <SHA-1>b4729a8a9b2aefd2310c529fae0ab88bb61e027c</SHA-1>
              <SHA-256>4be035fecc1910a96fcf4287f6f50702838dd890fa28d7c666290aa985e19aaa</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <MD5>76f115721d570563a8152ef6c756c889</MD5>
              <SHA-1>d76125216816ff0633f77d0fffb8e67b3a47b161</SHA-1>
              <SHA-256>ce10ea070a1ef96e50dbff596a7cf449482def9f309fee0c659049dd4730c4de</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>24BE5A30-EDFE-11D2-B933-00104B365C9F</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>41904400-BE18-11D3-A28B-00104BD35090</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4d36e968-e325-11ce-bfc1-08002be10318</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>5CDF2C82-841E-4546-9722-0CF74078229A</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>72C24DD5-D70A-438B-8A42-98424B88AFB8</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>A95664D2-9614-4F35-A746-DE8DB63617E6</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>BCDE0395-E52F-467C-8E3D-C4579291692E</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>D666063F-1587-4E43-81F1-B948E807363F</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>F935DC21-1CF0-11D0-ADB9-00C04FD58A0B</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>F935DC23-1CF0-11D0-ADB9-00C04FD58A0B</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>f35dc6cd-26df-457e-9d61-9d6d24c5375c</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>HKCR\BraveHTML\shell\open\command</registry>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <registry>HKCR\ChromeHTML\shell\open\command</registry>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <registry>HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>HKLM\SOFTWARE\Microsoft\RecoveryEnvironment</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Clients\StartMenuInternet</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows Defender\Features</registry>
              <origin>INPUT_FILE</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows NT\CurrentVersion</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msedge.exe</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows\CurrentVersion\Run</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Mozilla\Mozilla Firefox</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Mozilla\Mozilla Firefox\</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Oracle\VirtualBox Guest Additions</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>SOFTWARE\Policies\Microsoft\Windows Defender</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\VMware, Inc.\VMware Tools</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SYSTEM\ControlSet001\Services\Disk\Enum</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>Software\Microsoft\Terminal Server Client</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Policies\System</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Run</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>Software\Valve\Steam</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Valve\Steam\Apps</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
          <eth_wallets>
            <value>
              <eth_wallet>0x109aeb:$eth: 2DA9EC7612835E1F69D4A93AA2D49EC9BDFF7F7C</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x109bc9:$eth: D3A17C1FDD6D54951141053F88BF8238DEA0B937</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x109c86:$eth: DDFFDCEF29DADDC36CA7D8AE2C8E01C1C8BB23A8</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x109d34:$eth: 028E9832F421F11F9497C610F1734E0F3D868037</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x109e14:$eth: 1C27A41FD84D6BFE99DABAE2E59FCF12FCCF6213</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x109ece:$eth: C84ECF4875C17D9CC91C911FEABCA640C7FFC661</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x109f88:$eth: D2B0FD622DAF57A012C3CF5BDF4B187F27D5D080</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x10a034:$eth: 3CD158D0F9A4F9A78A7AE56ECB0DF0360A413181</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x10a0ed:$eth: 1BBE492757BF99840D923FDD44C6A3F34B336CF7</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x10a1ad:$eth: 6DBD30A9216590D012A7FEB802831F538345756E</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </eth_wallets>
        </iocs>
        <name>xeno.exe</name>
        <report_id>d6c3647a-6514-4bd8-8dc7-fd97e33d7086</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>json</value>
          <value>anti-vm</value>
          <value>evasive</value>
          <value>base64</value>
          <value>cmd</value>
          <value>explorer</value>
          <value>fingerprint</value>
          <value>packed</value>
          <value>pnputil</value>
          <value>privilege</value>
          <value>regasm</value>
          <value>rundll32</value>
          <value>update</value>
          <value>wscript</value>
          <value>findstr</value>
          <value>lolbin</value>
          <value>netsh</value>
          <value>reconnaissance</value>
          <value>obfuscated</value>
          <value>vbnet</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>79f558bd53211dcae4666a3d9454a44f884915d5a51e46caaacbf568c67b554f</id>
    <title>Analysis Report for 79f558bd53211dcae4666a3d9454a44f884915d5a51e46caaacbf568c67b554f</title>
    <updated>2026-07-06T21:25:36Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1d6e74fb2f5922b6c8be</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1d4f3abf2760bd72dcd5</flow_id>
        <hash>79f558bd53211dcae4666a3d9454a44f884915d5a51e46caaacbf568c67b554f</hash>
        <iocs>
          <urls>
            <value>
              <url>http://crl.comodoca.com/AAACertificateServices.crl04</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://s.symcb.com/universal-root.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://schemas.microsoft.com/SMI/2016/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://d.symcb.com/cps0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://d.symcb.com/rpa0.</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://d.symcb.com/rpa0@</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://sectigo.com/CPS0</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>crl.comodoca.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crl.sectigo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crt.sectigo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>d.symcb.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>s.symcb.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>sectigo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ts-aia.ws.symantec.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ts-crl.ws.symantec.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>L41P@o.uo</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.142.9</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.11.40.157</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.149.23</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.38.233</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>13.56.82.130</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>91.199.212.90</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>2482175426e17b781d8176b2b9aa6ea88d2c62d5e2f3e2bef82aaf4529cb3994</SHA-256>
              <SHA-1>751c0692df41194712005fd034bf5086636c6516</SHA-1>
              <MD5>4cc4cfe3570d73eec6c169354ddc6185</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/zlib</file_type>
            </value>
            <value>
              <SHA-256>8195bff869bc9b079f84245ee516371c3e85e7cda9162e5892cd8bccb0ad2a0f</SHA-256>
              <SHA-1>a1c098e9ec7df3a8ceb00bdea6621cdd1668919a</SHA-1>
              <MD5>d51b994a538e5f86e27926ae6e6788e9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11</SHA-256>
              <SHA-1>5f8991f3e065fd95614859a293f88b9c70e4bb23</SHA-1>
              <MD5>84da8dee6b319ea0b10b6de5489c6aae</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e</SHA-256>
              <SHA-1>80c9820ff2efe8aa3d361df7011ae6eee35ec4f0</SHA-1>
              <MD5>4842e206e4cfff2954901467ad54169e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/octet-stream</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>30c558f670ce0f1b1189278ec81d40093c7440699f37437e6ac8255e9c452cc2</SHA-256>
              <SHA-1>702a96a8352303a955216e552464bc518869fc57</SHA-1>
              <MD5>30b2ab5d946943f6ee638014568a1a01</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>x79f558bd53211dcae4666a3d9454a44f884915d5a51e46caaacbf568c67b554f.exe</name>
        <report_id>51efdf31-c09b-4ccd-b166-7582376e37bb</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>data</value>
          <value>packed</value>
          <value>overlay</value>
          <value>anti-debug</value>
          <value>expand</value>
          <value>expired-cert</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>pyinstaller</value>
          <value>invalid-signature</value>
          <value>signed</value>
          <value>captcha</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c3dda6867ededd34b05094aa7103f81a55528a3e418e0577904842bb04294c01</id>
    <title>Analysis Report for c3dda6867ededd34b05094aa7103f81a55528a3e418e0577904842bb04294c01</title>
    <updated>2026-07-06T21:25:23Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1d5a74fb2f5922b6c8b8</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c1d40def7044af0b84fa8</flow_id>
        <hash>c3dda6867ededd34b05094aa7103f81a55528a3e418e0577904842bb04294c01</hash>
        <iocs>
          <urls>
            <value>
              <url>file:///tmp/tmp7i3h9lvh.html</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <emails>
            <value>
              <email>bonhoeffer@dbrs.de</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <email>bonhoeffer@dbrs.de</email>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <email>bonhoeffer@dbrs.de</email>
              <origin>CONTENT_PARSE</origin>
            </value>
          </emails>
          <files>
            <value>
              <SHA-256>be53e4af9cf01d687288780dc851368ce3f549ba9c5f6f970f9ea5c2d371129a</SHA-256>
              <SHA-1>775c19e6d950ed965eaa9ad988e136cbb5d1bb97</SHA-1>
              <MD5>141a82dabf9890ae7184b1d0d693a9dd</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/plain</file_type>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>f843b19b-dbf0-43eb-93cb-13e080dae1cd</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>obfuscated</value>
          <value>aidetect</value>
          <value>phishing</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c7deee6391aafea5e6f3300ad52ce19abffa48741e127a43cf5a782c43a53cf4</id>
    <title>Analysis Report for c7deee6391aafea5e6f3300ad52ce19abffa48741e127a43cf5a782c43a53cf4</title>
    <updated>2026-07-06T21:24:41Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1d2c74fb2f5922b6c8ae</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c1d185a5245447d9c2f7d</flow_id>
        <hash>c7deee6391aafea5e6f3300ad52ce19abffa48741e127a43cf5a782c43a53cf4</hash>
        <iocs>
          <urls>
            <value>
              <url>http://collective.valve-erc.com/</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>http://collective.valve-erc.com/</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>collective.valve-erc.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>collective.valve-erc.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>burkenholt@home.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>fjl05@yahoo.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>fuck@os.dk</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>milsys@hotmail.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>burkenholt@home.com</email>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <email>fjl05@yahoo.com</email>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <email>fuck@os.dk</email>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <email>milsys@hotmail.com</email>
              <origin>CONTENT_PARSE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>1.0.0.9</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>1.1.0.8</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>cstrike.fgd</name>
        <report_id>897ef948-d1a5-4240-b877-69dbf2bd9638</report_id>
        <tags>
          <value>txt</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>8d9f4f032b0c9463da3ab485c530468552bdd887aaab056bd344d9f3a2f4b9cd</id>
    <title>Analysis Report for 8d9f4f032b0c9463da3ab485c530468552bdd887aaab056bd344d9f3a2f4b9cd</title>
    <updated>2026-07-06T21:24:14Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1d0674fb2f5922b6c8a6</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1cfc3abf2760bd72dc6c</flow_id>
        <hash>8d9f4f032b0c9463da3ab485c530468552bdd887aaab056bd344d9f3a2f4b9cd</hash>
        <iocs/>
        <name>8d9f4f032b0c9463da3ab485c530468552bdd887aaab056bd344d9f3a2f4b9cd.exe</name>
        <report_id>9aa1df12-d37a-4bf8-a09d-7fc631c8e0ea</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</id>
    <title>Analysis Report for a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</title>
    <updated>2026-07-06T21:23:40Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ce974fb2f5922b6c89f</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c1cdcdef7044af0b84f91</flow_id>
        <hash>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</hash>
        <iocs>
          <urls>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <ips>
            <value>
              <ip>63.177.146.192</ip>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>63.177.146.192</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>hxxps://bazaar.abuse.ch/browse.php</name>
        <report_id>a6e9826e-04f9-495d-a81c-5c00c41e10d0</report_id>
        <tags>
          <value>txt</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>2997d44675ba7942d66cdef307bb876a0305f942d0925e5374525d6c75e69b15</id>
    <title>Analysis Report for 2997d44675ba7942d66cdef307bb876a0305f942d0925e5374525d6c75e69b15</title>
    <updated>2026-07-06T21:22:09Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1c99ff2e0900e305aebe</_id>
        <file_type>image/svg+xml</file_type>
        <flow_id>6a4c1c813abf2760bd72dbeb</flow_id>
        <hash>2997d44675ba7942d66cdef307bb876a0305f942d0925e5374525d6c75e69b15</hash>
        <iocs>
          <urls>
            <value>
              <url>https://gpqclobaltoolingsystems.vu/</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://gpqclobaltoolingsystems.vu/?e=sandhya.poojari%40altisource.com&amp;utm_source=pgqkfq&amp;utm_medium=ckmhdczh&amp;campaign=b20c8fec&amp;mid=1783357917&amp;eid=f5c87472c72ef6be643820f05cf8169e</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://gpqclobaltoolingsystems.vu/?e=sandhya.poojari@altisource.com</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>altisource.com</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>gpqclobaltoolingsystems.vu</url>
              <origin>JAVASCRIPT_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>sandhya.poojari@altisource.com</email>
              <origin>JAVASCRIPT_EMULATION</origin>
            </value>
            <value>
              <email>sandhya.poojari@altisource.com</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>104.21.28.24</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>0bb384938f2a08e396869ed65216c003253f1e92c778c7240c890f4aaf717b80</SHA-256>
              <SHA-1>e539ff7731a4c243f6ae06bc8b455eb50dc5e102</SHA-1>
              <MD5>a66ff558b943ff7bae9e1d3044bf5baf</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>Sandhya.poojari-EFT.svg</name>
        <report_id>12db44be-b5af-4037-8c94-ce97ce229692</report_id>
        <tags>
          <value>javascript</value>
          <value>svg</value>
          <value>html</value>
          <value>obfuscated</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>cd01f94745ea919f33ab4cc52b0b272d63e7f9a404597b18f7774a0e81f6e0fc</id>
    <title>Analysis Report for cd01f94745ea919f33ab4cc52b0b272d63e7f9a404597b18f7774a0e81f6e0fc</title>
    <updated>2026-07-06T21:21:28Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1c6474fb2f5922b6c887</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c1c562c562ae7c822ecaa</flow_id>
        <hash>cd01f94745ea919f33ab4cc52b0b272d63e7f9a404597b18f7774a0e81f6e0fc</hash>
        <iocs>
          <urls>
            <value>
              <url>http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.thawte.com/ThawteTimestampingCA.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://crl.usertrust.com/UTN-USERFirst-Object.crl0t</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://crt.comodoca.com/COMODOCodeSigningCA2.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://crt.usertrust.com/UTNAddTrustObject_CA.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://ts-aia.ws.symantec.com/tss-ca-g2.cer0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://secure.comodo.net/CPS0A</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>crl.comodoca.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crl.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>crl.thawte.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crl.usertrust.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crt.comodoca.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crt.usertrust.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>secure.comodo.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ts-aia.ws.symantec.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ts-crl.ws.symantec.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>inforsp@resplendence.com0</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>23.11.40.157</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.149.23</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>95.101.9.216</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>605e802299404e1e41425b46b6f2b6af80fddade4da6b138659e9bf0b075f6a1</SHA-256>
              <SHA-1>743534323967cb70176e29b4e82abcf18cae66ec</SHA-1>
              <MD5>61387f0065ded18c95b2f38050d02668</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e</SHA-256>
              <SHA-1>80c9820ff2efe8aa3d361df7011ae6eee35ec4f0</SHA-1>
              <MD5>4842e206e4cfff2954901467ad54169e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/octet-stream</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>rspLLL64.sys</name>
        <report_id>b3699df6-124f-4a42-b6d6-bc980ed20088</report_id>
        <tags>
          <value>peexe</value>
          <value>data</value>
          <value>pesys</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>anti-debug</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c015f23315236e1a477ab74818169935ede032ef2033acf71654ae60ef69f1f8</id>
    <title>Analysis Report for c015f23315236e1a477ab74818169935ede032ef2033acf71654ae60ef69f1f8</title>
    <updated>2026-07-06T21:20:25Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1c350bc678ad76e5c976</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1c163abf2760bd72db69</flow_id>
        <hash>c015f23315236e1a477ab74818169935ede032ef2033acf71654ae60ef69f1f8</hash>
        <iocs>
          <urls>
            <value>
              <url>http://192.168.0.242:8000/dash/test/index.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>192.168.0.242</ip>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>3564fb4ec4da06bd0e6ecef60a42c6a5</MD5>
              <SHA-1>18b2e654314206a88a604ccc1507766fdbb2556d</SHA-1>
              <SHA-256>044c79c0844d2a3f268fcbad1f8e4597516181b05bcb5656dfa56fe730ee4a02</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>fec5c3ef8ab41f997abfbd7c062e6814</MD5>
              <SHA-1>59034c6cedcd972ba37e89b050270aa9ea1c30dc</SHA-1>
              <SHA-256>0e78cd3434f201cf673d5f461b683b960064e99856188623c7d3a8fa1d712062</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>86bbd123600d6ee1b35e027cbd5b3f0d</MD5>
              <SHA-1>d62337de898434bf985b24460e5d3037f1e83886</SHA-1>
              <SHA-256>214b742e36e75d20cca2954d89b006527d7d22989e3f1a46138f9917de2806cb</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>099c1d0d7a10ed9199c8f2e06e84e8de</MD5>
              <SHA-1>ecfa5b0bcadf06b2fbfb86f3cb6b11998d59edc6</SHA-1>
              <SHA-256>3683a590225f3f03402165fb7d64817b4583555544c21b83a6a1a2bfa1cf9b54</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>5ad34eb328f4458d1e0f8e8415ba706c</MD5>
              <SHA-1>b33978a8f3d24e9e0ab6c16c57edeb37a1c2a052</SHA-1>
              <SHA-256>3b2a4cec56a10a04e2a51a387c2788406bd9fc9b1af425d61bec46fb6f07a893</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>94c35f467b74f80c9515d94d6bb41693</MD5>
              <SHA-1>16141592fba96eb6d93e069667a815aae2d67812</SHA-1>
              <SHA-256>44a9edba52ad45d80f54b49631298b9c725a2ab88140b814689225eddb2cb226</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>badc04275991b04d04f73a0f97971bbf</MD5>
              <SHA-1>333cbf698bd5987cc654550b55df4892df04f831</SHA-1>
              <SHA-256>967e355f7e5778d8793e7bb22d96a592621f656904be5fd63e24c796037cb95d</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>7dc874301585ca0d14cd9dc6242198a9</MD5>
              <SHA-1>e7f37aca122194e1639716519d9de6743b90806f</SHA-1>
              <SHA-256>9e180700d8c44835386c911047b25da4b97ee46c3b1c22d651d86c82a39fc313</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>5635a22aa1bf0d9d5ae7a16cc2ad0681</MD5>
              <SHA-1>aa89b8b367ae96ac912f91d0a078252249f18a22</SHA-1>
              <SHA-256>a5c65efe7467ae7dc2c8c963d125a085e9516124b46b3fc5ba98b59c4603ddcb</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>44f2a68ddc92ce55d4d9f242d60591e0</MD5>
              <SHA-1>2eb08149861c697bb4a174071db20deb037f047f</SHA-1>
              <SHA-256>ac61e661e2d59d7159b87463f992660964ad8fe2f61389a293c181ddce76b742</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>fe46645ff4de878574d47cfa777405ea</MD5>
              <SHA-1>2e0d42afaba18cb3828b6b16e34f0c651f85ffec</SHA-1>
              <SHA-256>b054235d62a598975a8e46d2ce4482c227a4608f9e10ec5575feeac53443529d</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>ca86189032be51919a811c1257eed569</MD5>
              <SHA-1>39b1c5b5141b1392d3d0f74af40b1de0a5730033</SHA-1>
              <SHA-256>b3cf6a3f109f4a0aa3f00396111c7d716fa7379e97dbecd963b0c1c983928acc</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>6ad4cb3af52c1dc7a86833343bca39a6</MD5>
              <SHA-1>5acf673886c2ffa4838463f9b5f97cf54cd32cf2</SHA-1>
              <SHA-256>b46cc4f9696cbd21005f401ab6890a07bda44e69902d6c43be57d58ac9c6cd32</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>7907e4c87fbe84f3041719df8b613bf0</MD5>
              <SHA-1>ddc0a004476ae4836f64c3504604eec101eb3088</SHA-1>
              <SHA-256>d1d9f4e56403db1d72d9032cd0229cb9a0e107b327d9fe62eef8f69e25d6b8bf</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>df6924ac41aa6bd82e02c228a9a9ba9b</MD5>
              <SHA-1>e95cd8ad789ab3dc348369a7ab2ed94068071b10</SHA-1>
              <SHA-256>d552f70d74334603875ed264f261bbffe51a86768e4f3d6b4c99e4521153b0ba</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>f08eb827a7cc195d1965fcdeacee09f5</MD5>
              <SHA-1>8ad14d2f4e360f0f8f27c3e13bf4523c71bdc295</SHA-1>
              <SHA-256>db911fad8a65de2ad0884f463c33fe552c14db94be1833567d7ada7e1f20c1a6</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>e71cda75fe4859c6619819c2cdd696cd</MD5>
              <SHA-1>3d2c46ac46a35675c2aa660056a675152a801122</SHA-1>
              <SHA-256>e25352e3deb84dad2d32a984ca43c1a8fbfcfc487c47ce795a5944acb97a9e17</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>8a4d9514c199fc61278d13bffce4d591</MD5>
              <SHA-1>16e2c4341a21b5b0457ca5ac7f9a9513fefbb3eb</SHA-1>
              <SHA-256>f9b357c6751904a53ab1dffd6853c3c7a072e9f577108cbee30e2c6b573d5e15</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
          </files>
          <eth_wallets>
            <value>
              <eth_wallet>0x127300:$eth: d48f9c16e47566bb41436e734d87f481a297fad9</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x127430:$eth: d48f9c16e47566bb41436e734d87f481a297fad9</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x128a40:$eth: d48f9c16e47566bb41436e734d87f481a297fad9</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x128b70:$eth: d48f9c16e47566bb41436e734d87f481a297fad9</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </eth_wallets>
        </iocs>
        <name>c015f23315236e1a477ab74818169935ede032ef2033acf71654ae60ef69f1f8.exe</name>
        <report_id>d527fd42-db49-472d-ae0e-a03dfb950eb2</report_id>
        <tags>
          <value>peexe</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>anti-debug</value>
          <value>packed</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>8a301fd82151e9d0deb59ac550f646af30372e9babc4572292b25d4d5c8d1987</id>
    <title>Analysis Report for 8a301fd82151e9d0deb59ac550f646af30372e9babc4572292b25d4d5c8d1987</title>
    <updated>2026-07-06T21:20:22Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1c310bc678ad76e5c974</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4c1c139a9579027330a2a7</flow_id>
        <hash>8a301fd82151e9d0deb59ac550f646af30372e9babc4572292b25d4d5c8d1987</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.xmlsoap.org/soap/encoding</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://schemas.xmlsoap.org/soap/envelope</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.xmlsoap.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>141.11.88.134</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>24d4478b85b1a83fe25add529f3fd363</MD5>
              <SHA-1>1c088b50d09e6e42e641c77170cd4357b0dcd111</SHA-1>
              <SHA-256>1da0035cc4bb55999e42d76661172a1baeb9b94f9af0912a41ba2cf502821cfe</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>fab4aa3bc10fe3020538e90252e9b8f3</MD5>
              <SHA-1>88f62ae3ca8827e50a463322427d3bc8edeb378e</SHA-1>
              <SHA-256>9c66f88b79ad60d6d5b63839bbb709b0cdfd591898c35ac187c3c272c47b52ae</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <MD5>35ed02ac4ec6ea5c7590d2e97ddd56e7</MD5>
              <SHA-1>d59d245e51c74ddca6765f14b8b7981af3800a00</SHA-1>
              <SHA-256>b77d77ae19836e21914c676730ede7269bc4907496470c692dfef85eee0e34cc</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>x124dd:$btc: "3612f843a42db38f48f59d2a3597e19c</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>8a301fd82151e9d0deb59ac550f646af30372e9babc4572292b25d4d5c8d1987.elf</name>
        <report_id>7de4525d-10c9-4de3-b385-4fa6b664e38e</report_id>
        <tags>
          <value>elf</value>
          <value>xml</value>
          <value>obfuscated</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>755c556434c44aeba78db4a882883c50a0dc25d096704005d4fa31145f4dcb25</id>
    <title>Analysis Report for 755c556434c44aeba78db4a882883c50a0dc25d096704005d4fa31145f4dcb25</title>
    <updated>2026-07-06T21:20:12Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1c150bc678ad76e5c96f</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1c089016b0169a62365a</flow_id>
        <hash>755c556434c44aeba78db4a882883c50a0dc25d096704005d4fa31145f4dcb25</hash>
        <iocs>
          <files>
            <value>
              <MD5>16ec11406456535d1de48d96513667e8</MD5>
              <SHA-1>a60ebbbcae868abd27fc96e22701fae48940e53c</SHA-1>
              <SHA-256>23202710be8c5fc9672495b0b62bebcf29a087cc7e07236f6bb155efb6e499ad</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>f3d7095de1636559aa56ad81b25bbff9</MD5>
              <SHA-1>6a55e1445c1c915664fba385828c5a0078fe460d</SHA-1>
              <SHA-256>4ff1c75a93b2280dabe75acecade82d644388c9f4412565d846aeb396bfdc133</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>755c556434c44aeba78db4a882883c50a0dc25d096704005d4fa31145f4dcb25.exe</name>
        <report_id>88a8b502-1a59-44bb-b721-ebd704aa0a26</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>asyncrat</value>
          <value>reg</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>base64</value>
          <value>reconnaissance</value>
          <value>lolbin</value>
          <value>schtasks</value>
          <value>obfuscated</value>
          <value>vbnet</value>
          <value>similar-threat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>583a2e0c1ae85a9730f2ffacdd3c0d1ee1d86721f162b135c99402f34926bce2</id>
    <title>Analysis Report for 583a2e0c1ae85a9730f2ffacdd3c0d1ee1d86721f162b135c99402f34926bce2</title>
    <updated>2026-07-06T21:20:09Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1c17e094c2d958061541</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1c062c562ae7c822ec61</flow_id>
        <hash>583a2e0c1ae85a9730f2ffacdd3c0d1ee1d86721f162b135c99402f34926bce2</hash>
        <iocs>
          <files>
            <value>
              <MD5>16ec11406456535d1de48d96513667e8</MD5>
              <SHA-1>a60ebbbcae868abd27fc96e22701fae48940e53c</SHA-1>
              <SHA-256>23202710be8c5fc9672495b0b62bebcf29a087cc7e07236f6bb155efb6e499ad</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>f3d7095de1636559aa56ad81b25bbff9</MD5>
              <SHA-1>6a55e1445c1c915664fba385828c5a0078fe460d</SHA-1>
              <SHA-256>4ff1c75a93b2280dabe75acecade82d644388c9f4412565d846aeb396bfdc133</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>583a2e0c1ae85a9730f2ffacdd3c0d1ee1d86721f162b135c99402f34926bce2.exe</name>
        <report_id>bb295f87-83f2-4c73-9b4c-b2fa55b51d90</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>asyncrat</value>
          <value>reg</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>base64</value>
          <value>reconnaissance</value>
          <value>lolbin</value>
          <value>schtasks</value>
          <value>obfuscated</value>
          <value>vbnet</value>
          <value>similar-threat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>92958b6f5787a4018b01e78e373c97cef6d24c24104dd8a91d6744ac9808770b</id>
    <title>Analysis Report for 92958b6f5787a4018b01e78e373c97cef6d24c24104dd8a91d6744ac9808770b</title>
    <updated>2026-07-06T21:19:44Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1c11ff2e0900e305aea5</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4c1bed9a9579027330a29b</flow_id>
        <hash>92958b6f5787a4018b01e78e373c97cef6d24c24104dd8a91d6744ac9808770b</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.xmlsoap.org/soap/encoding</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://schemas.xmlsoap.org/soap/envelope</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.xmlsoap.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>141.11.88.134</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>3a2c899e8f74c19e58cc139adbde1db19faace9231cd0e51317ca7fad5d5c987</SHA-256>
              <SHA-1>df2907c47cfa569e9afdae9b6586ca1687f63f31</SHA-1>
              <MD5>da14a3cc4ec7b4c676f6c16e933c711c</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>9c66f88b79ad60d6d5b63839bbb709b0cdfd591898c35ac187c3c272c47b52ae</SHA-256>
              <SHA-1>88f62ae3ca8827e50a463322427d3bc8edeb378e</SHA-1>
              <MD5>fab4aa3bc10fe3020538e90252e9b8f3</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b77d77ae19836e21914c676730ede7269bc4907496470c692dfef85eee0e34cc</SHA-256>
              <SHA-1>d59d245e51c74ddca6765f14b8b7981af3800a00</SHA-1>
              <MD5>35ed02ac4ec6ea5c7590d2e97ddd56e7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>x14ede:$btc: 3612f843a42db38f48f59d2a3597e19</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>92958b6f5787a4018b01e78e373c97cef6d24c24104dd8a91d6744ac9808770b.elf</name>
        <report_id>2b091ef7-a0be-4132-8946-7e623f06fbba</report_id>
        <tags>
          <value>elf</value>
          <value>xml</value>
          <value>bashlite</value>
          <value>obfuscated</value>
          <value>mirai</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>6a345c705721e4e104dba6b23c35edf48469b2dd370aae5da5e83451d166f7e3</id>
    <title>Analysis Report for 6a345c705721e4e104dba6b23c35edf48469b2dd370aae5da5e83451d166f7e3</title>
    <updated>2026-07-06T21:19:30Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1bf974fb2f5922b6c874</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c1be19016b0169a62361a</flow_id>
        <hash>6a345c705721e4e104dba6b23c35edf48469b2dd370aae5da5e83451d166f7e3</hash>
        <iocs>
          <urls>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css</url>
              <origin>MSHTA_EMULATION</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>file:///tmp/tmpg7zpuaxf.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://j3ffqzg.deepmatrixai.com:8443/cloud</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://j3ffqzg.deepmatrixai.com:8443/cloud?pnx88paqbawh7ref=vetiana.delpuerto@springhouseamc.com&amp;v=mr9q3xj2</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>springhouseamc.com</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css</url>
              <origin>INTERNAL</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>cdnjs.cloudflare.com</url>
              <origin>MSHTA_EMULATION</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>cdnjs.cloudflare.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>j3ffqzg.deepmatrixai.com:8443</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdnjs.cloudflare.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </domains>
          <emails>
            <value>
              <email>vetiana.delpuerto@springhouseamc.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>vetiana.delpuerto@springhouseamc.com</email>
              <origin>MSHTA_EMULATION</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>104.17.25.14</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.67.204.112</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.17.25.14</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd</SHA-256>
              <SHA-1>512c7d79033e3028a9be61b540cf1a6870c896f8</SHA-1>
              <MD5>269550530cc127b6aa5a35925a7de6ce</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>ST _ACC3691979656577779256627.htm</name>
        <report_id>f915bd6a-1b2a-4ae4-b938-18d1a9bc7e53</report_id>
        <tags>
          <value>html</value>
          <value>txt</value>
          <value>phishing</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>22171db0e9a47086b2921485f65636638844c674738f6f8025e6c47a458a5aa4</id>
    <title>Analysis Report for 22171db0e9a47086b2921485f65636638844c674738f6f8025e6c47a458a5aa4</title>
    <updated>2026-07-06T21:18:48Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1bc074fb2f5922b6c869</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1bb63abf2760bd72daf9</flow_id>
        <hash>22171db0e9a47086b2921485f65636638844c674738f6f8025e6c47a458a5aa4</hash>
        <iocs/>
        <name>22171db0e9a47086b2921485f65636638844c674738f6f8025e6c47a458a5aa4.exe</name>
        <report_id>b0db25af-2024-4669-9f5c-b912867c5596</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>cf51c88ee93880301bbdfa93493891d752c99ba23c94ebc32d50cd614cf1016a</id>
    <title>Analysis Report for cf51c88ee93880301bbdfa93493891d752c99ba23c94ebc32d50cd614cf1016a</title>
    <updated>2026-07-06T21:18:12Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1bb074fb2f5922b6c864</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1b912c562ae7c822ebff</flow_id>
        <hash>cf51c88ee93880301bbdfa93493891d752c99ba23c94ebc32d50cd614cf1016a</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>13160d8e413f8a06f47aec8b20edc6ea5d63b63190f77ae9a1ec1bed7195da79</SHA-256>
              <SHA-1>264a1f51d8f3ac1aeaf37369038f97f24c48b52c</SHA-1>
              <MD5>7ef51f60309aa7899efdfed89aa1ad6f</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>1f4f333236b747641a29e2c3e7179371dff157231a2d1b62706a81897d931ed3</SHA-256>
              <SHA-1>c176d2f2cda0390e550ee5fd69b2b931e2943372</SHA-1>
              <MD5>29ee02da0d6d547225071f94d4edd787</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>7e94d740f3280ce5a0301040f4a3e34c1c9b126295b9df949f351925c334355c</SHA-256>
              <SHA-1>9cfb795049daf648965107c4009907d95ea082e9</SHA-1>
              <MD5>a8300430222660c6cf54aeccdbce2eb1</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>8b4b5d37b829ba885281134d9948f249e0ecd553ae72deda6a404619fdf4ccc5</SHA-256>
              <SHA-1>10078d8edb2c46a2e74ec7680d2db293acc5731c</SHA-1>
              <MD5>a7863648b3839bfe2d5f7c450b108545</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>bced0c1c30158d091dfab6d2f87401a93443a9f2762dc5bd108903c6b23a82c0</SHA-256>
              <SHA-1>b979a1e2e72823f0b2f351354f8160c526e4e0db</SHA-1>
              <MD5>f31302679a3973a7dd82e8d1b647746b</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>bdc404febad5ff6f1ac2a02949f2fe18c7c9e5505d629a1166158c4b3aba4b67</SHA-256>
              <SHA-1>c0292bfe7bd5d35b3081cf97fdba0d15b5c5c211</SHA-1>
              <MD5>0b71357ef4ecab9276469a395dbfcbf5</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>d75fd5f5b40e914cb89e3ca5d2a15bdd8e99c86c09c24557217a535ceac083e3</SHA-256>
              <SHA-1>1aa81c6437a151879588141877add9a33b4fd091</SHA-1>
              <MD5>5cfe1e33e3fb3061c9b65e974d08e435</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-python</file_type>
            </value>
            <value>
              <SHA-256>e650244ff050dffadd9eb2b4462ec1f28bc2c9d6e090e05b2e8b0d9451712ff3</SHA-256>
              <SHA-1>a68a40d26ee2d64c6bc47f5b4ae8ed6508ec7ba4</SHA-1>
              <MD5>e061dc788fd6d81e08cec63f08ee882b</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>ea542f7ae71d7813d7b2700e578e6915b0acb09dd0629e7fef8b643c49bb0e07</SHA-256>
              <SHA-1>2157bcb2b1d8bdb229a98cd96ef1519a48f572ab</SHA-1>
              <MD5>1add0a6eb330118b0e7aa3262963a7e2</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-nsis-decompiled</file_type>
            </value>
            <value>
              <SHA-256>eb8b72129be05521dae59623bfee1d8b6a3dca28f16e851288fa4c3f591d834b</SHA-256>
              <SHA-1>d823044b9f38bfe97219c06538c5cb476260cd1b</SHA-1>
              <MD5>aef0acc135923bf6de32da23b1da21ba</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/x-python</file_type>
            </value>
          </files>
        </iocs>
        <name>chirp-next-20260626-installer.exe</name>
        <report_id>f38a812e-b11a-4fed-9809-34c10e7cd1f7</report_id>
        <tags>
          <value>peexe</value>
          <value>installer</value>
          <value>reconnaissance</value>
          <value>expired-cert</value>
          <value>nsis</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>anti-debug</value>
          <value>adaptive-context</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>cccc46a4833cade7dea6db896738862a769db2a97376a3ed629665e035d026e1</id>
    <title>Analysis Report for cccc46a4833cade7dea6db896738862a769db2a97376a3ed629665e035d026e1</title>
    <updated>2026-07-06T21:14:45Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ad50bc678ad76e5c936</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1ac12c562ae7c822eb71</flow_id>
        <hash>cccc46a4833cade7dea6db896738862a769db2a97376a3ed629665e035d026e1</hash>
        <iocs>
          <files>
            <value>
              <MD5>b7db84991f23a680df8e95af8946f9c9</MD5>
              <SHA-1>cac699787884fb993ced8d7dc47b7c522c7bc734</SHA-1>
              <SHA-256>539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>77742694e3a324cc94cca59a9264fb12</MD5>
              <SHA-1>da80b01fd42d3c340115ae1dbc1c20da4764d7e6</SHA-1>
              <SHA-256>61ff07c4434fe14d08598012ca171da578abd966edf07b9d5226b8de3b720d2d</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>98990838b79d489a725083edeb254e76</MD5>
              <SHA-1>8680fbe5f3306c0ebe0e51adc4b09f21fa07b3cd</SHA-1>
              <SHA-256>7d549cfbe55b781827ca4551b5e8415819b0ec910cc65d63e5b718c0fb5452ea</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>1d8bb59d7af4293434c7ddfab81500f3</MD5>
              <SHA-1>cddd804033701771c6bf3a1554ea2db511720672</SHA-1>
              <SHA-256>f7b9c886b4ae5718b7bef1a9102532d1dae3a22ae16cc9008e49d5e0c1e585f0</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>359592b917f2fe1baae314459516fb8d</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>ylhqeue2x95puqz9.exe</name>
        <report_id>d1e95eb3-0947-4766-8e2b-507270703613</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>obfuscated</value>
          <value>base64</value>
          <value>reconnaissance</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>cf10bba6a2da33d2d5b455bbf582f427c4e85b5fda86946cf81a3f48cd378c3a</id>
    <title>Analysis Report for cf10bba6a2da33d2d5b455bbf582f427c4e85b5fda86946cf81a3f48cd378c3a</title>
    <updated>2026-07-06T21:14:42Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ad00bc678ad76e5c934</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1ac09a9579027330a1f2</flow_id>
        <hash>cf10bba6a2da33d2d5b455bbf582f427c4e85b5fda86946cf81a3f48cd378c3a</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.microsoft.com/SMI/2</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>150.171.109.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>16ec11406456535d1de48d96513667e8</MD5>
              <SHA-1>a60ebbbcae868abd27fc96e22701fae48940e53c</SHA-1>
              <SHA-256>23202710be8c5fc9672495b0b62bebcf29a087cc7e07236f6bb155efb6e499ad</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>fd29301b5d8935606626f78b52b99694</MD5>
              <SHA-1>0767eeafe33c83161aec47ea2c28a30ba954fdc9</SHA-1>
              <SHA-256>3b904ab04cb29f4f2cf083c2b133a494ad05e6ef5c6a0243c31b51fc25e6941f</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>AsyncClient.exe</name>
        <report_id>8d77f1ff-073f-47fe-a85f-a24bd63a5285</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>asyncrat</value>
          <value>reg</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>base64</value>
          <value>reconnaissance</value>
          <value>lolbin</value>
          <value>schtasks</value>
          <value>obfuscated</value>
          <value>vbnet</value>
          <value>similar-threat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>9d755ff76f2ac505347162ef5fc51de91091d99495733c6a13e72ba46db93d32</id>
    <title>Analysis Report for 9d755ff76f2ac505347162ef5fc51de91091d99495733c6a13e72ba46db93d32</title>
    <updated>2026-07-06T21:14:39Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1ac8e094c2d958061505</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1abe3abf2760bd72da08</flow_id>
        <hash>9d755ff76f2ac505347162ef5fc51de91091d99495733c6a13e72ba46db93d32</hash>
        <iocs>
          <ips>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>95f8ef3838afab8e4985e486c46bcd66</MD5>
              <SHA-1>7a16c48f250a1b37040df853b14f8ab41a29b1da</SHA-1>
              <SHA-256>39c65aaddfd5ea8123439ababa1d811795a2739f02c1601fa37415a129bfb025</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>a19a2658ba69030c6ac9d11fd7d7e3c1</MD5>
              <SHA-1>879dcf690e5bf1941b27cf13c8bcf72f8356c650</SHA-1>
              <SHA-256>c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>50b83efa-a65f-4aa1-9f78-3e9f3b877be7</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>XWormClient.exe</name>
        <report_id>22be3666-dda7-4cd0-ac2c-d6346e7a9af5</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>xworm</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>base64</value>
          <value>reconnaissance</value>
          <value>vbnet</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>8bca596b5f6044d17d25e56bebe633a4215084451cc85876bed549524d8852cc</id>
    <title>Analysis Report for 8bca596b5f6044d17d25e56bebe633a4215084451cc85876bed549524d8852cc</title>
    <updated>2026-07-06T21:14:20Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1aba0bc678ad76e5c930</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1aa99016b0169a6233e3</flow_id>
        <hash>8bca596b5f6044d17d25e56bebe633a4215084451cc85876bed549524d8852cc</hash>
        <iocs>
          <files>
            <value>
              <MD5>16ec11406456535d1de48d96513667e8</MD5>
              <SHA-1>a60ebbbcae868abd27fc96e22701fae48940e53c</SHA-1>
              <SHA-256>23202710be8c5fc9672495b0b62bebcf29a087cc7e07236f6bb155efb6e499ad</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>f3d7095de1636559aa56ad81b25bbff9</MD5>
              <SHA-1>6a55e1445c1c915664fba385828c5a0078fe460d</SHA-1>
              <SHA-256>4ff1c75a93b2280dabe75acecade82d644388c9f4412565d846aeb396bfdc133</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>8bca596b5f6044d17d25e56bebe633a4215084451cc85876bed549524d8852cc.exe</name>
        <report_id>22fa5e31-f4b3-4bd9-9be1-540b11e9216c</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>asyncrat</value>
          <value>reg</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>base64</value>
          <value>reconnaissance</value>
          <value>lolbin</value>
          <value>schtasks</value>
          <value>obfuscated</value>
          <value>vbnet</value>
          <value>similar-threat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>5b2c800040225869d73567a767ca552595780d908f26a826e50e930059589113</id>
    <title>Analysis Report for 5b2c800040225869d73567a767ca552595780d908f26a826e50e930059589113</title>
    <updated>2026-07-06T21:14:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1aa474fb2f5922b6c832</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1a999016b0169a6233c9</flow_id>
        <hash>5b2c800040225869d73567a767ca552595780d908f26a826e50e930059589113</hash>
        <iocs/>
        <name>5b2c800040225869d73567a767ca552595780d908f26a826e50e930059589113.exe</name>
        <report_id>b87cdbcf-4676-4fbe-ac14-812239502bc6</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
          <value>remcos</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>9faa6239c25b177ffcdf852cdbf47e08311f02a07c35c1a634581a795d63517e</id>
    <title>Analysis Report for 9faa6239c25b177ffcdf852cdbf47e08311f02a07c35c1a634581a795d63517e</title>
    <updated>2026-07-06T21:13:23Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1aa774fb2f5922b6c834</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c1a70def7044af0b84ed2</flow_id>
        <hash>9faa6239c25b177ffcdf852cdbf47e08311f02a07c35c1a634581a795d63517e</hash>
        <iocs>
          <urls>
            <value>
              <url>http://www.gnu.org/licenses/gpl-2.0.html</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>gnu.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>209.51.188.116</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>16ea841a96c7ad1f5f70ecf0fe111e6e2c7864aa7e1a79357dc278d73e6c9b03</SHA-256>
              <SHA-1>5267d2b40c425913f3d2f1c5b58331d3bd16aee4</SHA-1>
              <MD5>2c2197ea4b906e8e97f2280a5f2eca2b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>246c51631ce14d6dcf8826235a3838d9aeb5378b746dc21b654a3a67eb85a37b</SHA-256>
              <SHA-1>1b61c86260c8ffcb2fc262c55f8e96236c0c827b</SHA-1>
              <MD5>7e4fef62ce4e36b05dbdaf03817efc10</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>24bcbf4465caac671760f3c1475bea90307d9eaa54ff28620009618d4147c863</SHA-256>
              <SHA-1>a83bd8ab9295efa4cae5cb37c9b577cedd82123d</SHA-1>
              <MD5>56d025f9e4453017570a5be602c82773</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>33ffac48a54aa1e8e144195330f6cb3f13425dd325a9d7e332c657644ebf2cb4</SHA-256>
              <SHA-1>ce78b06d32465c9c7e36de64580dc14a01f91ad2</SHA-1>
              <MD5>2ee26ae9fb57ff8fbb005559a6234faf</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>4da5b073ccac6882917b8ce87510e6f8951cba066ca21e949431221ac1dbf88c</SHA-256>
              <SHA-1>d3df99abfe57fe13ef73ea25662a838f3c4ba955</SHA-1>
              <MD5>276808b8e290a3ace2378072a46901bb</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>51c238e42d120849e36f456498cf7bf3db57e2a9917613b037f1c6835a1ba251</SHA-256>
              <SHA-1>c637bfae2bc2caa77dd78828ba0e3302e0980c67</SHA-1>
              <MD5>12a773620dc2e13ae97d92be0f884957</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>6267b908b8286834e3340bfe953d65d562e8d5aaad994c8d5cc00048a840e828</SHA-256>
              <SHA-1>316028beedebdff3d9b704815d0b8f9ebda6103b</SHA-1>
              <MD5>c215c1108d9a2eb8cf7d2130b0dd6016</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>6752958a419d2b0092540dff6fe39089a1356b8ec748e3e5a252e5c1172599f5</SHA-256>
              <SHA-1>45a8977c3812aea2f3c18b2a992384101e5a3db6</SHA-1>
              <MD5>acece4caaa134675dab2c26674a686cc</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>6d9f78712830fa60b446399b3a26b0c127066f91cbc035253f9d6d7bcb868793</SHA-256>
              <SHA-1>618fe9e96930ea8205d9cd016125d081998abd6c</SHA-1>
              <MD5>d4ae3505afa1218ce152acf07f2305d9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>82a2850c523d0e8349db8ea94ed83018fbcb567aaa99ed8dc845f73471b3a937</SHA-256>
              <SHA-1>215789b29e2beae3bfd079c3faee6beed00ecbea</SHA-1>
              <MD5>164440b769c43c726a993a9a328030ad</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>85d43f7a432528053664fd465b3e516f36ae55176b033dd02e0c158f0c109a9c</SHA-256>
              <SHA-1>96710288717c8cb5ebae49536a01115fd2a145e3</SHA-1>
              <MD5>49f0ccddf429bcded7403ff4a882416e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>8995a91c3f0c6fac41de7fd8893d11d9deb08f776eaf1064f97e3647c468c528</SHA-256>
              <SHA-1>72391acb1537e07b21700f66b17e7a1ca63219ac</SHA-1>
              <MD5>04d71e60c6f228c249346f75a57b1338</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>8bc9f01e18816f5d7be610d748e5b7910838ed2f8753efe8c30c1fedc08922bf</SHA-256>
              <SHA-1>a6b455b6b681a83e76cf18a864b4700e8818fc9f</SHA-1>
              <MD5>d3ede888f6851d91813dc4b92ac91c3d</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>8f86b44eeac25fc09425d058dbe8c569dbf70157b4e187fbc1d726865d19f14b</SHA-256>
              <SHA-1>e40bd89c8da3d3431f5cf260fc42f526ca912adb</SHA-1>
              <MD5>f9f0192fa5140d269f83e06045ca2d26</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>91ee8d8ca4a5e252655bf2840370577e87aea3cc9956feee3a28315146e9b518</SHA-256>
              <SHA-1>224a927f0718708d7687abeda29c69451ff8e0d7</SHA-1>
              <MD5>c944b5821186538104c1e67021aabc07</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>a8ef935b06469a174de21e117e83ebd70f52795decb8cb3e66094882353a8a4c</SHA-256>
              <SHA-1>dd8cf26eacdb68e14561651f92525a887113be37</SHA-1>
              <MD5>7809f4962ce8c21e6f944fdd7d1c5ac2</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>b02b34a07630809a5a5e4c5017a6e1707bbd6bb812fd61946f223671771b12cc</SHA-256>
              <SHA-1>dfcf05b6f723ea9434d5f8895e3c5b28419457c6</SHA-1>
              <MD5>882a7600f4bcc6cd52f337926ab18021</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>b56cffb15a12e5b78ac77cfcfe29b669dbf4bf1449e18c4a0d96e0e57a260289</SHA-256>
              <SHA-1>c49e1fa8fdac232ef45ed6c3d36bc14a49424d99</SHA-1>
              <MD5>589956abd9d49d7ef32eb6c80cef612b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>cb65763e331471c50a4f228d2cf823a93130d1bf9cf0bad9000b262597d2b01c</SHA-256>
              <SHA-1>dc36629d09e16edbf202912a7b9b432cbe1ace7a</SHA-1>
              <MD5>2d78f429d7d55d628687abbc0fd89343</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>e919c6ec380434399e19c346b0543ac07fd66f212dd612ef90119e4f7be57ce3</SHA-256>
              <SHA-1>eeb552dec4cc407ab3f4fe200f4d081f35b4c1b5</SHA-1>
              <MD5>6f4064d022b7fc63384d0b755dec67e8</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>07beee121a4adddac8ea7be8552e0e325d43fd618eb46051a7dd1013c31fe77f</SHA-256>
              <SHA-1>90e0ddd0bed55be083cc6f55b391f83ef571fb4d</SHA-1>
              <MD5>ff4b71a7bcab735b933f229afe8497d5</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>x29af278:$btc: 1httpAuthenticationRequire</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x29af300:$btc: 1proxyAuthenticationRequire</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x2b81086:$btc: 333333339388777558577567c</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x3132fc0:$btc: 31QAbstractEventDispatcherPrivat</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x3133040:$btc: 31QGraphicsSceneHoverEventPrivat</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x3133080:$btc: 31QGraphicsSceneMouseEventPrivat</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x3133200:$btc: 31QWindowsDirectWriteFontDatabas</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x3133340:$btc: 32QGraphicsDropShadowEffectPrivat</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x31333c0:$btc: 32QGraphicsSceneResizeEventPrivat</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>mkvtoolnix-gui.exe</name>
        <report_id>63e21ef2-6fcd-40e3-aa2e-6feac49689f5</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>xml</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>signed</value>
          <value>anti-vm</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>keylogger</value>
          <value>packed</value>
          <value>reconnaissance</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>91f3d96288471261dcb03631222d36dd52f6741a6d5f627aa8c80b030bca4228</id>
    <title>Analysis Report for 91f3d96288471261dcb03631222d36dd52f6741a6d5f627aa8c80b030bca4228</title>
    <updated>2026-07-06T21:12:40Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1a4f74fb2f5922b6c820</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1a45def7044af0b84ec9</flow_id>
        <hash>91f3d96288471261dcb03631222d36dd52f6741a6d5f627aa8c80b030bca4228</hash>
        <iocs/>
        <name>91f3d96288471261dcb03631222d36dd52f6741a6d5f627aa8c80b030bca4228.exe</name>
        <report_id>ec7ed423-88de-4c9c-9b9f-a720c27aa9f9</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>dac4371fe5f10d20579a667a03076bcb3661ab46cda533fe2f73a36d4b21237f</id>
    <title>Analysis Report for dac4371fe5f10d20579a667a03076bcb3661ab46cda533fe2f73a36d4b21237f</title>
    <updated>2026-07-06T21:11:51Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1a6474fb2f5922b6c824</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c1a15def7044af0b84eba</flow_id>
        <hash>dac4371fe5f10d20579a667a03076bcb3661ab46cda533fe2f73a36d4b21237f</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.hudsonrock.com/</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn.livechatinc.com/tracking.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://ddwl4m2hdecbv.cloudfront.net/b/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://runads.ai/pixel/runads-pixel.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://snap.licdn.com/li.lms-analytics/insight.min.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://twitter.com/realhudsonrock</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.hudsonrock.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.hudsonrock.com/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.hudsonrock.com/contact</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.hudsonrock.com/images/featured_image.jpg</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.hudsonrock.com/images/yellowIconLogo.png</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.linkedin.com/company/hudson-rock</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.livechat.com/?welcome</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.livechat.com/chat-with/19425394/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.redditstatic.com/ads/pixel.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>assets.apollo.io</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cdn.livechatinc.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cookie-cdn.cookiepro.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>ddwl4m2hdecbv.cloudfront.net</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>runads.ai</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>snap.licdn.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>twitter.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.hudsonrock.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.livechat.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.redditstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>146.75.121.140</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>216.150.1.1</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.250.154.139</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.26.4.165</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.50.131.153</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.41.41</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>2.21.65.26</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.55.161.136</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.36.90</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.0.227</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>18.66.92.195</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.140.73</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>220bcb1ca2a00dad8195df3f900f82cab60fa423364e9d9aff31559947bf15ce</SHA-256>
              <SHA-1>8d52cf5d7815d3679d1cd8f326471edfe9fd9f34</SHA-1>
              <MD5>4ddcdb6a2d207dd0277856f0549bcf60</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>2ae486c24d5abb3c37e7eb86d74efc40c841145e30aef88bda066f5e45f54f1e</SHA-256>
              <SHA-1>f393c1669c6380363c02fea69b908d4d5c946cad</SHA-1>
              <MD5>a68a343db4eb0405c7ee7662ea631312</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e8f2ded5d74c0ee5f427a20b6715e65bc79ed5c4fc67fb00d89005515c8efe63</SHA-256>
              <SHA-1>ae56ea57c52d1153cec33cef91cf935d2d3af14d</SHA-1>
              <MD5>fbe36eb2eecf1b90451a3a72701e49d2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>6e4bf499e3944703b0dc40d04caa5150aae1b415087d001831e986ba79518b0f</SHA-256>
              <SHA-1>68044bb943970d6f33f1be57a2919bbec1574ea9</SHA-1>
              <MD5>509463cc4d2a2ea4b953ccf294f82043</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>6e187798f38903d98819498dfa7d58da47db4e8fcfd5f76bb27e6abe90bda262</SHA-256>
              <SHA-1>b20b6591c42450b6ec1c3045502859a3992c496d</SHA-1>
              <MD5>15108fe3d8905b55a6aaefd55068b009</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b783936589742dba1b9aa8ba70313266e7734a39dfaab2d8fe1902fc53bfc438</SHA-256>
              <SHA-1>2bc600333aae188dc32ce204d1abf28c1b5d685f</SHA-1>
              <MD5>f323a92e08e6fd4c26005503ae936a75</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <SHA-256>e39c1e1a3d9176830821ef63856b3150d4b8ced964fb3b2098c602c097d65b99</SHA-256>
              <SHA-1>4a6964acaf74ca56ec0c37fb4ee660496dea71ce</SHA-1>
              <MD5>787ef9a59a34392f4f0ff8c21d0a6000</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>d392e5b1841b02705ece4eb51646cd327813216667f50022447ea63e5172c4ca</SHA-256>
              <SHA-1>e2518a0709fdbbf5d7922184b656e2959ce3f647</SHA-1>
              <MD5>68d01c62a6d4d6bbb9ed376de1ff8a23</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>851c7702-ee62-45db-bae0-4f372264fc28</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxps://www.hudsonrock.com/</name>
        <report_id>d8afe08a-00e6-47ce-a0f5-324b46e82f3b</report_id>
        <tags>
          <value>html</value>
          <value>xml</value>
          <value>javascript</value>
          <value>anti-vm</value>
          <value>base64</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>4d475694522ddf156f60e4dfcc872ef56b0bfbb3a35b36ffb1b607825cda5c8e</id>
    <title>Analysis Report for 4d475694522ddf156f60e4dfcc872ef56b0bfbb3a35b36ffb1b607825cda5c8e</title>
    <updated>2026-07-06T21:11:09Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1a0474fb2f5922b6c810</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c19ea3abf2760bd72d92c</flow_id>
        <hash>4d475694522ddf156f60e4dfcc872ef56b0bfbb3a35b36ffb1b607825cda5c8e</hash>
        <iocs>
          <urls>
            <value>
              <url>file:///tmp/tmpy23ettgu.html</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <files>
            <value>
              <SHA-256>036b340f3803345918eb80a3e27c9c4f467d5f1121a861145440c9d9141637cc</SHA-256>
              <SHA-1>1e52bbf14ef52d14d1dde556938db79c4cb5fd07</SHA-1>
              <MD5>1382acb70abc71f7e3b51e0512b67b7c</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/html</file_type>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>9cb323cf-e186-46ee-9ddd-25b2c29258d4</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3a570facb094c26fc0a1d50d0908548c6b83b39006f375022b0f52affc7d8fcf</id>
    <title>Analysis Report for 3a570facb094c26fc0a1d50d0908548c6b83b39006f375022b0f52affc7d8fcf</title>
    <updated>2026-07-06T21:09:14Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c19a574fb2f5922b6c7fe</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c19779016b0169a62320d</flow_id>
        <hash>3a570facb094c26fc0a1d50d0908548c6b83b39006f375022b0f52affc7d8fcf</hash>
        <iocs>
          <urls>
            <value>
              <url>https://fluxplaya.com</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://api.bonanzasocial.com/homePageBackground?Type=Mobile</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://api.livechatinc.com/global-mapper/lc_license_id/19774687/region?jsonp=__lc_region</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://api.livechatinc.com/v3.6/customer/action/get_configuration</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://api.livechatinc.com/v3.6/customer/action/get_configuration?organization_id=f5869efa-6700-46b6-9cbf-2fe7801770d1&amp;version=39.0.1.32.1.11.1.1.1.5.1.2.2&amp;x-region=us-south1&amp;group_id=1&amp;jsonp=__lc_static_config</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?x-region=us-south1&amp;license_id=19774687&amp;client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&amp;url=https%3A%2F%2Ffluxplaya.com%2F&amp;group_id=1&amp;channel_type=code&amp;implementation_type=%40livechat%2Fwidget-core&amp;jsonp=__ksv0y0ct4fo</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.livechatinc.com/tracking.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://connect.facebook.net/en_US/fbevents.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://connect.facebook.net/signals/config/931687892602344</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://connect.facebook.net/signals/config/931687892602344?v=2.9.349&amp;r=stable&amp;domain=fluxplaya.com&amp;hme=f29d86973612db0f0627890a64bdc8c47b471189050b33f2680b7d76997afc9a&amp;ex_m=107%2C208%2C158%2C22%2C73%2C74%2C149%2C69%2C68%2C11%2C167%2C93%2C16%2C141%2C130%2C39%2C76%2C81%2C137%2C163%2C169%2C8%2C4%2C5%2C7%2C6%2C3%2C94%2C104%2C170%2C175%2C222%2C30%2C75%2C234%2C233%2C232%2C23%2C33%2C55%2C106%2C61%2C10%2C64%2C100%2C101%2C102%2C108%2C133%2C31%2C29%2C135%2C136%2C132%2C131%2C159%2C77%2C162%2C160%2C161%2C50%2C60%2C126%2C15%2C166%2C45%2C279%2C280%2C278%2C26%2C27%2C28%2C48%2C150%2C78%2C115%2C18%2C20%2C44%2C40%2C42%2C41%2C86%2C95%2C99%2C113%2C148%2C151%2C46%2C114%2C24%2C21%2C122%2C70%2C36%2C153%2C152%2C154%2C145%2C143%2C25%2C35%2C59%2C112%2C165%2C71%2C17%2C156%2C117%2C84%2C67%2C19%2C88%2C89%2C119%2C87%2C139%2C138%2C142%2C164%2C34%2C293%2C309%2C215%2C204%2C62%2C205%2C203%2C312%2C303%2C52%2C216%2C110%2C134%2C83%2C124%2C54%2C47%2C49%2C116%2C123%2C129%2C128%2C58%2C65%2C63%2C155%2C79%2C80%2C118%2C37%2C32%2C53%2C56%2C103%2C168%2C1%2C127%2C14%2C125%2C12%2C2%2C57%2C96%2C66%2C121%2C92%2C91%2C171%2C172%2C97%2C98%2C9%2C105%2C51%2C146%2C90%2C82%2C72%2C120%2C109%2C43%2C147%2C0%2C85%2C140%2C144%2C157%2C38%2C111%2C13%2C173</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d1ogq0nh9d1jss.cloudfront.net/sdk/latest.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d312ucx3huj7iy.cloudfront.net/s.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://firebase.googleapis.com/v1alpha/projects/-/apps/1:998373097250:web:883bf590f49343837bef7b/webConfig</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://firebaseinstallations.googleapis.com/v1/projects/bonanza-social/installations</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/4676.13e7a8937631d6310ca6.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/4676.3a0651b950f838f15c59.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/8383.64c6ef0ee3cc7e946411.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/2000Games.d83cbb7bcda689a3f970.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/Inter-Medium.6dcbc9bed1ec438907ee.ttf</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/Inter-Regular.e89cb19905e7db5591b0.ttf</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/Inter-SemiBold.4d56bb21f2399db8ad48.ttf</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/coinsDiamondsPile.fb0ba5b7567b71371185.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/dailyFreebies.60ad446219f4f9b6fa85.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/desertBg.ffd2009dc52d1b951e9b.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/feature-buy-1.3886b2dc9c49d55fd055.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/feature-buy-2.20564b69acd821bccb8e.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/feature-buy-3.909f5c53d702187681dd.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/feature-buy-4.80ac8b0cec2fdb088f39.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/feature-buy-5.2ebd688a1b281bcab776.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/feature-buy-6.359f507e60038a378135.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/feature-buy-7.348a33e66d9fc165ab21.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/feature-buy-8.e9461fea4eadeba65b19.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/landing-page-large.7fd23aa6ea52a12507c4.mp4</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/loyaltyRewards.c67c81d750f6b7b9e44c.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/mp-game-1.ef408f8e3e7a3594cab5.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/mp-game-2.8ae96df92d327642b970.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/mp-game-3.acc5b988f6d66ca46bb9.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/mp-game-4.ce1203e535f06158ac7f.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/mp-game-5.c96a092d3582c6fea398.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/mp-game-6.489590d8732386bff013.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/mp-game-7.03b1245becedcdff8520.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/mp-game-8.426160cc1ac9ceed4078.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/p-jp-1.aa3a26c33164e1988013.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/p-jp-2.d322d866bf57cd167282.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/p-jp-3.6b5de8172ce4682b091d.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/p-jp-4.cc3936b5a10ddc67cb3c.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/p-jp-5.b2514849e512d73d1392.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/p-jp-6.ddb3f3a52ad27a7d0878.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/p-jp-7.e8f3cc51a6dbc9254e04.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/p-jp-8.944ce564432b4393fd48.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/slot-cta.a0f5691f8b57e1c2e368.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/stars.2d3da1bba3587fabfb7f.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/stickyBannerDesktop.9af92e4bd724bd6ef340.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/assets/whyBonanza.3d123d4c4f19cf6bfa30.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/favicon/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/styles.1f4a973113c210ce173c.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/styles.59ecde64c62ed16c1595.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.available-typed-arrays.97507b3b7d71aa881f76.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.babel-polyfill.2222ddbddf7e5a1eb711.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.babel.2a0bd34bdce40a983a66.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.base-64.6e9af12b1969894c78b7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.base64-js.f82de4294666fd8ea2fc.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.buffer.4e3172b6c816f2b76926.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.call-bind-apply-helpers.fc393d59e68e79880655.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.call-bind.2f17944eacd5e7e8b1e0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.call-bound.f8e5d2911e5a0f865528.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.camelize.fa7e7be6068b80d34925.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.character-entities-html4.1a6ae952ead9fb736482.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.character-entities-legacy.f8585886c8c03b5100a2.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.color-convert.2e6e84237e34e0ae80fb.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.color-name.0e0d3cdec67e7a59a771.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.color-string.4add05658d4bbf226083.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.color.08f8d5e87cf34809d400.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.core-js.8c0a33db805af0849b03.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.css-color-keywords.2b313bf8aef7e002657c.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.css-in-js-utils.60c0f3c1d38884115463.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.css-to-react-native.a1b8ba069ec9c12418d8.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.dayjs.15b85e8ec36b69dd045d.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.decode-uri-component.e3a5ffa6acdb071087f5.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.define-data-property.01463f43857a6a9eec88.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.dom-serializer.956aea75a366d8a400bc.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.domelementtype.722ee69352abea8085ab.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.domhandler.5b60b7caffd18bd26afa.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.domutils.8def07d73c21ae44c98e.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.dunder-proto.d4423504f661601a4cfd.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.egjs.5c8e42e1e5fd5942bf09.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.embla-carousel-autoplay.a471001f58825e2c201d.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.embla-carousel-react.dbbd1ccde33cbf0c2c5c.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.embla-carousel-reactive-utils.dfa32b3fd5000ce528e2.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.embla-carousel.a0f1c4261e808ee99bf3.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.entities.b4df3d5a7de215d35a23.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.es-define-property.bd9d67494a6e3f548208.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.es-errors.332dbb8807a55041fd69.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.es-object-atoms.49f644712cb170a8148c.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.escape-string-regexp.95ece0d0270285e87f50.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.expo-asset.521eb5421d9b9d458f20.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.expo-av.78f754973aed827d89fb.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.expo-image.26936c4e4222d2b429ef.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.expo-modules-core.0af4db562c03aab63e54.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.fast-deep-equal.5c79d4a389ced52a9f60.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.fbjs.4c03bc61213fa2d8de2b.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.filter-obj.15e1996e2fe26e73a892.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.firebase.d4e9aab6667bbcaa1bd4.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.for-each.b6e3d972c799cc31a3bb.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.function-bind.6dacc044044c93c06651.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.get-intrinsic.8421d3e48725ec7393de.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.get-proto.c770da95bd7775be2315.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.gopd.8d884d017e24ab7445d2.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.gorhom.40092cb8fca435e4c137.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.has-property-descriptors.b52450acf5d2491fda54.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.has-symbols.7416ec6f4ac1d7b31e6c.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.has-tostringtag.189912f91a57ee6d9646.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.hasown.627d9a1324a56b72788d.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.he.9b7cbecae62533c4025e.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.hoist-non-react-statics.a70419b0e52b03ee618d.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.html-parse-stringify.99554e0da76dbac41366.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.htmlparser2.1932cf29d498d0695ccb.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.hyphenate-style-name.9cf5396fe9cfb7b6db56.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.i18next.6e9a9bda307370563361.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.idb.6262a5e814faad596d5f.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.ieee754.7e008f2ec20897790c4b.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.immer.44dde21470a9d11ce2b7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.inherits.8e702bbf434ba44f82ab.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.inline-style-prefixer.b8364109232daefd604a.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.invariant.e7dadb5139107f83a9b1.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.is-arrayish.4798e8b9faa68b47b0c9.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.is-callable.58890bd6773d5aa167f8.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.is-typed-array.6624c3f54eef38f67b73.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.isarray.0ed99cb0a5643dbc8274.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.js-sha256.ee829af95974440f41a6.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.jsamr.ade7c0e34d982a187d27.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.jwt-decode.57a6e7001230cba995c9.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.libphonenumber-js.a82bedfdd03f47f8d721.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.livechat.4fa8403e4ea97b9054d2.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.lodash-es.e8da75fab4c98fce42e0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.lottie-web.cf6eb1b063c52c052f13.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.math-intrinsics.4ebbef097369dfba7d50.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.microsoft.e3db7b855c0d749a4790.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.mini-css-extract-plugin.ec26d7d3b3e7f9c34fbe.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.mitt.df2e6c3ac856d96d8f62.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.nanoid.7fce53334c428dc4e952.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.native-html.98bdc9beeb7ee410474a.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.nullthrows.9043c83798cd687a80cf.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.object-inspect.993a09113f16b8ad5132.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.possible-typed-array-names.7b64d7b2d23f3d5a364f.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.postcss-value-parser.3b580715e2041ca6f580.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.prop-types.272088623973fca20194.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.qs.8b387ec9f9bf6064cfaa.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.query-string.e7c465c7a8b4456bff01.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.ramda.96549353368cf13b297b.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-dom.d0bd2e3b970e0ee11643.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-google-recaptcha-v3.0349b77dc1576363bbb3.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-gtm-module.69fb086ae9e63da8ad41.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-i18next.c551d3d25dadc2d555b4.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-biometrics.339a1d0024186ef6607b.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-clipboard.fa7b87794cec88a6e570.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-device-info.197b546b67d574c14562.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-gesture-handler.d4614eae06d1acf4a312.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-iphone-x-helper.a876c95359e6f89349b2.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-is-edge-to-edge.668d5ef84f5fae9d8400.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-mmkv.ec8adfe80e0708857e09.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-orientation-locker.a70ac5c8ce65f78c28c6.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-pkce-challenge.a94f0698de1b6a245cef.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-reanimated.26ee922bad75456aae2a.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-render-html.6fba573c7c449917ce75.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-safe-area-context.a95ea2f6a84a070a96be.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-svg.0e8912eb5ff420744e68.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-tab-view.52c372b9bd2e9731f89d.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-toast-message.39b9d8bd6713cc443941.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-web-linear-gradient.c96771644f81620bc9be.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-web-webview.9fa05af7b83f8cca6771.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-web.8aadd1298cbb0d039e8f.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native-worklets.81dce9dd74ddf204bc10.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-native.7b49a4364700896de482.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-navigation.34707b442b6c6a73a3c3.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-redux.6ba21c460ad22a993d32.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react-router.0809c583b4d8fd6ff5dd.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.react.5226dc4ca03e7e2200ac.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.redux-persist.9dd2a9d2cf1b4a060457.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.redux-thunk.97e719addb8adb2423db.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.redux.06d2da69d5f6ec24a148.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.reduxjs.8cbe3b975de2fbff47c1.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.regenerator-runtime.c8d4d6fbc89f30cc5d90.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.reselect.ee3aaf73424d2ff166d4.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.safe-buffer.434431d41f4433c86b34.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.scheduler.f30c81bb29ecd31b1dbb.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.sentry.8afd39e1bd0b3b2456c0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.set-function-length.7f7f0c52aef46ac99fb8.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.sha.js.c98756f370d256c49b28.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.side-channel-list.95538adebde2da015f17.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.side-channel-map.6fccaf7663c9bc0bb1ea.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.side-channel-weakmap.7b982c95e5b240974eb9.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.side-channel.f2964e312a2bf1aefb0d.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.simple-swizzle.caadc831f920f20eaf3a.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.split-on-first.5d59b9e26bf53130868f.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.strict-uri-encode.0b6bc37e4839afd07ea1.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.stringify-entities.78db3a8c77529505fbc7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.styleq.5445f251f319aa207541.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.to-buffer.73a25c491b5af6de45aa.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.typed-array-buffer.cf68a406bc060670ee8c.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.urijs.279cae406ed04335115c.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.use-latest-callback.ceb851b0257532f0b7e0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.use-sync-external-store.a525e066cfe500466a05.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.uuid.f2c6875e07515bb94719.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.void-elements.2fc44f55a10f0e4b69dc.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.which-typed-array.fd8da2b7a54ccdaafd89.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.xtend.896a94057c9d859e040b.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/vendor.zod.1e785d662bcaea578c5a.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/web.0d9de9feab1aff17278e.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fluxplaya.com/web.51065977749bbf2358b9.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Outfit:wght@400;500;600;700&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/outfit/v15/QGYvz_MVcBeNP4NJtEtq.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://images.bonanzasocial.com/GMS%2FPragmaticPlay%2FQueen%20of%20Gods%2Fqueen%20of%20gods%20square.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://images.bonanzasocial.com/GMS%2FPragmaticPlay%2FWisdom%20of%20Athena%201000%2FWisdom%20of%20Athena%201000%20square.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://images.bonanzasocial.com/Landing%20page%2FGMS_PragmaticPlay_5%20Lions%20Megaways_5%20lions%20megaways%20square.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://images.bonanzasocial.com/Landing%20page%2FGMS_PragmaticPlay_Argonauts_Argonauts_Square.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://images.bonanzasocial.com/Landing%20page%2FGMS_PragmaticPlay_Big%20Bass%20-%20Hold%20and%20Spinner_square2.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://images.bonanzasocial.com/Landing%20page%2FGMS_PragmaticPlay_Big%20Bass%20Bonanza_square2.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://images.bonanzasocial.com/Landing%20page%2FGMS_PragmaticPlay_Waves%20of%20Poseidon_Waves%20of%20Poseidon_Square.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://images.bonanzasocial.com/Landing%20page%2FGMS_PragmaticPlay_Zeus%20vs%20Hades%20-%20Gods%20of%20War_Zeus%20vs%20Hades%20-%20Gods%20of%20War%20square.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://images.bonanzasocial.com/Landing%20page%2FGMS_PragmaticPlay_madame%20destiny%20megaways_madame%20destiny%20megaways%20%20suqare.webp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://mpc-prod-24-s6uit34pua-uw.a.run.app/events?cee=no</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect?v=2&amp;tid=G-ZHKBKY9VZL&amp;gtm=45je6710h1v9239916727za200zd9239916727&amp;_p=1783372162643&amp;_gaz=1&amp;gcd=13l3l3l2l1l1&amp;npa=1&amp;dma_cps=a&amp;dma=1&amp;_eu=AAAAAGAC&amp;_fid=fpkBnSCBqnKfiqBEE1xcrC&amp;are=1&amp;cid=2086233575.1783372163&amp;frm=0&amp;pscdl=noapi&amp;rcb=7&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;gaf=2&amp;_s=1&amp;tag_exp=115938465~115938468~119027224~119576881~119576885~119576891~119576895&amp;sid=1783372163&amp;sct=1&amp;seg=0&amp;dl=https%3A%2F%2Ffluxplaya.com%2F&amp;dt=Bonanza%20-%20The%20Ultimate%20Social%20Casino%20for%20Slot%20Game%20Enthusiasts&amp;en=page_view&amp;_fv=1&amp;_nsi=1&amp;_ss=1&amp;_ee=1&amp;ep.origin=firebase&amp;tfd=3229</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://stats.g.doubleclick.net/g/collect?v=2&amp;tid=G-ZHKBKY9VZL&amp;cid=2086233575.1783372163&amp;gtm=45je6710h1v9239916727za200zd9239916727&amp;rcb=7&amp;aip=1&amp;dma=1&amp;dma_cps=a&amp;gcd=13l3l3l2l1l1&amp;npa=1&amp;frm=0&amp;tag_exp=115938465~115938468~119027224~119576881~119576885~119576891~119576895</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://us-east-1.beacons.videntrix.com/netfp?cb=0.06647734850136733</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://us-east-1.beacons.videntrix.com/netfp?cb=0.6916808524845852</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://us-east-1.beacons.videntrix.com/ping?cb=0.17813055939861944</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://us-east-1.beacons.videntrix.com/ping?cb=0.3215079149255051</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://us-east-1.beacons.videntrix.com/ping?cb=0.5649392826106207</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://us-east-1.beacons.videntrix.com/ping?cb=0.6011623462900547</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/tr/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/tr/?id=931687892602344&amp;ev=PageView&amp;dl=https%3A%2F%2Ffluxplaya.com%2F&amp;rl=&amp;if=false&amp;ts=1783372163680&amp;iw=false&amp;sw=800&amp;sh=600&amp;v=2.9.349&amp;r=stable&amp;ec=0&amp;o=4126&amp;aems=0%3B0&amp;fbp=fb.1.1783372163671.742037004241453154&amp;eid=ob3_plugin-set_731b32d9e1ff5ced067135d68288680f9bdbeea5ae87abe3b108bfb6524737fa&amp;ler=empty&amp;cdl=API_unavailable&amp;pmd[title]=Bonanza%20-%20The%20Ultimate%20Social%20Casino%20for%20Slot%20Game%20Enthusiasts&amp;pmd[locale]=en&amp;pmd[description]=Welcome%20to%20Bonanza%20%E2%80%93%20the%20top%20choice%20for%20slot%20game%20enthusiasts%20and%20online%20casino%20fans.%20Dive%20into%20a%20world%20of%20thrilling%20slot%20games%2C%20table%20games%2C%20and%20more%2C%20all%20designed%20for%20an%20unforgettable%20gaming%20experience.%20Join%20Bonanza%20today%20and%20enjoy%20nonstop%20excitement!&amp;plt=2432.5&amp;iss=1&amp;imft=1&amp;tz=0&amp;it=1783372162870&amp;coo=false&amp;cf=1&amp;expv2[0]=pl0&amp;expv2[1]=el3&amp;expv2[2]=bc1&amp;expv2[3]=ra2&amp;expv2[4]=rp2&amp;expv2[5]=ct2&amp;expv2[6]=hf0&amp;rqm=GET</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.google.de/ads/ga-audiences?v=1&amp;t=sr&amp;slf_rd=1&amp;_r=4&amp;tid=G-ZHKBKY9VZL&amp;cid=2086233575.1783372163&amp;gtm=45je6710h1v9239916727za200zd9239916727&amp;rcb=7&amp;aip=1&amp;dma=1&amp;dma_cps=a&amp;gcd=13l3l3l2l1l1&amp;npa=1&amp;frm=0&amp;tag_exp=115938465~115938468~119027224~119576881~119576885~119576891~119576895&amp;z=168730269</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?l=dataLayer&amp;id=G-ZHKBKY9VZL</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>1.11.1.1</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>1.5.1.2</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>39.0.1.32</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>fluxplaya.com</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://fluxplaya.com/&amp;dt=Bonanza</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://fluxplaya.com/&amp;group_id=1&amp;channel_type=code&amp;implementation_type=@livechat/widget-core&amp;jsonp=__ksv0y0ct4fo</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://fluxplaya.com/&amp;rl=&amp;if=false&amp;ts=1783372163680&amp;iw=false&amp;sw=800&amp;sh=600&amp;v=2.9.349&amp;r=stable&amp;ec=0&amp;o=4126&amp;aems=0;0&amp;fbp=fb.1.1783372163671.742037004241453154&amp;eid=ob3_plugin-set_731b32d9e1ff5ced067135d68288680f9bdbeea5ae87abe3b108bfb6524737fa&amp;ler=empty&amp;cdl=API_unavailable&amp;pmd</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>api.bonanzasocial.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>api.livechatinc.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.livechatinc.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>connect.facebook.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>d1ogq0nh9d1jss.cloudfront.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>d312ucx3huj7iy.cloudfront.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>firebase.googleapis.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>firebaseinstallations.googleapis.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fluxplaya.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>images.bonanzasocial.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mpc-prod-24-s6uit34pua-uw.a.run.app</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>region1.analytics.google.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>stats.g.doubleclick.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>us-east-1.beacons.videntrix.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>192.178.183.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.21.81.182</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>108.138.2.203</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.155</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.14.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>157.240.253.35</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>163.70.128.23</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>192.178.183.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.32.223</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.34.36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>23.36.162.17</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>3.232.180.219</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>34.143.78.2</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>44.197.50.58</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>54.192.35.18</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>95.101.111.156</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>99.84.152.80</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.94</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>hxxps://fluxplaya.com</name>
        <report_id>b6c07507-2e27-4106-9aca-e02276e4f306</report_id>
        <tags>
          <value>html</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>28eb2af53df163fd25b7ea861ad8c348fe41703f48210839fb5b680ddd673a40</id>
    <title>Analysis Report for 28eb2af53df163fd25b7ea861ad8c348fe41703f48210839fb5b680ddd673a40</title>
    <updated>2026-07-06T21:08:35Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c197674fb2f5922b6c7f5</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c19529016b0169a6231c6</flow_id>
        <hash>28eb2af53df163fd25b7ea861ad8c348fe41703f48210839fb5b680ddd673a40</hash>
        <iocs>
          <urls>
            <value>
              <url>http://127.0.0.1:21</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
        </iocs>
        <name>attempt6.js</name>
        <report_id>25687b4c-93ab-4913-8a23-695ec4ddc00c</report_id>
        <tags>
          <value>javascript</value>
          <value>evasive</value>
          <value>repaired</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>6aa5808dc60e5e8d54753c01eccbc5d9f45517158fc272f1f238f010d70c0ad6</id>
    <title>Analysis Report for 6aa5808dc60e5e8d54753c01eccbc5d9f45517158fc272f1f238f010d70c0ad6</title>
    <updated>2026-07-06T21:07:25Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c191c0bc678ad76e5c8e6</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c190c9016b0169a623132</flow_id>
        <hash>6aa5808dc60e5e8d54753c01eccbc5d9f45517158fc272f1f238f010d70c0ad6</hash>
        <iocs>
          <urls>
            <value>
              <url>http://ip-api.com/json/?fields=225545</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ip-api.com/line/?fields=hosting</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/v10/users/@me</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/v10/users/@me/outbound-promotions/codes</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discordapp.com/api/v9/users/@me/billing/payment-sources</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://github.com/Blank-c/Umbral-Stealer</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://gstatic.com/generate_204</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>discord.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>discordapp.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>gstatic.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ip-api.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.138.232</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.133.233</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.14.94</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>208.95.112.1</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>140.82.121.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.138.232</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.133.233</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>140.82.121.3</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.14.94</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>208.95.112.1</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>b7db84991f23a680df8e95af8946f9c9</MD5>
              <SHA-1>cac699787884fb993ced8d7dc47b7c522c7bc734</SHA-1>
              <SHA-256>539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>89d7894ab09079ef23ce62c7e35779a8</MD5>
              <SHA-1>35da6de5df32890fc421a47b9853b8442fe410ba</SHA-1>
              <SHA-256>e4a39f24f77bee2f6b85a3e5ef1cf55635a40e0fe0f1ba3efcc0e53e14376b04</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>81d7b82a4e0c2bbf3c294ded6bc042a0</MD5>
              <SHA-1>3114d9758f689a55486517d5801df0fd8dceb252</SHA-1>
              <SHA-256>a3dad21f9d3005ff00dfa5c4964983b57edd7fdede4aa7656019fff3a62a5fdc</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <MD5>041912d109d349cf8c39ccccc812126a</MD5>
              <SHA-1>d677b242a21df8bb9d696998193de662b96a9ff0</SHA-1>
              <SHA-256>774085c73d7aeecdd59894443d83d16b7e4e731c89420ca9f7356a5c9c928056</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <MD5>74d9a83219cabaab06a69fd318873f33</MD5>
              <SHA-1>724ba28f4a9a1b472057ff99511ed393a45552e1</SHA-1>
              <SHA-256>a17fcf0a2f50e2d495e4f90ce263410edc183add6c62699a2facbccf60410f74</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>00000000-0000-0000-0000-AC1F6BD048FE</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>00000000-0000-0000-0000-AC1F6BD04972</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>00000001-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>032E02B4-0499-05C3-0806-3C0700080009</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>03DE0294-0480-05DE-1A06-350700080009</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>05589F80-C356-11CE-BF01-00AA0055595A</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>05589F81-C356-11CE-BF01-00AA0055595A</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>0579154A-2B53-4994-B0D0-E773148EFF85</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>0F6417D6-C318-11D0-A43F-00A0C9223196</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>11111111-2222-3333-4444-555555555555</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>29840822-5B84-11D0-BD3B-00A0C911CE86</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>31EFAC30-515C-11d0-A9AA-00AA0061BE93</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>32595559-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>33D9A760-90C8-11d0-BD43-00A0C911CE86</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>33D9A762-90C8-11d0-BD43-00A0C911CE86</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>39555659-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>44B94D56-65AB-DC02-86A0-98143A7423BF</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>47504A4D-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>481E2042-A1AF-D390-CE06-A8F783B1E76A</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>49434D53-0200-9036-2500-369025000C65</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>49434D53-0200-9036-2500-369025003AF0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>49434D53-0200-9036-2500-36902500F022</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>49434D53-0200-9065-2500-65902500E439</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4C4C4544-0050-3710-8058-CAC04F59344A</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4D4DDC94-E06C-44F4-95FE-33A1ADA5AC27</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>55272A00-42CB-11CE-8135-00AA004BB851</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>55595659-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56555949-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56595559-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a86891-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a86892-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a86893-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a86895-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a86897-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a8689a-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a8689f-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a868a9-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a868b1-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>56a868b4-0ad4-11ce-b03a-0020af0ba770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>59565955-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>5BD24D56-789F-8468-7CDC-CAA7222CC121</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>62BE5D10-60EB-11d0-BD3B-00A0C911CE86</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>63203342-0EB0-AA1A-4DF5-3FB37DBB0670</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>6608003F-ECE4-494E-B07E-1C4615D1D93C</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>670d1d20-a068-11d0-b3f0-00aa003761c5</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>67E595EB-54AC-4FF0-B5E3-3DA7C7B547E3</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>6A2E0670-28E4-11D0-A18C-00A0C9118956</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>6B652FFF-11FE-4fce-92AD-0266B5D7C78F</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>6F3CA5EC-BEC9-4A4D-8274-11168F640058</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>73646976-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>73647561-0000-0010-8000-00AA00389B71</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>76122042-C286-FA81-F0A8-514CC507B250</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>773C9AC0-3274-11D0-B724-00AA006C1A01</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>777D84B3-88D1-451C-93E4-D235177420A7</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>79AF5279-16CF-4094-9758-F88A616D81B4</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>7AB5C494-39F5-4941-9163-47F54D6D5016</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>860BB310-5D01-11d0-BD3B-00A0C911CE86</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>89c31040-846b-11ce-97d3-00aa0055595a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8B4E8278-525C-7343-B825-280AEBCD3BCB</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>93E5A4E0-2D50-11d2-ABFA-00A0C9C6E38D</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>9961A120-E691-4FFE-B67B-F0E4115D5919</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>9b00f101-1567-11d1-b3f1-00aa003761c5</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>A15A930C-8251-9645-AF63-E45AD728C20C</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>ADEEEE9E-EF0A-6B84-B14B-B83A54AFC548</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>B1112042-52E8-E25B-3655-6A4F54155DBF</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>BF87B6E1-8C27-11d0-B3F0-00AA003761C5</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>C1F400A0-3F08-11D3-9F0B-006008039E37</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>C1F400A4-3F08-11D3-9F0B-006008039E37</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>C6E13340-30AC-11d0-A18C-00A0C9118956</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>C6E13360-30AC-11d0-A18C-00A0C9118956</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>C6E13370-30AC-11d0-A18C-00A0C9118956</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>C7D23342-A5D4-68A1-59AC-CF40F735B363</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>D9142042-8F51-5EFF-D5F8-EE9AE3D1602A</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E0F158E1-CB04-11d0-BD4E-00A0C911CE86</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E436EB7B-524F-11CE-9F53-0020AF0BA770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E436EB7C-524F-11CE-9F53-0020AF0BA770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E436EB7D-524F-11CE-9F53-0020AF0BA770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E436EB7E-524F-11CE-9F53-0020AF0BA770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E436EB8B-524F-11CE-9F53-0020AF0BA770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E436EB8E-524F-11CE-9F53-0020AF0BA770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E436EBB3-524F-11CE-9F53-0020AF0BA770</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>EB16924B-FB6D-4FA1-8666-17B91F62FB37</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>F3988356-32F5-4AE1-8D47-FD3B8BAFBD4C</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>F72A76A0-EB0A-11d0-ACE4-0000C0CC16BA</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>FE822042-A70C-D08B-F1D1-C207055A488F</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>a2104830-7c70-11cf-8bce-00aa00a3f1a6</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e823c15a-ddaf-4d1e-a6eb-80645d1ee735</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>fb6c4281-0353-11d1-905f-0000c0cc16ba</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>fb6c4282-0353-11d1-905f-0000c0cc16ba</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>fb6c428a-0353-11d1-905f-0000c0cc16ba</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
        </iocs>
        <name>Umbral.exe</name>
        <report_id>70dfb1f3-b609-4a18-ba61-830997250dee</report_id>
        <tags>
          <value>peexe</value>
          <value>txt</value>
          <value>dotnet_pe</value>
          <value>json</value>
          <value>anti-vm</value>
          <value>base64</value>
          <value>hacktool</value>
          <value>reconnaissance</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>similar-threat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>884b91fcd16a189f1e4f907a0be037881fd158c529292b9c1c58da7590a841f5</id>
    <title>Analysis Report for 884b91fcd16a189f1e4f907a0be037881fd158c529292b9c1c58da7590a841f5</title>
    <updated>2026-07-06T21:07:25Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c193a74fb2f5922b6c7e7</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c190c9016b0169a623137</flow_id>
        <hash>884b91fcd16a189f1e4f907a0be037881fd158c529292b9c1c58da7590a841f5</hash>
        <iocs>
          <urls>
            <value>
              <url>http://127.0.0.1:21</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
        </iocs>
        <name>attempt6.js</name>
        <report_id>245cf07a-4f3d-414e-a4c6-d572acfb595e</report_id>
        <tags>
          <value>javascript</value>
          <value>evasive</value>
          <value>repaired</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>259926866a7117fb84fbb3d639c060392bc13f1f66b759777da8845fba41edfa</id>
    <title>Analysis Report for 259926866a7117fb84fbb3d639c060392bc13f1f66b759777da8845fba41edfa</title>
    <updated>2026-07-06T21:07:13Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c194174fb2f5922b6c7ea</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c18ffdef7044af0b84e70</flow_id>
        <hash>259926866a7117fb84fbb3d639c060392bc13f1f66b759777da8845fba41edfa</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>296b7d861a9ee473d4e8a62f9d7adb025d1fbe8e61206870f426e5c870a98936</SHA-256>
              <SHA-1>ed961a5852bd1ac5b55fa8fd70fa8213754abc57</SHA-1>
              <MD5>839f2e562a1f062fd873414ab28cf1d2</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>692985cf029eb28098357336ea128b16211fb8fb8ab3e8f90949a952a2514f65</SHA-256>
              <SHA-1>10dd88f00a8f56cce48908628abe1215235f624a</SHA-1>
              <MD5>89647fd8d7ee80b9e9e46db2a1053a29</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>6a3c71d7f89e83280ff2aa75c76d49c3239060f8ee53cfc2692e05c4fc9c7eab</SHA-256>
              <SHA-1>c0170ce1c06de46e62508e1d774d64e952cd111a</SHA-1>
              <MD5>b62b6b1e4cd3054ab1b07b033356d108</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>7aa854f2b6bf3241c666d0b851ecaea27082934a4b2fa43db752591dfcf9434e</SHA-256>
              <SHA-1>5168d394292dd31902f3f8112b22cd604529f378</SHA-1>
              <MD5>2165d3c35627dfb0f24dfa8839b650c1</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>af380b7f1f6bedba49ef3833569a36314f9834b759bfbdc7f5474d65081186c6</SHA-256>
              <SHA-1>28a0948d37b93bfd392044a4338968bd3f4de535</SHA-1>
              <MD5>e71ed01bef9a6e44b5a60f28e2d14320</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>d753e0ec2bd0488666eda57d61ca630cbce60346fcae09a076aa30de3565b25c</SHA-256>
              <SHA-1>c167b8eb7bf938dfa984672bfc21ebf9edd7fe3e</SHA-1>
              <MD5>f6765535a5d4df2e1fe58a6b97090391</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>x185bdb0:$btc: 3333333333333333UUUUUUUUUUUUUUU</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>UnityPlayer2.dll</name>
        <report_id>e964ce43-d587-4b22-be76-3ac9144bf7a7</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>anti-vm</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>keylogger</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>bd2cc2f1f25b5f520a87068475247dd5611ab9f199ed3264983d720e016acf66</id>
    <title>Analysis Report for bd2cc2f1f25b5f520a87068475247dd5611ab9f199ed3264983d720e016acf66</title>
    <updated>2026-07-06T21:07:06Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c191f0bc678ad76e5c8e7</_id>
        <file_type>text/x-msdos-batch</file_type>
        <flow_id>6a4c18f99016b0169a62310d</flow_id>
        <hash>bd2cc2f1f25b5f520a87068475247dd5611ab9f199ed3264983d720e016acf66</hash>
        <iocs>
          <ips>
            <value>
              <ip>1.0.0.0</ip>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>d2a10a34ca94b75246c245d77f633ff6d73f7cee6cec14a97373113ff990e64b</SHA-256>
              <SHA-1>515fb003af7b0ee323ca72a0858a1ed7d8aea519</SHA-1>
              <MD5>913605f47b4f9a22a887592afdf18777</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>e2373b5b2a7d1c629795bc94aedd5b48aa936910fccf296e1c160922bc5f8bac</SHA-256>
              <SHA-1>94ada1e35a25ff118507a2073ee891d3cf29d027</SHA-1>
              <MD5>eea9f76edf1d58c8246db6b0c7d12fb6</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</SHA-256>
              <SHA-1>da39a3ee5e6b4b0d3255bfef95601890afd80709</SHA-1>
              <MD5>d41d8cd98f00b204e9800998ecf8427e</MD5>
              <origin>VBA_EMULATION</origin>
              <file_type>application/octet-stream</file_type>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <SHA-256>3d8c31a68e3fab61212af7ebb3024c5ab079cd205a9297333824f342113b6058</SHA-256>
              <SHA-1>0c4236fd5a8b2cd632da0c1e06444e0a95bb7cd3</SHA-1>
              <MD5>c711690d415994abd3abbb2d476b0961</MD5>
              <origin>BATCH_SCRIPT_EMULATION</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>8fa3103bcd5d7d097dddcd0b1d56614b9787a019cfad2af0b5e24cd7f4b49e7a</SHA-256>
              <SHA-1>339e27243df24f2b8979e78711e396698f4f47cc</SHA-1>
              <MD5>07633af550e0260bf18f76937f78214f</MD5>
              <origin>BATCH_SCRIPT_EMULATION</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>1d1f34aadfba9058e6716411841c15c522cfe4464fb1e4fa6a480bcb837d3298</SHA-256>
              <SHA-1>cce50d9086262e1cc86a3a457dfdd64af77b0d81</SHA-1>
              <MD5>a373404c9ae73fecea3bebdedcac487c</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>temp_993805.bat</name>
        <report_id>c4c10180-e5da-4124-ae92-2dedc9e134eb</report_id>
        <tags>
          <value>bat</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>evasive</value>
          <value>base64</value>
          <value>packed</value>
          <value>reconnaissance</value>
          <value>aes</value>
          <value>crypto</value>
          <value>obfuscated</value>
          <value>powershell</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>ed20389d82c3d0044f2229a80899065eff08149b6ece280e3a7edd5c441b0bc4</id>
    <title>Analysis Report for ed20389d82c3d0044f2229a80899065eff08149b6ece280e3a7edd5c441b0bc4</title>
    <updated>2026-07-06T21:07:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c190b0bc678ad76e5c8e2</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c18f52c562ae7c822ea41</flow_id>
        <hash>ed20389d82c3d0044f2229a80899065eff08149b6ece280e3a7edd5c441b0bc4</hash>
        <iocs>
          <files>
            <value>
              <MD5>b7db84991f23a680df8e95af8946f9c9</MD5>
              <SHA-1>cac699787884fb993ced8d7dc47b7c522c7bc734</SHA-1>
              <SHA-256>539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>77742694e3a324cc94cca59a9264fb12</MD5>
              <SHA-1>da80b01fd42d3c340115ae1dbc1c20da4764d7e6</SHA-1>
              <SHA-256>61ff07c4434fe14d08598012ca171da578abd966edf07b9d5226b8de3b720d2d</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>e956deeac1d2e9d9601e6aa05bc26c9a</MD5>
              <SHA-1>f15e6a74c13a687a7059a50095784e852024278b</SHA-1>
              <SHA-256>29f053ccc9d4cb9ff96059dde82b9e9e22ec533899be6f67e04d0f7b1ea4ca49</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>d52e2f827d3f73701ee23c2316c8c3ca</MD5>
              <SHA-1>7cf54e00a6d7343c940c55b87ed77116edcae177</SHA-1>
              <SHA-256>604c60a3fea14e55f533c6ebdc86f84707a605359ae9cef79fcda9f97d56c6a7</SHA-256>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>dadada.exe</name>
        <report_id>2967735e-4aef-4a94-9b23-d971d7a88db7</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>obfuscated</value>
          <value>base64</value>
          <value>expired-cert</value>
          <value>reconnaissance</value>
          <value>invalid-signature</value>
          <value>signed</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>026fcc119a1bb6114d05c70d30107fb266e2c4ac98b1d6154f69bf27cee30cfc</id>
    <title>Analysis Report for 026fcc119a1bb6114d05c70d30107fb266e2c4ac98b1d6154f69bf27cee30cfc</title>
    <updated>2026-07-06T21:06:57Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c19000bc678ad76e5c8df</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c18ee9016b0169a6230f5</flow_id>
        <hash>026fcc119a1bb6114d05c70d30107fb266e2c4ac98b1d6154f69bf27cee30cfc</hash>
        <iocs>
          <urls>
            <value>
              <url>https://files.catbox.moe/ly92q6.dll</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://files.catbox.moe/obttav.sys</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>files.catbox.moe</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>108.181.20.43</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>108.181.20.43</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>1e4a89b11eae0fcf8bb5fdd5ec3b6f61</MD5>
              <SHA-1>4260284ce14278c397aaf6f389c1609b0ab0ce51</SHA-1>
              <SHA-256>4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>5502e522d344a61b3e689c92e8f8daf9</MD5>
              <SHA-1>8a8261dfe215b812becd083c36e44fd06c63095b</SHA-1>
              <SHA-256>29522c6ab4ecea0d15e314e496792e559cf77bea45b81f2feea00d9036372425</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/x-msdownload</file_type>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <MD5>bc52d2f3b43f512ecef28bff4917d3c9</MD5>
              <SHA-1>b0432f5a7a09faaac0da8650a2269c58e02205de</SHA-1>
              <SHA-256>b536f00490262d7c9a2724d6e9c0d97cdd370961fceae3724795298a2c7fa153</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/java-archive</file_type>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
          </files>
        </iocs>
        <name>loader.exe</name>
        <report_id>3db929ad-651b-4b07-b12b-dc697707f09b</report_id>
        <tags>
          <value>peexe</value>
          <value>java</value>
          <value>pedll</value>
          <value>anti-vm</value>
          <value>anti-debug</value>
          <value>hacktool</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>7d7fb6853d687c575d2ec1c85be21ff35b699a012658b993c1efcec55019824f</id>
    <title>Analysis Report for 7d7fb6853d687c575d2ec1c85be21ff35b699a012658b993c1efcec55019824f</title>
    <updated>2026-07-06T21:06:55Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c18f774fb2f5922b6c7d9</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c18ec9016b0169a6230f2</flow_id>
        <hash>7d7fb6853d687c575d2ec1c85be21ff35b699a012658b993c1efcec55019824f</hash>
        <iocs/>
        <name>AsyncClient.exe</name>
        <report_id>b889873d-d158-46e7-9918-6daa57db7e78</report_id>
        <tags>
          <value>peexe</value>
          <value>samsam</value>
          <value>dropper</value>
          <value>obfuscated</value>
          <value>vbnet</value>
          <value>asyncrat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>5f6e4a8d17a5d15cc001300ad8373515b8f548c0ab129fe67ef597a59467423f</id>
    <title>Analysis Report for 5f6e4a8d17a5d15cc001300ad8373515b8f548c0ab129fe67ef597a59467423f</title>
    <updated>2026-07-06T21:05:34Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c18a574fb2f5922b6c7c9</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c189c9016b0169a623087</flow_id>
        <hash>5f6e4a8d17a5d15cc001300ad8373515b8f548c0ab129fe67ef597a59467423f</hash>
        <iocs/>
        <name>5f6e4a8d17a5d15cc001300ad8373515b8f548c0ab129fe67ef597a59467423f.exe</name>
        <report_id>1f797390-ea81-4caa-b96b-0271789c6b1e</report_id>
        <tags>
          <value>peexe</value>
          <value>samsam</value>
          <value>dropper</value>
          <value>obfuscated</value>
          <value>vbnet</value>
          <value>asyncrat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>452bb23fdaa738f102c07c140b5b0dafbaa19e2ec2c8dc0367d15b34653b730a</id>
    <title>Analysis Report for 452bb23fdaa738f102c07c140b5b0dafbaa19e2ec2c8dc0367d15b34653b730a</title>
    <updated>2026-07-06T21:04:27Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c187374fb2f5922b6c7be</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c18593abf2760bd72d770</flow_id>
        <hash>452bb23fdaa738f102c07c140b5b0dafbaa19e2ec2c8dc0367d15b34653b730a</hash>
        <iocs>
          <urls>
            <value>
              <url>http://127.0.0.1:5052</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://curl.se/docs/alt-svc.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://curl.se/docs/hsts.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://curl.se/docs/http-cookies.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>curl.se</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>ftp@example.com</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>151.101.1.91</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>140.82.121.4</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>045.3.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>045.4.3.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>045.4.3.2</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>045.4.3.3</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>045.4.3.4</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>1.3.14.3</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>40.1.101.3</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.10</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.11</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.12</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.13</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.14</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.2</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.4</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.5</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.9.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>49.1.9.2</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>14980197a39672e5f74d75bbb776f6cb316e4c1908a5a126722502cdd79e8186</SHA-256>
              <SHA-1>37a431f2f885143c505444a230453104a32906d9</SHA-1>
              <MD5>4b8f4daaf8d8dafc63f1043dddd8871b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>6ffd4e185d42cf665356b786251483f8c2c708705521967f272219f41df12df9</SHA-256>
              <SHA-1>2e6443ba8baada3c9e56506a8e5dbf8a991431c0</SHA-1>
              <MD5>fefb75208de50aff8073a27b04a14966</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>78cb502af301d5254e9f339b96a15995c2c637c2d94ce11ac2cd0a03d10ae9b4</SHA-256>
              <SHA-1>d8864eb28a0b06b675dea33702fb3b5b1d1310ca</SHA-1>
              <MD5>9bf3ecb10415e26850f0f79e9b69a8e0</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>a5626601f865b53c7bfcfe81dd640a9ca95395dff6552b836b6585ef278163ab</SHA-256>
              <SHA-1>7d218b69d7e708e2b63c64cacc07475a41bc15cd</SHA-1>
              <MD5>17f661350597f9dde53c49bf866bceb1</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>f2f541eed487e85b169420a778da19e7b04e04221be9a0b4fbc3f68098415178</SHA-256>
              <SHA-1>6477bdf57d1590a0a4cf1945d08c51660c449e17</SHA-1>
              <MD5>fbf87f6224f3c275f810f6a6b87bbd2c</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>82739d04934bc4e9af7d323b166378b283895c3a2373d53b9645e083f9aceb83</SHA-256>
              <SHA-1>7331590dcbf3b24bfe635515ed32a51427e5c043</SHA-1>
              <MD5>1ff31ed0130d2e491f3038f137e01d03</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>c04caf2181fc7ecd11b03cd9f084d96d0e6bfbec155a8a19b999ac1341abe6b7</SHA-256>
              <SHA-1>01e510c6dc25b99e01bdb406f4f0307470008554</SHA-1>
              <MD5>9c7c2e58ba33b63fc3060c775d062788</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>UnityPlayer.dll</name>
        <report_id>5a4d8028-26e7-45e7-a68c-c4aa0dc8edea</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>html</value>
          <value>json</value>
          <value>anti-debug</value>
          <value>hacktool</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>base64</value>
          <value>obfuscated</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>0f195a3e55f93867f81da14d26168195c4686e7e974063488329996333a19a90</id>
    <title>Analysis Report for 0f195a3e55f93867f81da14d26168195c4686e7e974063488329996333a19a90</title>
    <updated>2026-07-06T21:00:20Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c17a074fb2f5922b6c798</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c1763327f9453dea7d516</flow_id>
        <hash>0f195a3e55f93867f81da14d26168195c4686e7e974063488329996333a19a90</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>abd895eb3c473c74a262a60ac198269752063ebe078d742168ef7d1c20cb88bb</SHA-256>
              <SHA-1>4a1f67850cf29ac533f7710586805cd6e81ed349</SHA-1>
              <MD5>3d400f0e72cbf1b08d9cd836e151b342</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>046e553ab68c5cd459b5c7fa9eb3e67f063e5112bc911857ad30122e6f93aaf3</SHA-256>
              <SHA-1>86a9565a09a4ebd4afecd01406ea366a92995785</SHA-1>
              <MD5>82708690566b2c841a9f96f94cf9245f</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>148207c8ace31296b623294510d2c348f5f82fa68f9caa4d8e99f8c390579af1</SHA-256>
              <SHA-1>93851edec61d04f6ea9f67b5319d19e683bd6fe3</SHA-1>
              <MD5>dee6e1241aa6b7b954c06ef7dae070f9</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>2d50e031b063ad80ff47990bca3193a86a6604abf0f6a2cab1b96f1843091565</SHA-256>
              <SHA-1>55a07092a269bc439f8b179a9abb98f085bd1cb9</SHA-1>
              <MD5>5d4b90f71e318c09d9c174b3e1866a4f</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>5235224f985578249317e86812b837feb743039a731fbd1a65ef7b0b11ebbe85</SHA-256>
              <SHA-1>64bd7bc1446b41871c43b6dd222b46560c9db284</SHA-1>
              <MD5>86ddc915595e731b7ba8a2f98746fa2c</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>5f6c6925e18ec5f8729c987a3c143cb765f477dbae8614b7999460253c8aef53</SHA-256>
              <SHA-1>6d06322740d0e73e2c295c4913a7c2449df6cc87</SHA-1>
              <MD5>f13506f6607331658394072135ef09cb</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>61202d33d4c4af4666c072424a1824fb54cd2cdea4deed4cb4cd887294c3a0e9</SHA-256>
              <SHA-1>20841ecdcf8a8acf3ada0cbff754359fce5ea02c</SHA-1>
              <MD5>6513963ec54b832a95db75dde2472cab</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>84db74dd22e3ba38bbc71b6c65f4719dc32551e9815aae01035fe9add83888fd</SHA-256>
              <SHA-1>5f88ebe9b86dd9bbad10c7f5accc37e4313b207b</SHA-1>
              <MD5>0c47d3dfed3e1b32cc000f305b471c0a</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>85a1204ca90e4a0501333b0f58c7a417478948bcf8f64c863564e14998ff9bbf</SHA-256>
              <SHA-1>4b9c3f5184e84bf96f797fe6e3e3223279cab66d</SHA-1>
              <MD5>a575a86a015ec2bc6e4d347830bceac8</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>bcb75582e8dc14e60bbae290edee1adfa28c70a008a715f41ff0ded02db0db0f</SHA-256>
              <SHA-1>b075941385765122efcbbd2ff18bd568867eb021</SHA-1>
              <MD5>096f84e23783d6b8cd0ae557c8bac99b</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>ee5fc38dfcbf0c701bb6131ff86c268ae3044f46e7d5c3ee26b762b90cc5120f</SHA-256>
              <SHA-1>9114d0bc6a98a0e67a98c6aae158b506572e3d43</SHA-1>
              <MD5>51aaada0f696675f7090159a99d61247</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>NXO-Menu.dll</name>
        <report_id>27d0531c-9036-468d-a5f1-81186b11e576</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>dotnet_pe</value>
          <value>packed</value>
          <value>finger</value>
          <value>lolbin</value>
          <value>obfuscated</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>d7194f137ffda051c2be0b9a8da56db467b33927caaf721ce3d5f9fd9389dfe9</id>
    <title>Analysis Report for d7194f137ffda051c2be0b9a8da56db467b33927caaf721ce3d5f9fd9389dfe9</title>
    <updated>2026-07-06T20:59:15Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c173d74fb2f5922b6c784</_id>
        <file_type>application/x-mach-o-executable</file_type>
        <flow_id>6a4c171f9016b0169a622e1c</flow_id>
        <hash>d7194f137ffda051c2be0b9a8da56db467b33927caaf721ce3d5f9fd9389dfe9</hash>
        <iocs>
          <urls>
            <value>
              <url>file://storagedefaultbitcoin</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>storagedefaultbitcoin</url>
              <origin>INPUT_FILE</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>2.5.4.62</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>4.72.5.4</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>5.4.32.5</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>82.5.4.92</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <btc_wallets>
            <value>
              <btc_wallet>x2de93c2:$btc: 193auZhKTZEVmxqAQxrPbZYCMhktKZfoA</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x2de93fc:$btc: 3BRappfXpJBCPEhaY8u2UseHT3mMyeJV4</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>d5ece09d7611</name>
        <report_id>4a2320dd-5b14-4611-aaa9-6e6a7b2f4f00</report_id>
        <tags>
          <value>anti-vm</value>
          <value>expand</value>
          <value>lolbin</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>217d866baf16796fdc1042baca1f080ed748d18c00b9bde9174337d0f9178d44</id>
    <title>Analysis Report for 217d866baf16796fdc1042baca1f080ed748d18c00b9bde9174337d0f9178d44</title>
    <updated>2026-07-06T20:57:40Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c16d774fb2f5922b6c771</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c16c29016b0169a622d8c</flow_id>
        <hash>217d866baf16796fdc1042baca1f080ed748d18c00b9bde9174337d0f9178d44</hash>
        <iocs>
          <urls>
            <value>
              <url>http://127.0.0.1:21</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
        </iocs>
        <name>attempt5.1.js</name>
        <report_id>c7b0d242-7d6e-4f44-b0bf-b17df519822c</report_id>
        <tags>
          <value>javascript</value>
          <value>evasive</value>
          <value>repaired</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b8be63d26a160694980638aa180286266798bbf9ac306b4138155cf682578023</id>
    <title>Analysis Report for b8be63d26a160694980638aa180286266798bbf9ac306b4138155cf682578023</title>
    <updated>2026-07-06T20:55:54Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c16c974fb2f5922b6c76c</_id>
        <file_type>application/vnd.android.package-archive</file_type>
        <flow_id>6a4c16559016b0169a622ca4</flow_id>
        <hash>b8be63d26a160694980638aa180286266798bbf9ac306b4138155cf682578023</hash>
        <iocs>
          <urls>
            <value>
              <url>https://android.googlesource.com/toolchain/llvm-project</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>android.googlesource.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>142.251.127.82</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>127.0.0.1</ip>
              <origin>APK_DECODING</origin>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>96c9537908a8e03c4ad67e2a624d11418a46c933eca5d7a1530fd612d897d3f4</SHA-256>
              <SHA-1>c14050211df81dff8a225fcbc93536a500fe6341</SHA-1>
              <MD5>333a9b849c427b2fe81226f07e0d70f0</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>MacroDroid.apk</name>
        <report_id>b1c3de36-7a6e-4e05-a8ef-6e40799eefc8</report_id>
        <tags>
          <value>apk</value>
          <value>html</value>
          <value>fingerprint</value>
          <value>persistence</value>
          <value>evasive</value>
          <value>signed</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>eca358bdac02415dc7aaf07680a7a2b83fcacacbb3801ba3fe215cad74995ca5</id>
    <title>Analysis Report for eca358bdac02415dc7aaf07680a7a2b83fcacacbb3801ba3fe215cad74995ca5</title>
    <updated>2026-07-06T20:53:36Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c15e374fb2f5922b6c736</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c15cd2c562ae7c822e7da</flow_id>
        <hash>eca358bdac02415dc7aaf07680a7a2b83fcacacbb3801ba3fe215cad74995ca5</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>33f20f3f2e1b2a2830b58156337013719118cbd0b8f29626bf9c32ce57378794</SHA-256>
              <SHA-1>ab8640344d7724842da4e7d90c9f4a1183cec324</SHA-1>
              <MD5>9504c30adffecbffca978eebfb067f48</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>c1de97e69807bc8e734a2122d1ddbc3b8d3dd978fc5289a1abcb1b6fc2ee1208</SHA-256>
              <SHA-1>880e7ef74a1282aeed4c24bcfcd4106c50999b1e</SHA-1>
              <MD5>207d9f89a33d9f653ae59c5d0e2a9a3c</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>17103E3F-3C6E-4677-BB17-3B267EB5BE57</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>dcc079ae-60ba-4d07-847c-3493609c0870</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>f33463e0-7d59-11d9-9916-0008744f51f3</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>SOFTWARE\Microsoft\Windows NT\CurrentVersion\HostComputeService</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\UtilityVm\Memory Management</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\PerformanceTracing</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\VML</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
        </iocs>
        <name>vmcompute.exe</name>
        <report_id>2f1d1c50-2129-4fb9-b933-c863a4e6cb59</report_id>
        <tags>
          <value>peexe</value>
          <value>crypto</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>anti-vm</value>
          <value>base64</value>
          <value>evasive</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>2c539f63b9121193b96a160e8d3a5e068899ea7e2c70fcaf2649c87a425975ef</id>
    <title>Analysis Report for 2c539f63b9121193b96a160e8d3a5e068899ea7e2c70fcaf2649c87a425975ef</title>
    <updated>2026-07-06T20:52:23Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c15de74fb2f5922b6c732</_id>
        <file_type>application/xhtml+xml</file_type>
        <flow_id>6a4c15869a95790273309f47</flow_id>
        <hash>2c539f63b9121193b96a160e8d3a5e068899ea7e2c70fcaf2649c87a425975ef</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.herdprotect.com/domain-yourbittorrent.com.aspx</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>yourbittorrent.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://yourbittorrent.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://yourbittorrent.com/.../5889392.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>http://yourbittorrent.com/.../6975561.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>http://yourbittorrent.com/.../7065572.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>http://yourbittorrent.com/.../7657074.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>http://yourbittorrent.com/.../7907944.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>http://yourbittorrent.com/.../8140342.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>http://yourbittorrent.com/.../8235415.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>http://yourbittorrent.com/.../9199951.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjax.js</url>
              <origin>INPUT_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjaxWebForms.js</url>
              <origin>INPUT_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://ajax.aspnetcdn.com/ajax/4.5.1/1/WebForms.js</url>
              <origin>INPUT_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.google.com/s2/favicons</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/s2/favicons?domain=yourbittorrent.com');</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../1521066.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../1998669.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../2546893.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../2637024.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../3331501.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../3777835.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../4328016.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../450235.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../5539049.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../645023.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../6524260.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../7301540.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../7775831.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../7801056.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../8087696.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../846306.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../9371670.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../9373330.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../9385810.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../9444373.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../9570577.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://yourbittorrent.com/.../9613661.torrent</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjax.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjaxWebForms.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://ajax.aspnetcdn.com/ajax/4.5.1/1/WebForms.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/consent/709ec95d-ed72-4d52-9b64-9dde9bb53432/709ec95d-ed72-4d52-9b64-9dde9bb53432.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/consent/709ec95d-ed72-4d52-9b64-9dde9bb53432/dc3a116c-fee8-44b2-8b84-ce2bd808578e/en.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/logos/static/ot_close.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/scripttemplates/202307.1.0/assets/otCommonStyles.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/scripttemplates/202307.1.0/assets/otCookieSettingsButton.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/scripttemplates/202307.1.0/assets/otFlat.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/scripttemplates/202307.1.0/otBannerSdk.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Open+Sans:300,400,600&amp;lang=en</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://t2.gstatic.com/faviconV2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://t2.gstatic.com/faviconV2?client=SOCIAL&amp;type=FAVICON&amp;fallback_opts=TYPE,SIZE,URL&amp;url=http://yourbittorrent.com&amp;size=16</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/plugins/like.php</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fwww.facebook.com%2FherdProtect&amp;width&amp;layout=button_count&amp;action=like&amp;show_faces=false&amp;share=true&amp;height=21</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.herdprotect.com/domain-yourbittorrent.com.aspx</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.herdprotect.com/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.herdprotect.com/images/disclaimer.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.herdprotect.com/images/searchsprites.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.herdprotect.com/images/signature.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.herdprotect.com/images/webheader.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.herdprotect.com/js/global.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.herdprotect.com/js/modernizr.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.herdprotect.com/stylesheet.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://yourbittorrent.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/herdProtect&amp;width&amp;layout=button_count&amp;action=like&amp;show_faces=false&amp;share=true&amp;height=21</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>ajax.aspnetcdn.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>cookie-cdn.cookiepro.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>google.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>yourbittorrent.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>ajax.aspnetcdn.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>ajax.googleapis.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cookie-cdn.cookiepro.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>geolocation.onetrust.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>t2.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.herdprotect.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>142.251.110.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.110.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.13.104</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.14.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>157.240.253.35</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.64.151.166</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.64.155.119</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>188.114.97.3</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2.16.10.47</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2.16.10.51</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.102</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>1.2.16.10</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.27.210.30</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.27.211.30</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.31.18.30</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.31.19.30</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>141.101.118.126</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>141.101.118.127</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>141.101.118.188</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>141.101.118.189</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>188.114.97.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.36.90</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <uuids>
            <value>
              <uuid>11f5dc49-0c50-44a4-a3fd-0d0071556f2e</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>709ec95d-ed72-4d52-9b64-9dde9bb53432</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>dceb5ac5-4708-475d-a99e-48ce404f5184</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxps://www.herdprotect.com/domain-yourbittorrent.com.aspx</name>
        <report_id>bdd3e6d6-ec3f-443a-987c-4c1c19c11a39</report_id>
        <tags>
          <value>html</value>
          <value>xml</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3a37cc46f71c7dc8ce282b8685a1e1626b03f7de85fdc767ca8e2686da3edfff</id>
    <title>Analysis Report for 3a37cc46f71c7dc8ce282b8685a1e1626b03f7de85fdc767ca8e2686da3edfff</title>
    <updated>2026-07-06T20:51:41Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c157174fb2f5922b6c715</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c155b9016b0169a622b14</flow_id>
        <hash>3a37cc46f71c7dc8ce282b8685a1e1626b03f7de85fdc767ca8e2686da3edfff</hash>
        <iocs/>
        <name>Bundle.exe</name>
        <report_id>14ee987c-764c-4cf5-b173-2157367b5ba9</report_id>
        <tags>
          <value>peexe</value>
          <value>packed</value>
          <value>expand</value>
          <value>lolbin</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>7afc5127f6199cb25f58c0324a86f38a8bbdc01e7346f7d9b2bf9f8130b2c150</id>
    <title>Analysis Report for 7afc5127f6199cb25f58c0324a86f38a8bbdc01e7346f7d9b2bf9f8130b2c150</title>
    <updated>2026-07-06T20:51:41Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c156974fb2f5922b6c711</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c155b9016b0169a622b16</flow_id>
        <hash>7afc5127f6199cb25f58c0324a86f38a8bbdc01e7346f7d9b2bf9f8130b2c150</hash>
        <iocs>
          <urls>
            <value>
              <url>http://127.0.0.1:21</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
        </iocs>
        <name>attempt5.1.js</name>
        <report_id>3fcafb74-5024-4098-a8e4-963110bab7a6</report_id>
        <tags>
          <value>javascript</value>
          <value>evasive</value>
          <value>repaired</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</id>
    <title>Analysis Report for a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</title>
    <updated>2026-07-06T20:50:07Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c150ee094c2d9580613e5</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c14d93abf2760bd72d340</flow_id>
        <hash>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</hash>
        <iocs>
          <urls>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <ips>
            <value>
              <ip>63.177.146.192</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>63.177.146.192</ip>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>hxxps://bazaar.abuse.ch/browse.php</name>
        <report_id>ab210cd8-b53c-4692-ad61-53027d4d7ae7</report_id>
        <tags>
          <value>txt</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</id>
    <title>Analysis Report for a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</title>
    <updated>2026-07-06T20:50:02Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c150de094c2d9580613e4</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c14d39a95790273309ee6</flow_id>
        <hash>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</hash>
        <iocs>
          <urls>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <ips>
            <value>
              <ip>63.177.146.192</ip>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>63.177.146.192</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>hxxps://bazaar.abuse.ch/browse.php</name>
        <report_id>50e88515-04cf-43aa-a93c-5fc316e3e9b9</report_id>
        <tags>
          <value>txt</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>60eef93cdc0eadb0f28579b388c73fd5b8181259c90a997d874e85b7b12b9995</id>
    <title>Analysis Report for 60eef93cdc0eadb0f28579b388c73fd5b8181259c90a997d874e85b7b12b9995</title>
    <updated>2026-07-06T20:49:34Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c14ece094c2d9580613da</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c14d02c562ae7c822e71e</flow_id>
        <hash>60eef93cdc0eadb0f28579b388c73fd5b8181259c90a997d874e85b7b12b9995</hash>
        <iocs>
          <urls>
            <value>
              <url>https://posta.appleenespanol.com/</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
        </iocs>
        <name>hxxps://posta.appleenespanol.com/</name>
        <report_id>28a4669c-0012-416f-b286-0cc2278239c0</report_id>
        <tags>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</id>
    <title>Analysis Report for a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</title>
    <updated>2026-07-06T20:49:32Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c14e90bc678ad76e5c828</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c14d83abf2760bd72d33e</flow_id>
        <hash>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</hash>
        <iocs>
          <urls>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <ips>
            <value>
              <ip>63.177.146.192</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>63.177.146.192</ip>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>hxxps://bazaar.abuse.ch/browse.php</name>
        <report_id>24089693-0d6e-4479-8549-7434fe020d6a</report_id>
        <tags>
          <value>txt</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>60eef93cdc0eadb0f28579b388c73fd5b8181259c90a997d874e85b7b12b9995</id>
    <title>Analysis Report for 60eef93cdc0eadb0f28579b388c73fd5b8181259c90a997d874e85b7b12b9995</title>
    <updated>2026-07-06T20:49:29Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c14e70bc678ad76e5c827</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c14d55a5245447d9c2e11</flow_id>
        <hash>60eef93cdc0eadb0f28579b388c73fd5b8181259c90a997d874e85b7b12b9995</hash>
        <iocs>
          <urls>
            <value>
              <url>https://posta.appleenespanol.com/</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
        </iocs>
        <name>hxxps://posta.appleenespanol.com/</name>
        <report_id>8e50ce0e-dec6-4d67-be7f-6058bf2a55ac</report_id>
        <tags>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</id>
    <title>Analysis Report for a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</title>
    <updated>2026-07-06T20:49:26Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c15470bc678ad76e5c83a</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c14d33abf2760bd72d334</flow_id>
        <hash>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</hash>
        <iocs>
          <urls>
            <value>
              <url>https://abuse.ch/cookie-policy/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/privacy-policy/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/terms-and-conditions/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/terms-of-use/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://bsky.app/profile/abuse-ch.bsky.social</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://ioc.exchange/@abuse_ch</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://js.hcaptcha.com/1/api.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.linkedin.com/company/abuse-ch/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://x.com/abuse_ch</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>bazaar.abuse.ch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>abuse.ch</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>bsky.app</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>ioc.exchange</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>js.hcaptcha.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>x.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>146.75.122.49</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.64.146.215</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>3.134.25.90</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>151.101.2.49</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>46.4.252.37</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.0.227</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.19.229.21</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>b6c7990cf69d8a1ca6eae1339dcf61a1af5f4ad2db78d9355ac6b9a92a16a9d8</SHA-256>
              <SHA-1>89171b21e590f580dd99daa3af1daf4eddb1e367</SHA-1>
              <MD5>1c30fdea64f2feb1d16084065c16192c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>291615dbc8387cba883c477d68f12698c3332969fbfa50f3cb73ec2fde25816f</SHA-256>
              <SHA-1>c273398d0e6f0333bdf8831a14f63a972d4708f3</SHA-1>
              <MD5>5452736da2fc39802fddfd1600ecaabb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>50f03d5592a19a1ebf5e71d9780a32269240f1302c2c05910952a4c342e4979b</SHA-256>
              <SHA-1>b2d999b018ea83a98d0bf11692e626d335ad5838</SHA-1>
              <MD5>0e88f59f746bd46808df85f9fd41eaf8</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>19d816f72ebfac78ddf1023aaa4411594514eb9b597c35e175f44bbb0cef3012</SHA-256>
              <SHA-1>64b4a67948b580bcb305077b355151b231f9e727</SHA-1>
              <MD5>c2d825d6a9adcdb10c0482667ceb3033</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>a29975357994ae65cd6c64c372708dca6ec22729c7d972c1433f4ac0b18bef20</SHA-256>
              <SHA-1>0bb8370998cfdde0a095daefdb0fdb409b5419f9</SHA-1>
              <MD5>866e0e06eadd0e9810f9cfcd7cdc7de2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>5f3d921ba41246d97aed536d38892ee2f4729ca451bf816463d9ffa157302857</SHA-256>
              <SHA-1>43b6d44f66b3dffe1ee96985708388062c03c1ac</SHA-1>
              <MD5>f574b53e8419a47a8aec26867ad6d2e8</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/x-ini</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b60816cbe9d966b24638d1a61a503246cc261690e188f2940b7f06b631108bb7</SHA-256>
              <SHA-1>175fb969f348a0c129c74cab40a3f178df9e1505</SHA-1>
              <MD5>6f6ba45221e54b153817eb3cc78f40bb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>5099c769f21def2ef24595e824d20a0e74856080b6273a1679cb930c4a266ee1</SHA-256>
              <SHA-1>1bd714bf42138bae6a51779020ad691884ad455d</SHA-1>
              <MD5>6984b750ff718ded7810a0414458796b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>0daf2112e9f8a7c1593af18d62a1dfd519a39755e119db53948b0d0e12e2b6af</SHA-256>
              <SHA-1>6b3402150fff7fa771ae45de01695370f05c4c0a</SHA-1>
              <MD5>c61f070e30138d8a40e8d97045af35bc</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>990e6362a07de012a91e46434aa42717525b54cb4e2314a6f13e0da83aae5359</SHA-256>
              <SHA-1>2383af70128a7f4397bd99794d54e4605555d23a</SHA-1>
              <MD5>f1265963b1b6269866a64f22e951bd33</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>63b63954-5928-41b2-be10-a6f87ca282fc</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxps://bazaar.abuse.ch/browse.php</name>
        <report_id>fe8fa827-1846-468c-9635-5dc67e1760d0</report_id>
        <tags>
          <value>html</value>
          <value>javascript</value>
          <value>txt</value>
          <value>ini</value>
          <value>obfuscated</value>
          <value>captcha</value>
          <value>base64</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</id>
    <title>Analysis Report for a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</title>
    <updated>2026-07-06T20:49:25Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1544e094c2d9580613f4</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c14d39016b0169a622a36</flow_id>
        <hash>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</hash>
        <iocs>
          <urls>
            <value>
              <url>https://abuse.ch/cookie-policy/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/privacy-policy/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/terms-and-conditions/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/terms-of-use/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://bsky.app/profile/abuse-ch.bsky.social</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://ioc.exchange/@abuse_ch</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://js.hcaptcha.com/1/api.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.linkedin.com/company/abuse-ch/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://x.com/abuse_ch</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>abuse.ch</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>bsky.app</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>ioc.exchange</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>js.hcaptcha.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>x.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>bazaar.abuse.ch</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>151.101.2.49</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>146.75.122.49</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.19.229.21</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>46.4.252.37</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>3.134.25.90</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.0.227</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.146.215</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>291615dbc8387cba883c477d68f12698c3332969fbfa50f3cb73ec2fde25816f</SHA-256>
              <SHA-1>c273398d0e6f0333bdf8831a14f63a972d4708f3</SHA-1>
              <MD5>5452736da2fc39802fddfd1600ecaabb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>50f03d5592a19a1ebf5e71d9780a32269240f1302c2c05910952a4c342e4979b</SHA-256>
              <SHA-1>b2d999b018ea83a98d0bf11692e626d335ad5838</SHA-1>
              <MD5>0e88f59f746bd46808df85f9fd41eaf8</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b6c7990cf69d8a1ca6eae1339dcf61a1af5f4ad2db78d9355ac6b9a92a16a9d8</SHA-256>
              <SHA-1>89171b21e590f580dd99daa3af1daf4eddb1e367</SHA-1>
              <MD5>1c30fdea64f2feb1d16084065c16192c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>19d816f72ebfac78ddf1023aaa4411594514eb9b597c35e175f44bbb0cef3012</SHA-256>
              <SHA-1>64b4a67948b580bcb305077b355151b231f9e727</SHA-1>
              <MD5>c2d825d6a9adcdb10c0482667ceb3033</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>a29975357994ae65cd6c64c372708dca6ec22729c7d972c1433f4ac0b18bef20</SHA-256>
              <SHA-1>0bb8370998cfdde0a095daefdb0fdb409b5419f9</SHA-1>
              <MD5>866e0e06eadd0e9810f9cfcd7cdc7de2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b60816cbe9d966b24638d1a61a503246cc261690e188f2940b7f06b631108bb7</SHA-256>
              <SHA-1>175fb969f348a0c129c74cab40a3f178df9e1505</SHA-1>
              <MD5>6f6ba45221e54b153817eb3cc78f40bb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>e34f984ef74874e4fd64509d2e2e00aa15fc21f1a75c1bcea287b23ee63d8f72</SHA-256>
              <SHA-1>e48d819d223b367414591c22e07c8f8b082a2a9f</SHA-1>
              <MD5>2018dcd49b7e35a878d59a168e48c7b5</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/x-ini</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>c3bbe17cb32ff71953ca78684b014f0cdab51227a7f3099a08ac810e54fc5384</SHA-256>
              <SHA-1>bbaa360f524731cb6d59160652434d973eef3c82</SHA-1>
              <MD5>1b64329230d68b56f61db3a67294ad5c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>616944e49e2086091fe4275cc201107a3f917ce2e28289f042d68a3a4d002c5c</SHA-256>
              <SHA-1>73c30f49cfccbe3cfd8bf5808440d5e7d00b3e91</SHA-1>
              <MD5>729b7365d5f3c15e20975be4cfd2752a</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>990e6362a07de012a91e46434aa42717525b54cb4e2314a6f13e0da83aae5359</SHA-256>
              <SHA-1>2383af70128a7f4397bd99794d54e4605555d23a</SHA-1>
              <MD5>f1265963b1b6269866a64f22e951bd33</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>63b63954-5928-41b2-be10-a6f87ca282fc</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxps://bazaar.abuse.ch/browse.php</name>
        <report_id>11fd8eed-c433-4629-84b6-0f51f8400d4a</report_id>
        <tags>
          <value>html</value>
          <value>javascript</value>
          <value>txt</value>
          <value>ini</value>
          <value>obfuscated</value>
          <value>captcha</value>
          <value>base64</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b0b5f5377a903f9718c154168edecf6b2f72d390a3265e4d2911771a951b7b6f</id>
    <title>Analysis Report for b0b5f5377a903f9718c154168edecf6b2f72d390a3265e4d2911771a951b7b6f</title>
    <updated>2026-07-06T20:49:15Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c14d90bc678ad76e5c824</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c14ca5a5245447d9c2e0f</flow_id>
        <hash>b0b5f5377a903f9718c154168edecf6b2f72d390a3265e4d2911771a951b7b6f</hash>
        <iocs>
          <urls>
            <value>
              <url>https://pec.appleenespanol.com/</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
        </iocs>
        <name>hxxps://pec.appleenespanol.com/</name>
        <report_id>c00ce2a9-bf5a-4c0c-9ea4-e7aa860d2c9c</report_id>
        <tags>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b0b5f5377a903f9718c154168edecf6b2f72d390a3265e4d2911771a951b7b6f</id>
    <title>Analysis Report for b0b5f5377a903f9718c154168edecf6b2f72d390a3265e4d2911771a951b7b6f</title>
    <updated>2026-07-06T20:49:10Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c14ce74fb2f5922b6c6e6</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c14c52c562ae7c822e713</flow_id>
        <hash>b0b5f5377a903f9718c154168edecf6b2f72d390a3265e4d2911771a951b7b6f</hash>
        <iocs>
          <urls>
            <value>
              <url>https://pec.appleenespanol.com/</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
        </iocs>
        <name>hxxps://pec.appleenespanol.com/</name>
        <report_id>9d831f57-558c-4163-9ae7-9d3d5b507059</report_id>
        <tags>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c077b97ead4e637c73bb00381b27714cdef4decc47806505efff96fec520d30b</id>
    <title>Analysis Report for c077b97ead4e637c73bb00381b27714cdef4decc47806505efff96fec520d30b</title>
    <updated>2026-07-06T20:49:01Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c14c674fb2f5922b6c6e2</_id>
        <file_type>text/x-python</file_type>
        <flow_id>6a4c14bc9016b0169a6229fb</flow_id>
        <hash>c077b97ead4e637c73bb00381b27714cdef4decc47806505efff96fec520d30b</hash>
        <iocs/>
        <name>Test.py</name>
        <report_id>2a7db7e2-0898-4581-8341-147b5528dbac</report_id>
        <tags>
          <value>python</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</id>
    <title>Analysis Report for a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</title>
    <updated>2026-07-06T20:49:01Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c152874fb2f5922b6c6fe</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c14ba3abf2760bd72d30a</flow_id>
        <hash>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</hash>
        <iocs>
          <urls>
            <value>
              <url>https://abuse.ch/cookie-policy/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://abuse.ch/privacy-policy/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://abuse.ch/terms-and-conditions/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://abuse.ch/terms-of-use/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/browse.php#</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/css/all.min.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/css/bootstrap.min.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/css/custom.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/css/jumbotron.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/images/malwarebazaar_logo.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/js/bootstrap.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/js/jquery-3.5.1.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/verify-ua/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/webfonts/fa-regular-400.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/webfonts/fa-solid-900.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bsky.app/profile/abuse-ch.bsky.social</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ioc.exchange/@abuse_ch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://js.hcaptcha.com/1/api.js</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://newassets.hcaptcha.com/captcha/v1/5ee68ce1512ba926b899cf5273dfe1d7d2d22976/static/hcaptcha.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.linkedin.com/company/abuse-ch/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://x.com/abuse_ch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://abuse.ch/cookie-policy/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/privacy-policy/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/terms-and-conditions/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/terms-of-use/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://bsky.app/profile/abuse-ch.bsky.social</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://ioc.exchange/@abuse_ch</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://js.hcaptcha.com/1/api.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://www.linkedin.com/company/abuse-ch/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://x.com/abuse_ch</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>abuse.ch</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>bsky.app</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>ioc.exchange</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>js.hcaptcha.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>x.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>abuse.ch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>bazaar.abuse.ch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>bsky.app</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>ioc.exchange</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>js.hcaptcha.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>newassets.hcaptcha.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>x.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>3.134.25.90</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.0.227</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>151.101.2.49</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>46.4.252.37</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.19.229.21</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.146.215</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.19.230.21</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.20.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>146.75.122.49</ip>
              <origin>URL_RENDER</origin>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>50f03d5592a19a1ebf5e71d9780a32269240f1302c2c05910952a4c342e4979b</SHA-256>
              <SHA-1>b2d999b018ea83a98d0bf11692e626d335ad5838</SHA-1>
              <MD5>0e88f59f746bd46808df85f9fd41eaf8</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>291615dbc8387cba883c477d68f12698c3332969fbfa50f3cb73ec2fde25816f</SHA-256>
              <SHA-1>c273398d0e6f0333bdf8831a14f63a972d4708f3</SHA-1>
              <MD5>5452736da2fc39802fddfd1600ecaabb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>19d816f72ebfac78ddf1023aaa4411594514eb9b597c35e175f44bbb0cef3012</SHA-256>
              <SHA-1>64b4a67948b580bcb305077b355151b231f9e727</SHA-1>
              <MD5>c2d825d6a9adcdb10c0482667ceb3033</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b6c7990cf69d8a1ca6eae1339dcf61a1af5f4ad2db78d9355ac6b9a92a16a9d8</SHA-256>
              <SHA-1>89171b21e590f580dd99daa3af1daf4eddb1e367</SHA-1>
              <MD5>1c30fdea64f2feb1d16084065c16192c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>2b7584c822fb01b3d7048578c2d1c39c9111b83b5927c81afd2d8b4f09d1605d</SHA-256>
              <SHA-1>67b43b8b183932249a01b05f0dcf670bffb89f66</SHA-1>
              <MD5>8187a6938b15898c693d3cd83562d1ed</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>e34f984ef74874e4fd64509d2e2e00aa15fc21f1a75c1bcea287b23ee63d8f72</SHA-256>
              <SHA-1>e48d819d223b367414591c22e07c8f8b082a2a9f</SHA-1>
              <MD5>2018dcd49b7e35a878d59a168e48c7b5</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/x-ini</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b60816cbe9d966b24638d1a61a503246cc261690e188f2940b7f06b631108bb7</SHA-256>
              <SHA-1>175fb969f348a0c129c74cab40a3f178df9e1505</SHA-1>
              <MD5>6f6ba45221e54b153817eb3cc78f40bb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>ab01873071d3cca7d56efa164e873605d3d30fa52021e7d864d5704ace917724</SHA-256>
              <SHA-1>a351fa4464a9caab170bbf8c98e2cea86cdc48f4</SHA-1>
              <MD5>09b7e7a929ded68ae6239c743458b46f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>65cf31e0ac5c94920ecd1cf4fd0542e5dd5144d4599b76210bbf57ef4546fc59</SHA-256>
              <SHA-1>c5dcbc7a130eb48b751d93b690012247baac30a6</SHA-1>
              <MD5>b173499f1dd04bbc3dc4d4a4be617197</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>990e6362a07de012a91e46434aa42717525b54cb4e2314a6f13e0da83aae5359</SHA-256>
              <SHA-1>2383af70128a7f4397bd99794d54e4605555d23a</SHA-1>
              <MD5>f1265963b1b6269866a64f22e951bd33</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>63b63954-5928-41b2-be10-a6f87ca282fc</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxps://bazaar.abuse.ch/browse.php</name>
        <report_id>53a16e28-152d-49ca-b12e-08dc2c225b04</report_id>
        <tags>
          <value>html</value>
          <value>javascript</value>
          <value>txt</value>
          <value>ini</value>
          <value>aidetect</value>
          <value>phishing</value>
          <value>obfuscated</value>
          <value>captcha</value>
          <value>base64</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>f354b186f722ea83e7c86c7c058d1f6008a53577af042439634e83c8a7b67632</id>
    <title>Analysis Report for f354b186f722ea83e7c86c7c058d1f6008a53577af042439634e83c8a7b67632</title>
    <updated>2026-07-06T20:48:19Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c14ad74fb2f5922b6c6da</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c14909016b0169a6229af</flow_id>
        <hash>f354b186f722ea83e7c86c7c058d1f6008a53577af042439634e83c8a7b67632</hash>
        <iocs>
          <urls>
            <value>
              <url>https://web.telegram.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://t.me/%2B3tL7QfS0ePRkZGE6</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://cdn4.telesco.pe/file/oBw-sjwzu2o6SJYExjqB0RVQw8BSCbxwQsnNYYOABo0yjOukRlRuRRV03Xv2MKVHghHmmjsXZpJPGXEzbdiWqHE2IMfCWfqvCvLJXzd2mc1RV2_ADdWsEiku2hNZp96gTRjZIAxMqn7VvMaaguy22zcgwN9K-EaXtczl1KEuQsAOD3n-le_LpcB_C_k4B1uEW4Y1s9fT-5yeoWrDbBExzvHiDmK8hv5yY60P6bqazEGCpGxLXJ0R4s0mm8aaiXMOb8NxmkdCfZB03j-Y7X8qFeneK30Rwi8AJ3JnP-uRfIlHLWFjzChqTVcDwkWCVGW_V0FToW4lIw-WcueLkyfq3A.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://t.me/%2B3tL7QfS0ePRkZGE6</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/css/bootstrap.min.css?3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/css/font-roboto.css?1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/css/telegram.css?252</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/img/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/img/tgme/pattern.svg?1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://telegram.org/js/tgwallpaper.min.js?3</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>cdn4.telesco.pe</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>join</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>t.me</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>telegram.org</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>web.telegram.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>149.154.167.99</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>149.154.165.137</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>149.154.167.99</ip>
              <origin>URL_RENDER</origin>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>7f4a55f8b3642929c5e19f41fd363c938a995dceb9bb4c1c183f3e09a21164d0</SHA-256>
              <SHA-1>ade80d63eac4e6902591b4f3a5c1fdb45e9c5c6e</SHA-1>
              <MD5>72185d31a0f89aeb823542338721d3af</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>hxxps://t.me/%2B3tL7QfS0ePRkZGE6</name>
        <report_id>235e3f50-375a-4e16-b359-82794655989e</report_id>
        <tags>
          <value>html</value>
          <value>aidetect</value>
          <value>phishing</value>
          <value>evasive</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>6f8290be31230f1ecad832c94f58d512e1129d375e44c297d36dea1f58b96343</id>
    <title>Analysis Report for 6f8290be31230f1ecad832c94f58d512e1129d375e44c297d36dea1f58b96343</title>
    <updated>2026-07-06T20:47:24Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c146474fb2f5922b6c6c5</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c145a9016b0169a622950</flow_id>
        <hash>6f8290be31230f1ecad832c94f58d512e1129d375e44c297d36dea1f58b96343</hash>
        <iocs>
          <urls>
            <value>
              <url>https://urlhaus.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
        </iocs>
        <name>hxxps://urlhaus.abuse.ch/browse.php</name>
        <report_id>beec7e48-a375-49e7-a947-79fd8b916b29</report_id>
        <tags>
          <value>txt</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</id>
    <title>Analysis Report for a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</title>
    <updated>2026-07-06T20:47:23Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c14d60bc678ad76e5c821</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c145a327f9453dea7d4b6</flow_id>
        <hash>a1e4e9ff3306e0b7f931eba71ce957c45daadddb720ead0e7e3fc40a79a28380</hash>
        <iocs>
          <urls>
            <value>
              <url>https://abuse.ch/cookie-policy/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://abuse.ch/privacy-policy/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://abuse.ch/terms-and-conditions/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://abuse.ch/terms-of-use/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/browse.php#</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/css/all.min.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/css/bootstrap.min.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/css/custom.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/css/jumbotron.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/images/malwarebazaar_logo.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/js/bootstrap.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/js/jquery-3.5.1.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/verify-ua/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/webfonts/fa-regular-400.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/webfonts/fa-solid-900.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bsky.app/profile/abuse-ch.bsky.social</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ioc.exchange/@abuse_ch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://js.hcaptcha.com/1/api.js</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://newassets.hcaptcha.com/captcha/v1/5ee68ce1512ba926b899cf5273dfe1d7d2d22976/static/hcaptcha.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.linkedin.com/company/abuse-ch/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://x.com/abuse_ch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bazaar.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://abuse.ch/cookie-policy/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/privacy-policy/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/terms-and-conditions/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://abuse.ch/terms-of-use/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://bsky.app/profile/abuse-ch.bsky.social</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://ioc.exchange/@abuse_ch</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://js.hcaptcha.com/1/api.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-5GQV3CJ17N</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://www.linkedin.com/company/abuse-ch/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://x.com/abuse_ch</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>abuse.ch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>bazaar.abuse.ch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>bsky.app</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>ioc.exchange</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>js.hcaptcha.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>newassets.hcaptcha.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>x.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>abuse.ch</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>bsky.app</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>ioc.exchange</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>js.hcaptcha.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>x.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>151.101.66.49</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>151.101.66.146</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>3.21.111.84</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.146.215</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.19.229.21</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.20.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>146.75.122.49</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>46.4.252.37</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.19.229.21</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>291615dbc8387cba883c477d68f12698c3332969fbfa50f3cb73ec2fde25816f</SHA-256>
              <SHA-1>c273398d0e6f0333bdf8831a14f63a972d4708f3</SHA-1>
              <MD5>5452736da2fc39802fddfd1600ecaabb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b6c7990cf69d8a1ca6eae1339dcf61a1af5f4ad2db78d9355ac6b9a92a16a9d8</SHA-256>
              <SHA-1>89171b21e590f580dd99daa3af1daf4eddb1e367</SHA-1>
              <MD5>1c30fdea64f2feb1d16084065c16192c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>50f03d5592a19a1ebf5e71d9780a32269240f1302c2c05910952a4c342e4979b</SHA-256>
              <SHA-1>b2d999b018ea83a98d0bf11692e626d335ad5838</SHA-1>
              <MD5>0e88f59f746bd46808df85f9fd41eaf8</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>19d816f72ebfac78ddf1023aaa4411594514eb9b597c35e175f44bbb0cef3012</SHA-256>
              <SHA-1>64b4a67948b580bcb305077b355151b231f9e727</SHA-1>
              <MD5>c2d825d6a9adcdb10c0482667ceb3033</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>685d646e6b1d7e0017815806c4483407d69bc0cb16f99f9281e9e7488701bd06</SHA-256>
              <SHA-1>3194b0189d7c3258e3e25a72b0c44546849b1ba3</SHA-1>
              <MD5>45855c54b9c6a56ee06de37c56bf41ad</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>03bd3df2db3f4eea5c25e8b9956ed10755c1e6628346e6c389321463cf9dcdbd</SHA-256>
              <SHA-1>6115af63328408ad8697404e08ba12bf6e53ccf3</SHA-1>
              <MD5>63b78f5fc640588cb54a31fbd129f3da</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/x-ini</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b60816cbe9d966b24638d1a61a503246cc261690e188f2940b7f06b631108bb7</SHA-256>
              <SHA-1>175fb969f348a0c129c74cab40a3f178df9e1505</SHA-1>
              <MD5>6f6ba45221e54b153817eb3cc78f40bb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>bc8c1d6a745f92816a2a9d6abba239d88a4b3ab3cfac538daafc5eb702ad4520</SHA-256>
              <SHA-1>b797c6b1bb209bb31c9c7eefc560b9afef168f4d</SHA-1>
              <MD5>dfdfb14de07cc02cf7bf689a3d30d92b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>a7a6daf956483e461a981ab1d63e5801fa0c710b1d689ffbdbe17d7ffe6b6ccb</SHA-256>
              <SHA-1>d62c4ac6d0dd61bc4ec51f70c71d99176be8dbca</SHA-1>
              <MD5>7cf59c062a5610eb491ab3e496eb17fa</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>990e6362a07de012a91e46434aa42717525b54cb4e2314a6f13e0da83aae5359</SHA-256>
              <SHA-1>2383af70128a7f4397bd99794d54e4605555d23a</SHA-1>
              <MD5>f1265963b1b6269866a64f22e951bd33</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>63b63954-5928-41b2-be10-a6f87ca282fc</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxps://bazaar.abuse.ch/browse.php</name>
        <report_id>d8bd46c4-c850-4828-aaef-8816cbc00589</report_id>
        <tags>
          <value>html</value>
          <value>javascript</value>
          <value>txt</value>
          <value>ini</value>
          <value>aidetect</value>
          <value>phishing</value>
          <value>obfuscated</value>
          <value>captcha</value>
          <value>base64</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>d3879069bba94cc26c7082e13be1c58f2f59164f9ac32855455f0c91b639a125</id>
    <title>Analysis Report for d3879069bba94cc26c7082e13be1c58f2f59164f9ac32855455f0c91b639a125</title>
    <updated>2026-07-06T20:47:22Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c14680bc678ad76e5c80e</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c145a9016b0169a622952</flow_id>
        <hash>d3879069bba94cc26c7082e13be1c58f2f59164f9ac32855455f0c91b639a125</hash>
        <iocs>
          <urls>
            <value>
              <url>https://threatfox.abuse.ch/browse.php</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <ips>
            <value>
              <ip>63.177.146.192</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>63.177.146.192</ip>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>hxxps://threatfox.abuse.ch/browse.php</name>
        <report_id>0c48f6bc-36d5-4cfe-a881-114583b3792f</report_id>
        <tags>
          <value>txt</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>68e714e0251c0b9c807f9f8f3c2e49a0a2cfdd02975658ddef295485538d2e5f</id>
    <title>Analysis Report for 68e714e0251c0b9c807f9f8f3c2e49a0a2cfdd02975658ddef295485538d2e5f</title>
    <updated>2026-07-06T20:47:00Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c145c74fb2f5922b6c6c2</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c14423abf2760bd72d24f</flow_id>
        <hash>68e714e0251c0b9c807f9f8f3c2e49a0a2cfdd02975658ddef295485538d2e5f</hash>
        <iocs>
          <urls>
            <value>
              <url>file:///tmp/tmpq6kcgg3m.html</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <emails>
            <value>
              <email>astrid.holtz@wagenfelder.de</email>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <email>astrid.holtz@wagenfelder.de</email>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <email>astrid.holtz@wagenfelder.de</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
          </emails>
          <files>
            <value>
              <SHA-256>8da466e53f1032896873cd808846150d8b837eb0e94a2d4a2d2957833ffcdd96</SHA-256>
              <SHA-1>7c8b1b0e75469857b83a7fbd0afdd78af0c7327d</SHA-1>
              <MD5>49e81162a7b2309daae7f78e2a8f150a</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/plain</file_type>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>cb83ad41-fbdd-46f5-b61b-d63c3ee3cef8</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>obfuscated</value>
          <value>aidetect</value>
          <value>phishing</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>7afc5127f6199cb25f58c0324a86f38a8bbdc01e7346f7d9b2bf9f8130b2c150</id>
    <title>Analysis Report for 7afc5127f6199cb25f58c0324a86f38a8bbdc01e7346f7d9b2bf9f8130b2c150</title>
    <updated>2026-07-06T20:46:33Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c144e74fb2f5922b6c6bc</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c1428def7044af0b84d21</flow_id>
        <hash>7afc5127f6199cb25f58c0324a86f38a8bbdc01e7346f7d9b2bf9f8130b2c150</hash>
        <iocs>
          <urls>
            <value>
              <url>http://127.0.0.1:21</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
        </iocs>
        <name>attempt4.js</name>
        <report_id>b16d29a9-066b-4066-b3d4-6f2d9cb76b04</report_id>
        <tags>
          <value>javascript</value>
          <value>evasive</value>
          <value>repaired</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>80a768ac8c45826bad8f60d49e242a29a240b66d73492c2bb99b7d15a8caa3be</id>
    <title>Analysis Report for 80a768ac8c45826bad8f60d49e242a29a240b66d73492c2bb99b7d15a8caa3be</title>
    <updated>2026-07-06T20:45:57Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c141274fb2f5922b6c6a9</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c14033abf2760bd72d1e4</flow_id>
        <hash>80a768ac8c45826bad8f60d49e242a29a240b66d73492c2bb99b7d15a8caa3be</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df</SHA-256>
              <SHA-1>4260284ce14278c397aaf6f389c1609b0ab0ce51</SHA-1>
              <MD5>1e4a89b11eae0fcf8bb5fdd5ec3b6f61</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
          </files>
        </iocs>
        <name>TASX.exe</name>
        <report_id>27a343ef-2bbf-4b75-a97f-b7ee889d082c</report_id>
        <tags>
          <value>peexe</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>anti-debug</value>
          <value>anti-vm</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>646c4827268f8e45971e70ad7221acb6c85bcb262d4a181fae6bcf478e283c0b</id>
    <title>Analysis Report for 646c4827268f8e45971e70ad7221acb6c85bcb262d4a181fae6bcf478e283c0b</title>
    <updated>2026-07-06T20:45:54Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c143e74fb2f5922b6c6b7</_id>
        <file_type>application/vnd.android.package-archive</file_type>
        <flow_id>6a4c14013abf2760bd72d1df</flow_id>
        <hash>646c4827268f8e45971e70ad7221acb6c85bcb262d4a181fae6bcf478e283c0b</hash>
        <iocs>
          <urls>
            <value>
              <url>https://goo.gle/ad-manager-android-update-manifest.</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://goo.gle/admob-android-update-manifest</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://goo.gle/admob-android-update-manifest.</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://issuetracker.google.com/issues/241760537</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://issuetracker.google.com/issues/new?component=907884&amp;template=1466542</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://play.google.com/store/apps/details?id=com.androxus.playback</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>play.google.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>goo.gle</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>issuetracker.google.com</url>
              <origin>APK_DECODING</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>_X@Js.vL</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>142.251.110.139</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.250.154.113</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>67.199.248.13</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>76d2fd2fddfb7e7a756348da3c75d63033d72b4c04823a26b93759e9a8aa81ce</SHA-256>
              <SHA-1>bc36d48a03bdd607f1f3b881d8a45c1e1bd3e32b</SHA-1>
              <MD5>25492d84eadec417679a1c1bc4539657</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>93a50882f95002452842632ae4c01ff42a4a3cc8284f4736c4a7beb0e36a8ad2</SHA-256>
              <SHA-1>cdb3a5a1392ce6ddc174c6d53d155e068df4f75c</SHA-1>
              <MD5>b524e40644c314f56c0a7b91cbdb9fa7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>dd68f186c8814d7ff9e2f2f416a8b88a65236be39d0c8f2c9d71fc96aa40cbbb</SHA-256>
              <SHA-1>1a50a179f5895f04393a9944b5d319f1fe1d7612</SHA-1>
              <MD5>9401f02c16bae228118a7710b3bd9c8b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b29a6365120c3aa91b7edf529e3695bebec8382805017390f9528bdc6e6e45c0</SHA-256>
              <SHA-1>ae1a6cf4e3b0c443d40c8f5b7271a17069e4fe6e</SHA-1>
              <MD5>404abd93cac77463646082fb91dbe79b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>63280bd117aba6fc0c6d055a68a899a21f93565fa02fcbc850b7c3ae9e59da71</SHA-256>
              <SHA-1>24ade7f5ae3a31bec5098ea00011ec0ccedbcd81</SHA-1>
              <MD5>1423d1a9e74aa6e210c95b951a4ab865</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>PlayBack v2.0.7 (PREMIUM).apk</name>
        <report_id>b56486d3-9291-4cae-a1d3-5348d4db7b2f</report_id>
        <tags>
          <value>apk</value>
          <value>html</value>
          <value>invalid-signature</value>
          <value>persistence</value>
          <value>base64</value>
          <value>crypto</value>
          <value>evasive</value>
          <value>fingerprint</value>
          <value>signed</value>
          <value>expand</value>
          <value>lolbin</value>
          <value>obfuscated</value>
          <value>captcha</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>9347022162ef236f83afc32201ca3ccd1423a0d7b78b10d07e076e2bbf9fb520</id>
    <title>Analysis Report for 9347022162ef236f83afc32201ca3ccd1423a0d7b78b10d07e076e2bbf9fb520</title>
    <updated>2026-07-06T20:45:21Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c13ed74fb2f5922b6c6a1</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c13de3abf2760bd72d186</flow_id>
        <hash>9347022162ef236f83afc32201ca3ccd1423a0d7b78b10d07e076e2bbf9fb520</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e</SHA-256>
              <SHA-1>bac45b86a9c48fc3756a46809c101570d349737d</SHA-1>
              <MD5>24d3b502e1846356b0263f945ddd5529</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <SHA-256>d88f9ba22c5cbcd9e4643789d296ec39345c843b3d8eeefdf00e33b2a56c7e3b</SHA-256>
              <SHA-1>7592f0d9d6707d158bfa607173fecd2647cd9977</SHA-1>
              <MD5>8b06527d005bbe51aa53f64cf55cdb0e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>vstdlib.dll</name>
        <report_id>4c929925-92c0-494b-bbb8-6326bb8a35a8</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>microsoft_visual_cc</value>
          <value>anti-debug</value>
          <value>anti-vm</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3bdd5cce608471d962a860eb3df36d2c621185f54f0ded8496f9bdd84085d410</id>
    <title>Analysis Report for 3bdd5cce608471d962a860eb3df36d2c621185f54f0ded8496f9bdd84085d410</title>
    <updated>2026-07-06T20:44:02Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c13c4ff2e0900e305acfb</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c13902c562ae7c822e5ce</flow_id>
        <hash>3bdd5cce608471d962a860eb3df36d2c621185f54f0ded8496f9bdd84085d410</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.icontact.com/pricing/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://browser.sentry-cdn.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cdn.ziffstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cdn.ziffstatic.com/jst/zdconsent.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://d-code.liadm.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Rubik:wght@500;700&amp;family=Roboto:wght@400;500&amp;family=Protest+Riot&amp;family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&amp;display=swap</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://help.icontact.com/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://icontact.my.salesforce-scrt.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://icontact.my.site.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://privacyportal.onetrust.com/webform/f73513a8-7a10-4a9d-939a-703f8d994839/0261e617-e956-4778-beb5-d8bcb9295c41</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://scripts.clarity.ms</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://tags.fullcontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://tags.fullcontact.com/anon/fullcontact.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://twitter.com/iContact</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.clarity.ms</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.clarity.ms/tag/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/iContact</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/?p=159</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/about-us/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-automation-tools/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-building-tools/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-insights-and-analytics-tools/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-list-management-and-growth-tools/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-marketing-integrations/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/icontact-for-salesforce/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/social-platform-posting/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/industries/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/resources/blog/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/resources/glossary/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/ESWiContactMarketingSite1760989644429/assets/js/bootstrap.min.js?ver=1782200075</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/api/tracking.js?ver=1782200074</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/assets/external/E-v1.js?ver=1782200074</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/file.js?ver=1783333313</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/jst/zdconsent.js?ver=1782200073</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/static/dist/icontact-api.css?ver=1782200073</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/static/dist/icontact-api.js?ver=1782200074</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/wp-content/plugins/bt-bb-ab/css/experiment-frontend.css?ver=1782200073</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/wp-content/themes/iccwpt/library/source-css/style.css?ver=1782200073</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/wp-includes/css/dashicons.min.css?ver=1782200073</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/bt-bb-ab/js/bt_conversion-min.js?ver=2.5.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/nelio-ab-testing/assets/dist/js/visitor-type.js?ver=287e8e4cd3bcff28c95d</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/searchwp-live-ajax-search/assets/javascript/dist/script.min.js?ver=1.8.7</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/searchwp-live-ajax-search/assets/styles/style.min.css?ver=1.8.7</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/seoai-client/assets/css/front.min.css?ver=2.22.8</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/seoai-client/assets/js/front.min.js?ver=2.22.8</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=4.0.3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/dd-icon-gray.png</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/functions.js?v=1.0.01783369360&amp;ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/jq.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/slick.min.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/04/cropped-icontact-logo-180x180.png</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/04/cropped-icontact-logo-192x192.png</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/04/cropped-icontact-logo-32x32.png</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/oembed/1.0/embed</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/wp/v2/pages/159</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/xmlrpc.php?rsd</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.instagram.com/icontact/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.linkedin.com/company/icontact</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.youtube.com/user/icontact</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/pricing</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://ad.doubleclick.net/ccm/s/collect?auid=1734967155.1783370663&amp;gtm=45E92e6710v72130907za204zd72130907xea</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.com/actionp/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=fa4e9296-8a38-4990-93cd-584d42c189e6&amp;bo=3&amp;sid=78b56d70797b11f19dd9358713194120&amp;vid=78b5b810797b11f19332a7c121810aed&amp;vids=1&amp;msclkid=N&amp;evt=consent&amp;src=update&amp;cdb=AQEV&amp;asc=G</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.com/bat.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.com/p/action/25020686.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/action/0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/action/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=fa4e9296-8a38-4990-93cd-584d42c189e6&amp;bo=6&amp;pi=918639831&amp;lg=en-US&amp;sw=800&amp;sh=600&amp;sc=24&amp;nwd=1&amp;tl=Pricing%20%7C%20iContact&amp;p=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F&amp;r=&amp;lt=600&amp;evt=pageLoad&amp;sv=2&amp;asc=D&amp;cdb=AQEV&amp;rn=302599</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/actionp/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=fa4e9296-8a38-4990-93cd-584d42c189e6&amp;bo=1&amp;evt=consent&amp;src=update&amp;cdb=AQEV&amp;asc=D</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/actionp/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=fa4e9296-8a38-4990-93cd-584d42c189e6&amp;bo=2&amp;evt=consent&amp;src=default&amp;cdb=AQEV&amp;asc=D</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/actionp/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=fa4e9296-8a38-4990-93cd-584d42c189e6&amp;bo=4&amp;evt=consent&amp;src=update&amp;cdb=AQEV&amp;asc=D</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/actionp/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=fa4e9296-8a38-4990-93cd-584d42c189e6&amp;bo=5&amp;evt=consent&amp;src=update&amp;cdb=AQEV&amp;asc=D</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser.sentry-cdn.com/9.6.1/bundle.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/consent/0a882b5f-978a-4fe4-a910-ce62dedb1308/019e0d4c-7328-7201-b60b-e5323f61261c/en.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/consent/0a882b5f-978a-4fe4-a910-ce62dedb1308/0a882b5f-978a-4fe4-a910-ce62dedb1308.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/scripttemplates/202604.2.0/assets/otCommonStyles.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/scripttemplates/202604.2.0/assets/otFloatingRounded.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/vendorlist/googleData.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/vendorlist/iab2V2Data.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.ziffstatic.com/jst/otBannerSdk.202604.2.0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.ziffstatic.com/jst/otTCF.202604.2.0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.ziffstatic.com/jst/zdconsent_eu.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://connect.facebook.net/en_US/fbevents.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://connect.facebook.net/signals/config/407843040382976</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://connect.facebook.net/signals/config/407843040382976?v=2.9.349&amp;r=stable&amp;domain=www.icontact.com&amp;hme=f29d86973612db0f0627890a64bdc8c47b471189050b33f2680b7d76997afc9a&amp;ex_m=107%2C208%2C158%2C22%2C73%2C74%2C149%2C69%2C68%2C11%2C167%2C93%2C16%2C141%2C130%2C39%2C76%2C81%2C137%2C163%2C169%2C8%2C4%2C5%2C7%2C6%2C3%2C94%2C104%2C170%2C175%2C222%2C30%2C75%2C234%2C233%2C232%2C23%2C33%2C55%2C106%2C61%2C10%2C64%2C100%2C101%2C102%2C108%2C133%2C31%2C29%2C135%2C136%2C132%2C131%2C159%2C77%2C162%2C160%2C161%2C50%2C60%2C126%2C15%2C166%2C45%2C279%2C280%2C278%2C26%2C27%2C28%2C48%2C150%2C78%2C115%2C18%2C20%2C44%2C40%2C42%2C41%2C86%2C95%2C99%2C113%2C148%2C151%2C46%2C114%2C24%2C21%2C122%2C70%2C36%2C153%2C152%2C154%2C145%2C143%2C25%2C35%2C59%2C112%2C165%2C71%2C17%2C156%2C117%2C84%2C67%2C19%2C88%2C89%2C119%2C87%2C139%2C138%2C142%2C164%2C34%2C293%2C309%2C215%2C204%2C62%2C205%2C203%2C312%2C303%2C52%2C216%2C110%2C134%2C83%2C124%2C54%2C47%2C49%2C116%2C123%2C129%2C128%2C58%2C65%2C63%2C155%2C79%2C80%2C118%2C37%2C32%2C53%2C56%2C103%2C168%2C1%2C127%2C14%2C125%2C12%2C2%2C57%2C96%2C66%2C121%2C92%2C91%2C171%2C172%2C97%2C98%2C9%2C105%2C51%2C146%2C90%2C82%2C72%2C120%2C109%2C43%2C147%2C0%2C85%2C140%2C144%2C157%2C38%2C111%2C13%2C173</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Rubik:wght@500;700&amp;family=Roboto:wght@400;500&amp;family=Protest+Riot&amp;family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/rubik/v31/iJWKBXyIfDnIV7nBrXw.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://help.icontact.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://i.clarity.ms/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.salesforce-scrt.com/embeddedservice/v1/businesshours?orgId=00D80000000KqLk&amp;esConfigName=iContactMarketingSite</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.salesforce-scrt.com/embeddedservice/v1/embedded-service-config?orgId=00D80000000KqLk&amp;esConfigName=iContactMarketingSite&amp;language=en_US</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/htdocs/sitecontext.min.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/htdocs/sitecontext.min.html?parent_domain=https%3A%2F%2Fwww.icontact.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/js/inert.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/styles/bootstrap.min.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://js.hs-analytics.net/analytics/1783370400000/4638697.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://js.hs-banner.com/v2/4638697/banner.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://js.hs-scripts.com/4638697.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://privacyportal.onetrust.com/webform/f73513a8-7a10-4a9d-939a-703f8d994839/0261e617-e956-4778-beb5-d8bcb9295c41</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/attribution_trigger</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/attribution_trigger?pid=4250652&amp;time=1783370663825&amp;url=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F&amp;tm=gtmv2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/collect?v=2&amp;fmt=js&amp;pid=4250652&amp;time=1783370663825&amp;url=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F&amp;tm=gtmv2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/wa/?medium=fetch&amp;fmt=g</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect?v=2&amp;tid=G-M3V3MD1N4B&amp;gtm=45g92e6710v871200659z872130907za20kzb72130907zd72130907&amp;_p=1783370662743&amp;_gaz=1&amp;gcs=G111&amp;gcd=13v3vPv2v6l1&amp;npa=0&amp;dma_cps=a&amp;dma=1&amp;tcfd=10s5b&amp;gdid=dYzg1YT&amp;ecid=1164912321&amp;_eu=AAAAAGAC&amp;_uip=%3A%3A&amp;are=1&amp;cid=1065488664.1783370664&amp;ec_mode=a&amp;frm=0&amp;pscdl=noapi&amp;rcb=3&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;ur=DE-HE&amp;gaf=2&amp;_s=1&amp;tag_exp=115938465~115938468~119027224~119576881~119576885~119576891~119576895&amp;sid=1783370663&amp;sct=1&amp;seg=0&amp;dl=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F&amp;dt=Pricing%20%7C%20iContact&amp;_tu=AAg&amp;en=page_view&amp;_fv=1&amp;_nsi=1&amp;_ss=1&amp;gap.gtb=1&amp;tfd=1050</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect?v=2&amp;tid=G-M3V3MD1N4B&amp;gtm=45g92e6710v871200659z89184794040za20kzb72130907zd72130907&amp;_p=1783370662743&amp;gcs=G111&amp;gcd=13v3vPv2v6l1&amp;npa=0&amp;dma_cps=a&amp;dma=1&amp;tcfd=10s5b&amp;gdid=dYzg1YT&amp;ecid=1164912321&amp;_eu=AAACAGQC&amp;_uip=%3A%3A&amp;are=1&amp;cid=1065488664.1783370664&amp;ec_mode=a&amp;frm=0&amp;pscdl=noapi&amp;rcb=3&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;ur=DE-HE&amp;gaf=2&amp;_s=2&amp;tag_exp=115938465~115938468~119027224~119576881~119576885~119576891~119576895&amp;sid=1783370663&amp;sct=1&amp;seg=1&amp;dl=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F&amp;dt=Pricing%20%7C%20iContact&amp;_tu=AAg&amp;en=page_view&amp;gap.gtb=1&amp;_et=5&amp;tfd=1056</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://scripts.clarity.ms/0.8.66/clarity.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://snap.licdn.com/li.lms-analytics/insight.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://snap.licdn.com/li.lms-analytics/insight.old.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://stats.g.doubleclick.net/g/collect?v=2&amp;tid=G-M3V3MD1N4B&amp;cid=1065488664.1783370664&amp;gtm=45g92e6710v871200659z872130907za20kzb72130907zd72130907&amp;rcb=3&amp;aip=1&amp;dma=1&amp;dma_cps=a&amp;gcs=G111&amp;gcd=13v3vPv2v6l1&amp;npa=0&amp;frm=0&amp;tag_exp=115938465~115938468~119027224~119576881~119576885~119576891~119576895</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://twitter.com/iContact</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.clarity.ms/tag/fbp9bfj68k</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/iContact</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/tr/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/tr/?id=407843040382976&amp;ev=PageView&amp;dl=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F&amp;rl=&amp;if=false&amp;ts=1783370663807&amp;iw=false&amp;sw=800&amp;sh=600&amp;v=2.9.349&amp;r=stable&amp;ec=0&amp;o=4126&amp;aems=0%3B0&amp;fbp=fb.1.1783370663797.565723663419343071&amp;cs_est=true&amp;ler=empty&amp;cdl=API_unavailable&amp;pmd[title]=Pricing%20%7C%20iContact&amp;pmd[locale]=en_US&amp;pmd[description]=Get%20detailed%20pricing%20information%20on%20iContact%20services%20for%20all%20types%20of%20businesses.%20Find%20the%20perfect%20pricing%20to%20fit%20your%20email%20marketing%20budget.&amp;plt=599.8000001907349&amp;iss=1&amp;imft=1&amp;tz=0&amp;it=1783370663711&amp;coo=false&amp;expv2[0]=pl0&amp;expv2[1]=el3&amp;expv2[2]=bc1&amp;expv2[3]=ra2&amp;expv2[4]=rp2&amp;expv2[5]=ct2&amp;expv2[6]=hf1&amp;rqm=GET</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.google-analytics.com/analytics.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google-analytics.com/j/collect</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google-analytics.com/j/collect?v=1&amp;_v=j102&amp;a=1867012826&amp;t=pageview&amp;_s=1&amp;dl=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F&amp;ul=en-us&amp;dt=Pricing%20%7C%20iContact&amp;sr=800x600&amp;vp=1905x1080&amp;_u=YADAAEABAAAAACAAI~&amp;jid=169365186&amp;gjid=1575085897&amp;cid=1065488664.1783370664&amp;tid=UA-336469-13&amp;_gid=260734638.1783370664&amp;_r=1&amp;_slc=1&amp;gtm=45E92e6710n715H25P7v72130907za204zd72130907&amp;gcs=G111&amp;gcd=13v3v3v2v5l1&amp;dma_cps=a&amp;dma=1&amp;tcfd=10001&amp;tag_exp=0~115938465~115938469~119027224&amp;z=1371085445</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/ccm/collect</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/ccm/collect?rcb=19&amp;frm=0&amp;ae=g&amp;auid=1734967155.1783370663&amp;dt=Pricing%20%7C%20iContact&amp;en=page_view&amp;dl=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F&amp;scrsrc=www.icontact.com&amp;rnd=1752901375.1783370663&amp;navt=n&amp;npa=0&amp;us_privacy=1YNY&amp;ep.ads_data_redaction=0&amp;gdid=dYzg1YT.dNzQzZD&amp;_tu=AAg&amp;gtm=45E92e6710v72130907za204zd72130907xea&amp;gcs=G111&amp;gcd=13v3v3v2v6l1&amp;dma_cps=a&amp;dma=1&amp;tcfd=10001&amp;tag_exp=0~115938465~115938469~119027224&amp;apve=1&amp;apvf=f&amp;gap.gtb=1&amp;apvc=1&amp;tft=1783370663356&amp;tfd=781&amp;fmt=8</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.de/ads/ga-audiences?v=1&amp;t=sr&amp;slf_rd=1&amp;_r=4&amp;tid=G-M3V3MD1N4B&amp;cid=1065488664.1783370664&amp;gtm=45g92e6710v871200659z872130907za20kzb72130907zd72130907&amp;rcb=3&amp;aip=1&amp;dma=1&amp;dma_cps=a&amp;gcs=G111&amp;gcd=13v3vPv2v6l1&amp;npa=0&amp;frm=0&amp;tag_exp=115938465~115938468~119027224~119576881~119576885~119576891~119576895&amp;z=44428542</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=GTM-5H25P7&amp;gtg_health=1</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=GTM-MRXDKP5F&amp;gtm_auth=_UWsnyiBRfHpLpu1XVGvFg&amp;gtm_preview=env-1&amp;gtm_cookies_win=x</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/about-us/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/awards/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/careers/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/cdn-cgi/challenge-platform/h/b/jsd/oneshot/80a697ecdece/0.9387016727400471:1783368321:eGAAnKozlKXOrRZrDHxf5-W3-vnKmqsP4VZIn_rnLBQ/a1717271b07819b1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/80a697ecdece/main.js?</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/cdn-cgi/rum?</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/contact/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/data-processing-schedule/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/engi/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/engi/h9ECrggIIGB48QFZO20nQykCaekVNejlVuPeZhdD8zVz48UC</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-automation-tools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-building-tools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-insights-and-analytics-tools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-list-management-and-growth-tools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-marketing-integrations/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/icontact-for-salesforce/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/social-platform-posting/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/industries/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/legal/anti-spam-policy/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/legal/anti-spam-policy/#casl</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/legal/privacy/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/partner-program-agreement/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/partner/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/pricing#</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/report-spam/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/resources/blog/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/resources/glossary/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/signup/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/understanding-gdpr/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/ESWiContactMarketingSite1760989644429/assets/js/bootstrap.min.js?ver=1782200075</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/api/tracking.js?ver=1782200074</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/api/v1/session</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/assets/external/E-v1.js?ver=1782200074</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/file.js?ver=1783333313</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/jst/zdconsent.js?ver=1782200073</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/static/dist/icontact-api.css?ver=1782200073</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/static/dist/icontact-api.js?ver=1782200074</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/wp-content/plugins/bt-bb-ab/css/experiment-frontend.css?ver=1782200073</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/wp-content/themes/iccwpt/library/source-css/style.css?ver=1782200073</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/cache/min/1/wp-includes/css/dashicons.min.css?ver=1782200073</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/bt-bb-ab/js/bt_conversion-min.js?ver=2.5.4</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/nelio-ab-testing/assets/dist/js/visitor-type.js?ver=287e8e4cd3bcff28c95d</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/searchwp-live-ajax-search/assets/javascript/dist/script.min.js?ver=1.8.7</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/searchwp-live-ajax-search/assets/styles/style.min.css?ver=1.8.7</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/seoai-client/assets/css/front.min.css?ver=2.22.8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/seoai-client/assets/js/front.min.js?ver=2.22.8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=4.0.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/blue-arrow-right.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/checkmark-icon.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/dd-icon-gray.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/extra-teal-bg.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/footer-logo.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/green-highlight-line.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/heart-icon.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/icontact-logo.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/orange-highlight-line.png?v=1.01</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/round-check-icon.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-fb.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-ig.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-li.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-tw.svg?v=1.01</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-yt.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/functions.js?v=1.0.01783369360&amp;ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/jq.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/slick.min.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/04/cropped-icontact-logo-32x32.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.instagram.com/icontact/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.linkedin.com/company/icontact</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.youtube.com/user/icontact</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.ziffdavis.com/privacy-policy</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/api/tracking.php</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/api/tracking.php?sRef=&amp;sReq=https%3A%2F%2Fwww.icontact.com%2Fpricing%2F</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/&amp;dt=Pricing</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/&amp;r=&amp;lt=600&amp;evt=pageLoad&amp;sv=2&amp;asc=D&amp;cdb=AQEV&amp;rn=302599</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/&amp;rl=&amp;if=false&amp;ts=1783370663807&amp;iw=false&amp;sw=800&amp;sh=600&amp;v=2.9.349&amp;r=stable&amp;ec=0&amp;o=4126&amp;aems=0;0&amp;fbp=fb.1.1783370663797.565723663419343071&amp;cs_est=true&amp;ler=empty&amp;cdl=API_unavailable&amp;pmd</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/&amp;scrsrc=www.icontact.com&amp;rnd=1752901375.1783370663&amp;navt=n&amp;npa=0&amp;us_privacy=1YNY&amp;ep.ads_data_redaction=0&amp;gdid=dYzg1YT.dNzQzZD&amp;_tu=AAg&amp;gtm=45E92e6710v72130907za204zd72130907xea&amp;gcs=G111&amp;gcd=13v3v3v2v6l1&amp;dma_cps=a&amp;dma=1&amp;tcfd=10001&amp;tag_exp=0~115938465~115938469~119027224&amp;apve=1&amp;apvf=f&amp;gap.gtb=1&amp;apvc=1&amp;tft=1783370663356&amp;tfd=781&amp;fmt=8</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/&amp;tm=gtmv2</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/&amp;ul=en-us&amp;dt=Pricing</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>www.icontact.com</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>browser.sentry-cdn.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cdn.cookielaw.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cdn.ziffstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>d-code.liadm.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>help.icontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>icontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>icontact.my.salesforce-scrt.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>icontact.my.site.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>privacyportal.onetrust.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>scripts.clarity.ms</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>tags.fullcontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>twitter.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.clarity.ms</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.icontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.instagram.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.youtube.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>ad.doubleclick.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>bat.bing.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>bat.bing.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>browser.sentry-cdn.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.cookielaw.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.ziffstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>connect.facebook.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>geolocation.onetrust.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>help.icontact.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>i.clarity.ms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>icontact.my.salesforce-scrt.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>icontact.my.site.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>js.hs-analytics.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>js.hs-banner.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>js.hs-scripts.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>privacyportal.onetrust.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>px.ads.linkedin.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>region1.analytics.google.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>scripts.clarity.ms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>snap.licdn.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>static.cloudflareinsights.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>stats.g.doubleclick.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>twitter.com</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.clarity.ms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google-analytics.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.icontact.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.instagram.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.youtube.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.ziffdavis.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>wwwapi.icontact.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>57.144.244.1</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.32.137</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>13.226.244.119</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>44.237.188.144</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.20.94</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>57.144.244.34</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.16.140.209</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.16.160.168</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.16.79.73</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.32.137</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.35.42</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.40.240</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.41.41</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.87.42</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.21.22.26</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.157</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.14.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.157.119</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.20.101</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.20.149</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.20.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>150.171.28.10</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>151.101.194.217</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>157.240.253.1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>163.70.128.35</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.67.202.14</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>192.178.183.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2.22.50.206</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>20.250.198.32</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.34.36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>23.55.161.151</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>4.153.72.49</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>44.241.161.22</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>162.159.140.229</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.152.214</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.21.22.26</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.87.42</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>2.22.50.206</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.35.42</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.139</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>65.8.131.17</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>20.250.198.32</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>151.101.2.217</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>de9fe4d2e777c7259b133da7734d1ba824651ebbd829dbd2513cf22a1d147971</SHA-256>
              <SHA-1>0a85497e614d4df1a50c2715c630e3edc3253dd4</SHA-1>
              <MD5>bc52cd8cb27f640ab2c42426405f5e80</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>220bcb1ca2a00dad8195df3f900f82cab60fa423364e9d9aff31559947bf15ce</SHA-256>
              <SHA-1>8d52cf5d7815d3679d1cd8f326471edfe9fd9f34</SHA-1>
              <MD5>4ddcdb6a2d207dd0277856f0549bcf60</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e8f2ded5d74c0ee5f427a20b6715e65bc79ed5c4fc67fb00d89005515c8efe63</SHA-256>
              <SHA-1>ae56ea57c52d1153cec33cef91cf935d2d3af14d</SHA-1>
              <MD5>fbe36eb2eecf1b90451a3a72701e49d2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>32f4882d6d97d02882dc7d4da57067ec438880ac9700d2bbe9f4751eb1a8ef38</SHA-256>
              <SHA-1>4c7fbf8ee15188912e4c7cbb67f782e2a7e87545</SHA-1>
              <MD5>992c0ae31c12fbee8be863e45d2a57a4</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>28c8688e80a9435d571bc0c60669a01d046cbe2e815eafbd4bc873a0e6d1f68a</SHA-256>
              <SHA-1>dd9062aa84991cbcb33d35c8db0a502c5d6bc36b</SHA-1>
              <MD5>0d635f1f213691b3db2b60f3c02f4534</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>d04f484449f42069ae518fd85a3834edfeef763c6cc9403fd7196f4988ff6963</SHA-256>
              <SHA-1>1dc4aa60c71dc1b004f3c648e21e998bb425d6f5</SHA-1>
              <MD5>5eebb33e20bc0022b6818b963f503716</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>58404bdf6dc25c24fedd979469e69bfb8dc9ebca64a469929a858a12b12b9c30</SHA-256>
              <SHA-1>9b5ee969ca96ba0d4547a6041c5a86bf80fd4c96</SHA-1>
              <MD5>6351030f724f6f42fd11ec9aa6ee8c76</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>0261e617-e956-4778-beb5-d8bcb9295c41</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>f73513a8-7a10-4a9d-939a-703f8d994839</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxps://www.icontact.com/pricing</name>
        <report_id>380e63db-cbee-44ee-97ca-5bf5876e85b8</report_id>
        <tags>
          <value>html</value>
          <value>txt</value>
          <value>xml</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e6f338698114ee6b8581689d35c975b9dedbe828ef37aadb5aa2cfb2873bbe35</id>
    <title>Analysis Report for e6f338698114ee6b8581689d35c975b9dedbe828ef37aadb5aa2cfb2873bbe35</title>
    <updated>2026-07-06T20:43:45Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c13b9ff2e0900e305acf8</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c137e5a5245447d9c2dc5</flow_id>
        <hash>e6f338698114ee6b8581689d35c975b9dedbe828ef37aadb5aa2cfb2873bbe35</hash>
        <iocs>
          <urls>
            <value>
              <url>https://aka.ms/dotnet/app-launch-failed</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://aka.ms/dotnet/download</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://aka.ms/dotnet/info</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://aka.ms/dotnet/sdk-not-found</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>aka.ms</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>23.52.181.141</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>0a24185b73aaba945692f9b9433d295bb726350b28a824bf2fbbeb0bf92be3c4</SHA-256>
              <SHA-1>a4607cdce89c790c625ddbf1fd79b1ad572d11ec</SHA-1>
              <MD5>5daf80e538bdf3ff2f6e2487b9582e6b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>2f1b3666c16022c6a521731f5e3d6f3a7413e31707cd0fd27138be43cf06cb92</SHA-256>
              <SHA-1>c3df92fc0d952459741f7a0cc0bfb4914e49eaf4</SHA-1>
              <MD5>3c2e166d4093b3c9896e744fd29efcf4</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a</SHA-256>
              <SHA-1>cac699787884fb993ced8d7dc47b7c522c7bc734</SHA-1>
              <MD5>b7db84991f23a680df8e95af8946f9c9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>7f6881d1300a00157a3708a65a6ecd1a7dc03ee2405da41ebc546d6a35f33797</SHA-256>
              <SHA-1>8af7691340cfd633ce7873d93d4bcbd9cd9eb675</SHA-1>
              <MD5>8a68f7947d7f5de38717d650a7b0e57e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>87d9be4391a18151f7bffe661e835039e78eb55619bb1faaa87dde7e9d29010c</SHA-256>
              <SHA-1>4ae30e3229eaeb5bb47830e6a5504af7df728645</SHA-1>
              <MD5>ef6a8ebbeecf47a0393d7ecf2481fa54</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>a9530bbdae59094c878b8c4ccc190892802d509eccd6cf77f7b6b23afcc4763f</SHA-256>
              <SHA-1>3ff8bf9a30405cddede4346ce2edeedaca6173bf</SHA-1>
              <MD5>6778a106c9903ca58087b58eea854ed9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>f75b0f644152431c3b228f421225b038da7b6486900d99f9e6f7a2e46a33ce4f</SHA-256>
              <SHA-1>94c85fb6902b2bd11e0be9990cd52607c521ab47</SHA-1>
              <MD5>24c5c3854395e9fb818ebcee7e42d24b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>59cd8c35a9a1c97eaebab01475027e54d34fbc0e46ade6c3bea5e7bb489b9cc2</SHA-256>
              <SHA-1>dcc897dae965bc093ee861fc54243c67f1100cc3</SHA-1>
              <MD5>7ce25a650531216e1fbc5c82efafa7fe</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>717d1540da2fc94547a13a16fae3b6a0a9ada1ee48a17ea12316e06d2003cf95</SHA-256>
              <SHA-1>3095105a05381512bc20e430aba1b9f89c347e31</SHA-1>
              <MD5>bae356b198c2d7650d78e3d2aa99b2b4</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>8cb94db42659ebe2b4c09a60a09042988a80f1792aaba44f4a68f05947db0c02</SHA-256>
              <SHA-1>ab7a67a464c238e4cd34673552ca148100b42bb6</SHA-1>
              <MD5>1b2485780e71cb8afc81610c9f7a7e31</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>87acde6ff38a88464ee6e07dd7ebfdde88081d3255fee870cadeec7c0f709f54</SHA-256>
              <SHA-1>5473ebfc5913daaf8616caf0f7dd6624dd2d0c96</SHA-1>
              <MD5>c6c948d6524ea35b49567c23c9b940e6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>12daee9aafc24ad5b19af19b8fb1b3c3</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>3f45e5226241dc2687725bbbf6dc932b</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>DiscordRemoteControl.exe</name>
        <report_id>88d9adca-bc4c-430b-b4bc-96e1476b0220</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>packed</value>
          <value>anti-debug</value>
          <value>overlay</value>
          <value>dotnet</value>
          <value>fingerprint</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>ba768e52afb236f5e0a053a87537ee77d238ee11eccd91e29aaa76d1cb002772</id>
    <title>Analysis Report for ba768e52afb236f5e0a053a87537ee77d238ee11eccd91e29aaa76d1cb002772</title>
    <updated>2026-07-06T20:43:29Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c13c674fb2f5922b6c698</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c136fdef7044af0b84cb7</flow_id>
        <hash>ba768e52afb236f5e0a053a87537ee77d238ee11eccd91e29aaa76d1cb002772</hash>
        <iocs>
          <urls>
            <value>
              <url>https://u4641744.ct.sendgrid.net/ls/click?upn=u001.PBejntgA6G8QyxWMWhEwTzK-2F1eG0L-2BiXSsFGBsdR-2FFo-3DTsKN_bf4JG6rVotaFp8XsYJMcbERA9bYkMZqFRsRVsLNA94zEuFHhw-2FiUG4-2BTd7G4ky0TO0PWmbdXaOCxZke5T-2FLiex1-2F7J6JEeBRuFmBAQ6OhXW1QqLVSx2fENvjLB2bTYcK-2FMvfyB4nzPSzU1U0NZ7xaO-2FQjgDqvVu491Sxl4C8WIf2EWESC5M1Kep-2B4eQ8g2jJTdrBfSqTTB9JHJOQvrSuBg-3D-3D</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>3.0.1.1</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://gdi.com/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://gdi.com/&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://mailto;NOSC@ainsworth.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>http://www.w3.org/1999/xlink</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.w3.org/2000/svg</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://analytics.ahrefs.com/analytics.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cleaningcoalition.org/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cloud.typography.com/6217600/6081432/css/fonts.css</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://customerportal.ainsworth.com/Account/Login?ReturnUrl=%2fLocation</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&amp;display=swap</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://gdi.com/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/feed/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor-pro/assets/css/modules/sticky.min.css?ver=4.1.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=4.1.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=4.1.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=4.1.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=4.1.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor-timeline/assets/timeline.css?ver=1.0.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor-timeline/assets/timeline.js?ver=1.0.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/css/conditionals/apple-webkit.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/css/widget-image-box.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/css/widget-social-icons.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/css/widget-spacer.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/lib/animations/styles/e-animation-grow.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/lib/animations/styles/fadeIn.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/lib/animations/styles/fadeInLeft.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/lib/animations/styles/fadeInRight.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/elementor/assets/lib/animations/styles/fadeInUp.min.css?ver=4.1.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gp-address-autocomplete/js/built/gp-address-autocomplete.js?ver=1.2.19</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gp-address-autocomplete/js/built/gp-map-field.js?ver=1.2.19</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gp-advanced-phone-field/js/built/gp-advanced-phone-field.js?ver=1.0.22</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=301fdc9aa6144168f3b854c4c2c8f6d3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=3f278756f0a3032bed328ff6a9f6c01d</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=7c651d0ba638ce98b9c65141edddd567</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.10.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.10.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.10.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gravityforms/js/page_conditional_logic.min.js?ver=2.10.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.10.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/gravityformsrecaptcha/js/frontend.min.js?ver=2.2.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/jet-menu/assets/public/css/public.css</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/jet-menu/assets/public/css/public.css?ver=3.0.1.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/jet-menu/assets/public/js/jet-menu-public-scripts.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/jet-menu/assets/public/js/jet-menu-public-scripts.js?ver=3.0.1.1</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/jet-menu/includes/elementor/assets/public/js/widgets-scripts.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/jet-menu/includes/elementor/assets/public/js/widgets-scripts.js?ver=3.0.1.1</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/jet-menu/integration/themes/hello-elementor/assets/css/style.css</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/jet-menu/integration/themes/hello-elementor/assets/css/style.css?ver=3.0.1.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=495000</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/unlimited-elements-for-elementor-premium/assets_libraries/fancybox3/jquery.fancybox.min.js?ver=2.0.10</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://gdi.com/wp-content/plugins/unlimited-elements-for-elementor-premium/assets_libraries/owl-carousel-new/owl.carousel.min.js?ver=2.0.10</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/themes/gdi/style.css?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/themes/hello-elementor/assets/css/header-footer.css?ver=3.4.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/themes/hello-elementor/assets/css/reset.css?ver=3.4.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/themes/hello-elementor/assets/css/theme.css?ver=3.4.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/themes/hello-elementor/assets/js/hello-frontend.js?ver=3.4.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/themes/hello-elementor/style.css?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/uploads/ac_assets/advance_google_map/uc_advanced_google_map.js?ver=2.0.10</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/uploads/ac_assets/carousel_flip_box/ue-flip-box-item.js?ver=2.0.10</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/uploads/ac_assets/uc_content_tabs/jquery.responsiveContentTabs.js?ver=2.0.10</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/uploads/ac_assets/ue_ajax_search/ue_ajax_search.js?ver=2.0.10</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/uploads/elementor/css/base-desktop.css?ver=6a43d937e20be</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/uploads/elementor/css/post-37.css?ver=1782831672</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-content/uploads/elementor/css/post-6.css?ver=1782831415</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-includes/js/dist/a11y.min.js?ver=af934e5259bc51b8718e</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-includes/js/dist/dom-ready.min.js?ver=a06281ae5cf5500e9317</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-includes/js/dist/hooks.min.js?ver=7496969728ca0f95732d</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-includes/js/dist/i18n.min.js?ver=781d11515ad3d91786ec</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-json/oembed/1.0/embed</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fgdi.com%2F</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gdi.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fgdi.com%2F&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://gmpg.org/xfn/11</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://maps.googleapis.com/maps/api/js?key=AIzaSyA0ydfIC6K_leW7SpBV4ViZL9dz7hffzZ0&amp;loading=async&amp;callback=ucInitMaps&amp;libraries=&amp;v=weekly</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://maps.googleapis.com/maps/api/js?key=AIzaSyCdv8Ajv4bZiWisi0esSYi1GFvtKyqSK9A&amp;libraries=places&amp;callback=gpaaInit&amp;ver=1.2.19</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://obu.edu/_resources/ldp/galleries/fancybox/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://s.w.org/images/core/emoji/17.0.2/72x72/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://s.w.org/images/core/emoji/17.0.2/svg/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://to.getnitropack.com/p</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://twitter.com/GDIServices</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://unlimited-elements.com/docs/google-map-api-key/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/GDIFacilityServices/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.google.com/recaptcha/api.js?hl=en&amp;&amp;ver=7.0#038;render=explicit</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/recaptcha/api.js?render=6LdLpJ8hAAAAAIEkAt7IXL5Texj-My955C5MhVlR&amp;ver=2.2.2</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-XHN40M9XY1</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/ns.html?id=GTM-TQKPT36</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.linkedin.com/company/gdi-integrated-facility-services/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>ainsworth.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>analytics.ahrefs.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>cleaningcoalition.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cloud.typography.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>customerportal.ainsworth.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>gdi.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>gmpg.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>google.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>maps.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>obu.edu</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>s.w.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>to.getnitropack.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>twitter.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>unlimited-elements.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.w3.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </domains>
          <emails>
            <value>
              <email>NOSC@ainsworth.com</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>142.251.110.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>141.193.213.20</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.22.19</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.41.41</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.140.229</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>57.144.244.1</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>66.155.40.24</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>141.193.213.21</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.148.115</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>216.239.38.223</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.39.246</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>141.193.213.11</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.201.249.194</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.0.77.48</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>206.189.228.5</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>216.208.234.11</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.19.221</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>b184f44c8b8a1a326c3e3bf32d5de49f7da6766527cc2d2c2c7932ed96078202</SHA-256>
              <SHA-1>1847135f6d20d5cfae1c3d9e1b67940f4be6a264</SHA-1>
              <MD5>52c7d5205d01b75fd6a18196be1eac2e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>325bd7d4a55a7bc74d17d2bd6acb7d782579cda563436e9bde99e1b09f1de08a</SHA-256>
              <SHA-1>de72dcb561fd8a9106947018e0151ed15edddcd2</SHA-1>
              <MD5>af1eeae743b38ea53b3d887ada8ce785</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>85f20a0c54808f0da28f3e11c6351d598a7a318724e904a4af6c7a587045c12c</SHA-256>
              <SHA-1>f01e7d682206393da1e3459ed36280ce36ac2541</SHA-1>
              <MD5>1eabfd556dfb0eb2bd3c49087b0bd70d</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e8f2ded5d74c0ee5f427a20b6715e65bc79ed5c4fc67fb00d89005515c8efe63</SHA-256>
              <SHA-1>ae56ea57c52d1153cec33cef91cf935d2d3af14d</SHA-1>
              <MD5>fbe36eb2eecf1b90451a3a72701e49d2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>0d037d0ac35111285f00289e1a929e539c278d4d47847b8e8059793d4ba0908a</SHA-256>
              <SHA-1>927331f261aa900ba4de828e75d2f6c3b786bcb2</SHA-1>
              <MD5>f90520ce8a94803be7864ed7ee493c24</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>907e113f13a2e21d2fd1356ddfc2547cdb4e702cb8b288b4e93faa06e84025c1</SHA-256>
              <SHA-1>a082ea2ea1700260d7ccbdb79e1cfeb429f9c62f</SHA-1>
              <MD5>9fa0b0f03a211d7c38f8404997aca139</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>0407f68c5a4639ec8e097b41630520d0422a630fd1541733514b4ad440d2675e</SHA-256>
              <SHA-1>3951d823deb2fb0984f2af139a2ef8cee83d3fbd</SHA-1>
              <MD5>713fc3dc0fc1dd8f214f1bca58bce144</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>14efdc85ea0f21ebc4aed2c7e13a274a73bfb099dbeed3c02d1e47c1fd3da30e</SHA-256>
              <SHA-1>e576f823b48798eead35b108d1d986fda2a8c75f</SHA-1>
              <MD5>69da31a3a715b63b9db1a864b6ffe7c7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </files>
        </iocs>
        <name>hxxps://u4641744.ct.sendgrid.net/ls/click?upn=u001.PBejntgA6G8QyxWMWhEwTzK-2F1eG0L-2BiXSsFGBsdR-2FFo-3DTsKN_bf4JG6rVotaFp8XsYJMcbERA9bYkMZqFRsRVsLNA94zEuFHhw-2FiUG4-2BTd7G4ky0TO0PWmbdXaOCxZke5T-2FLiex1-2F7J6JEeBRuFmBAQ6OhXW1QqLVSx2fENvjLB2bTYcK-2FMvfyB4nzPSzU1U0NZ7xaO-2FQjgDqvVu491Sxl4C8WIf2EWESC5M1Kep-2B4eQ8g2jJTdrBfSqTTB9JHJOQvrSuBg-3D-3D</name>
        <report_id>b0dd8be8-242d-45e5-8c7b-0311072e57ee</report_id>
        <tags>
          <value>html</value>
          <value>javascript</value>
          <value>base64</value>
          <value>obfuscated</value>
          <value>captcha</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3e6914c7ae89d979ec335970a03bbf0c4a2558a3d703f9fee95eeecdf0543532</id>
    <title>Analysis Report for 3e6914c7ae89d979ec335970a03bbf0c4a2558a3d703f9fee95eeecdf0543532</title>
    <updated>2026-07-06T20:43:26Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c139074fb2f5922b6c68c</_id>
        <file_type>text/x-python</file_type>
        <flow_id>6a4c136b3abf2760bd72d0c5</flow_id>
        <hash>3e6914c7ae89d979ec335970a03bbf0c4a2558a3d703f9fee95eeecdf0543532</hash>
        <iocs>
          <urls>
            <value>
              <url>https://cdn.discordapp.com/avatars</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/embed/avatars</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/embed/avatars/0.png</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/users</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/avatars</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/embed/avatars</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/embed/avatars/0.png</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/users</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>cdn.discordapp.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>discord.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>cdn.discordapp.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>discord.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>162.159.129.233</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.136.232</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>2b4a9c8f3fc1e08227a34e42518a289c6b1229bec46b32bd44e32a1038447d3b</SHA-256>
              <SHA-1>e9524e647d689ce255f2175593a89684e784762c</SHA-1>
              <MD5>1f0bfc0865d324c2587920a7d80c609b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>image/png</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>9b1db1b616f9e0dd756ef5f30f7397b34b00b9c592ec8284789876c11cb0c8ad</SHA-256>
              <SHA-1>8b6572da06400abfc2a1cad3cde65a853c620c45</SHA-1>
              <MD5>35eb9a769c04eb20fd42a3e4db05e940</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>Test.py</name>
        <report_id>cff06503-fa4d-4001-bf04-0e45e4b4c1e1</report_id>
        <tags>
          <value>xml</value>
          <value>png</value>
          <value>python</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>35222d50b11bc02bfb6bcb3127b5a55179bbd1112042466d26799e7c08d86287</id>
    <title>Analysis Report for 35222d50b11bc02bfb6bcb3127b5a55179bbd1112042466d26799e7c08d86287</title>
    <updated>2026-07-06T20:42:59Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c139774fb2f5922b6c68f</_id>
        <file_type>application/java-archive</file_type>
        <flow_id>6a4c13503abf2760bd72d08e</flow_id>
        <hash>35222d50b11bc02bfb6bcb3127b5a55179bbd1112042466d26799e7c08d86287</hash>
        <iocs/>
        <name>NovowareClient1.21.11.jar</name>
        <report_id>eb2c5ef9-809d-4e6f-a53c-384afbc176f3</report_id>
        <tags>
          <value>java</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e1278bdbff03ce446bb681f6b5db3a31932de46ce91062eed3b042eddc2e3442</id>
    <title>Analysis Report for e1278bdbff03ce446bb681f6b5db3a31932de46ce91062eed3b042eddc2e3442</title>
    <updated>2026-07-06T20:41:30Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c136674fb2f5922b6c682</_id>
        <file_type>application/vnd.android.package-archive</file_type>
        <flow_id>6a4c12f73abf2760bd72d00f</flow_id>
        <hash>e1278bdbff03ce446bb681f6b5db3a31932de46ce91062eed3b042eddc2e3442</hash>
        <iocs>
          <urls>
            <value>
              <url>http://ns.adobe.com/exif/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/photoshop/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/tiff/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0/mm</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0/sType/ResourceEvent</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://purl.org/dc/elements/1.1</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>ns.adobe.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>purl.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>2.2.6.66</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>207.241.225.157</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>695d4dca03bc5ceec1362eabf13a1f8e6d0e77229129402de926b075d69d7a74</SHA-256>
              <SHA-1>46186835ad16c169f8e903078f3bb5e8bb60b048</SHA-1>
              <MD5>3851ab2cf8262d2295dfef2a95438906</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>94b172d0-348e-f24d-8931-5bea3fb645ce</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <btc_wallets>
            <value>
              <btc_wallet>x38202fe:$btc: 31c28de7fa774f89aa281cbe528f95a</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>MacroDroid v5.65.9 (PREMIUM).apk</name>
        <report_id>e3ac53a6-0dd6-41c5-86a0-cc79576ed79a</report_id>
        <tags>
          <value>apk</value>
          <value>html</value>
          <value>invalid-signature</value>
          <value>fingerprint</value>
          <value>persistence</value>
          <value>base64</value>
          <value>crypto</value>
          <value>evasive</value>
          <value>signed</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>dbee15d75e4bfc40a0091878009dedf0cca795f224554c91ad776710eb3a76a9</id>
    <title>Analysis Report for dbee15d75e4bfc40a0091878009dedf0cca795f224554c91ad776710eb3a76a9</title>
    <updated>2026-07-06T20:40:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12da74fb2f5922b6c665</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c12cd2c562ae7c822e4dc</flow_id>
        <hash>dbee15d75e4bfc40a0091878009dedf0cca795f224554c91ad776710eb3a76a9</hash>
        <iocs/>
        <name>vmtools.dll</name>
        <report_id>dfca22c2-1b59-4774-8f7b-0f9decbf6c10</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>ed105b46d3a374db93cc79ce058e897b63dfce9bcc3a27d93ab8f254baeae58a</id>
    <title>Analysis Report for ed105b46d3a374db93cc79ce058e897b63dfce9bcc3a27d93ab8f254baeae58a</title>
    <updated>2026-07-06T20:40:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12db74fb2f5922b6c667</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c12cd2c562ae7c822e4dc</flow_id>
        <hash>ed105b46d3a374db93cc79ce058e897b63dfce9bcc3a27d93ab8f254baeae58a</hash>
        <iocs/>
        <name>gmodule-2.0.dll</name>
        <report_id>3524b4a8-ee5a-4c0f-ab77-0dbde3e706ef</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e035bd08e91f616d63f5d625940bc17bbb4f4af96453e902e5049eed869400b0</id>
    <title>Analysis Report for e035bd08e91f616d63f5d625940bc17bbb4f4af96453e902e5049eed869400b0</title>
    <updated>2026-07-06T20:40:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12e474fb2f5922b6c66a</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c12cd2c562ae7c822e4dc</flow_id>
        <hash>e035bd08e91f616d63f5d625940bc17bbb4f4af96453e902e5049eed869400b0</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>27ecf06921a17e1398a19d291f1a98de132a08874da7f0cf251059ee46f9df8f</SHA-256>
              <SHA-1>72bca2beab86b3303f1fd5849c95d3dd6f6fb84f</SHA-1>
              <MD5>6d9eebff6367591bc5b2420d6ec5ba92</MD5>
              <origin>PE_UNPACKING</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
          </files>
        </iocs>
        <name>intl.dll</name>
        <report_id>d2acaf2a-2864-4bd2-9c77-49be8e8c649d</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>packed</value>
          <value>expand</value>
          <value>lolbin</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c</id>
    <title>Analysis Report for 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c</title>
    <updated>2026-07-06T20:40:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12cf74fb2f5922b6c65e</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c12cd2c562ae7c822e4dc</flow_id>
        <hash>2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c</hash>
        <iocs/>
        <name>VCRUNTIME140.dll</name>
        <report_id>92caabe2-ad4f-4b20-9c9c-1129b370a643</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>2803b74d5466845e4dc9063bd516f3679aa2a3f70a30d9e93976c212e87f6e87</id>
    <title>Analysis Report for 2803b74d5466845e4dc9063bd516f3679aa2a3f70a30d9e93976c212e87f6e87</title>
    <updated>2026-07-06T20:40:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12d874fb2f5922b6c663</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c12cd2c562ae7c822e4dc</flow_id>
        <hash>2803b74d5466845e4dc9063bd516f3679aa2a3f70a30d9e93976c212e87f6e87</hash>
        <iocs/>
        <name>flasher.exe</name>
        <report_id>0c882787-c17e-43dc-9040-3f222a5d23d2</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>2c76ddda266dbada9597eec8d7559b0669c25f2037344c19b4807e4d61b6dcfe</id>
    <title>Analysis Report for 2c76ddda266dbada9597eec8d7559b0669c25f2037344c19b4807e4d61b6dcfe</title>
    <updated>2026-07-06T20:40:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12d974fb2f5922b6c664</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c12cd2c562ae7c822e4dc</flow_id>
        <hash>2c76ddda266dbada9597eec8d7559b0669c25f2037344c19b4807e4d61b6dcfe</hash>
        <iocs/>
        <name>gobject-2.0.dll</name>
        <report_id>8b678c0f-81af-4322-b720-18ded7867c52</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>1f2d41c4aa5db0bc33ebf7b66d72943a817d7ce6cbe880502a9403823633093f</id>
    <title>Analysis Report for 1f2d41c4aa5db0bc33ebf7b66d72943a817d7ce6cbe880502a9403823633093f</title>
    <updated>2026-07-06T20:40:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12d674fb2f5922b6c661</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c12cd2c562ae7c822e4dc</flow_id>
        <hash>1f2d41c4aa5db0bc33ebf7b66d72943a817d7ce6cbe880502a9403823633093f</hash>
        <iocs/>
        <name>VCRUNTIME140_1.dll</name>
        <report_id>bb5fcf86-8603-4e28-ad4c-6962c79d7c49</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>29f281e0e9ebc9cc7b54af08535509feac1930a60d3d2e2fe9528f77711f04a8</id>
    <title>Analysis Report for 29f281e0e9ebc9cc7b54af08535509feac1930a60d3d2e2fe9528f77711f04a8</title>
    <updated>2026-07-06T20:40:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12d774fb2f5922b6c662</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c12cd2c562ae7c822e4dc</flow_id>
        <hash>29f281e0e9ebc9cc7b54af08535509feac1930a60d3d2e2fe9528f77711f04a8</hash>
        <iocs/>
        <name>glib-2.0.dll</name>
        <report_id>4df53a94-cbe2-4923-ae97-11d20e079af4</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>67332a8c1fa3a2bb449aea74cbcff3c64754fafb09c273ae51bafac91deac340</id>
    <title>Analysis Report for 67332a8c1fa3a2bb449aea74cbcff3c64754fafb09c273ae51bafac91deac340</title>
    <updated>2026-07-06T20:40:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12d574fb2f5922b6c65f</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c12cd2c562ae7c822e4dc</flow_id>
        <hash>67332a8c1fa3a2bb449aea74cbcff3c64754fafb09c273ae51bafac91deac340</hash>
        <iocs/>
        <name>pcre.dll</name>
        <report_id>da4a5bd7-36de-44ab-99d7-97b4939a7167</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>24c35c193233b04d95d1087d7345926db7ffb358eaa813896fd6bc6324618388</id>
    <title>Analysis Report for 24c35c193233b04d95d1087d7345926db7ffb358eaa813896fd6bc6324618388</title>
    <updated>2026-07-06T20:40:31Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c12cd74fb2f5922b6c65c</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c12bd3abf2760bd72cfbc</flow_id>
        <hash>24c35c193233b04d95d1087d7345926db7ffb358eaa813896fd6bc6324618388</hash>
        <iocs>
          <urls>
            <value>
              <url>http://127.0.0.1:21</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
        </iocs>
        <name>attempt4.js</name>
        <report_id>544f033b-9b49-476f-8904-3146420671d4</report_id>
        <tags>
          <value>javascript</value>
          <value>evasive</value>
          <value>repaired</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a454a963a4ca6bf6c902f023500ef107a485c46d7fe5b79e38518ab9217ce2cb</id>
    <title>Analysis Report for a454a963a4ca6bf6c902f023500ef107a485c46d7fe5b79e38518ab9217ce2cb</title>
    <updated>2026-07-06T20:37:51Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c125b74fb2f5922b6c646</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c121e3abf2760bd72ceb7</flow_id>
        <hash>a454a963a4ca6bf6c902f023500ef107a485c46d7fe5b79e38518ab9217ce2cb</hash>
        <iocs>
          <urls>
            <value>
              <url>http://127.0.0.1:21</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
        </iocs>
        <name>attempt4.js</name>
        <report_id>05114441-b9d7-4237-b049-641fa4090ea2</report_id>
        <tags>
          <value>javascript</value>
          <value>evasive</value>
          <value>repaired</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>19e5b90b8162eb47e30e45d5b3a07ea8bd8bccc7d62d51db4ea926e4129e1184</id>
    <title>Analysis Report for 19e5b90b8162eb47e30e45d5b3a07ea8bd8bccc7d62d51db4ea926e4129e1184</title>
    <updated>2026-07-06T20:37:40Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c126aff2e0900e305acbc</_id>
        <file_type>application/vnd.android.package-archive</file_type>
        <flow_id>6a4c12105a5245447d9c2d4b</flow_id>
        <hash>19e5b90b8162eb47e30e45d5b3a07ea8bd8bccc7d62d51db4ea926e4129e1184</hash>
        <iocs>
          <urls>
            <value>
              <url>http://ns.adobe.com/exif/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/photoshop/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/tiff/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0/mm</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0/sType/ResourceEvent</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://ns.adobe.com/xap/1.0/sType/ResourceRef</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://purl.org/dc/elements/1.1</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>ns.adobe.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>purl.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>vW@h6.82</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>207.241.225.157</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>127.0.0.1</ip>
              <origin>APK_DECODING</origin>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>695d4dca03bc5ceec1362eabf13a1f8e6d0e77229129402de926b075d69d7a74</SHA-256>
              <SHA-1>46186835ad16c169f8e903078f3bb5e8bb60b048</SHA-1>
              <MD5>3851ab2cf8262d2295dfef2a95438906</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>94b172d0-348e-f24d-8931-5bea3fb645ce</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <btc_wallets>
            <value>
              <btc_wallet>x1068eb6:$btc: 3mD93mD93mD93mD93mD93mD93mD93</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>MacroDroid.5.43.2.MOD.NesabaMedia.apk</name>
        <report_id>099d36ff-585d-477e-a857-21ea81b03105</report_id>
        <tags>
          <value>apk</value>
          <value>html</value>
          <value>fingerprint</value>
          <value>persistence</value>
          <value>base64</value>
          <value>crypto</value>
          <value>evasive</value>
          <value>signed</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b97e4c4f7faf1eed7ecfdff6385040d92fe39765e383bb1b01cf2ac85fc01aa2</id>
    <title>Analysis Report for b97e4c4f7faf1eed7ecfdff6385040d92fe39765e383bb1b01cf2ac85fc01aa2</title>
    <updated>2026-07-06T20:37:39Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c121b74fb2f5922b6c63a</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c120fdef7044af0b84c16</flow_id>
        <hash>b97e4c4f7faf1eed7ecfdff6385040d92fe39765e383bb1b01cf2ac85fc01aa2</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>4fc784db7849eb961ba097b8c06e1f9c848c135ae058556d06dd772590361630</SHA-256>
              <SHA-1>55d4e72a4c2ce87cd3dad77a4d5ed31a37b3f98d</SHA-1>
              <MD5>c1399bb796be6e3f0b8cca2fe1018b71</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>61c97f3ebb21bded2ed50fd0490fbb50eefbeb92e78b1eb15695675d03f3165e</SHA-256>
              <SHA-1>272afbc01ea9cbadcf3c0d9cc24de712e8136340</SHA-1>
              <MD5>72f267e776e912f3357a9e86eb467fff</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>Chrome.exe</name>
        <report_id>25389ab2-5964-4a02-96b4-b6fb25ebd354</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>cmd</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>6a450f018589ea4f0d381bfa35c5aa4bd7a13fcfedf71d472cf78fbb0a86e21e</id>
    <title>Analysis Report for 6a450f018589ea4f0d381bfa35c5aa4bd7a13fcfedf71d472cf78fbb0a86e21e</title>
    <updated>2026-07-06T20:36:56Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c120b74fb2f5922b6c634</_id>
        <file_type>text/x-python</file_type>
        <flow_id>6a4c11e59a95790273309c99</flow_id>
        <hash>6a450f018589ea4f0d381bfa35c5aa4bd7a13fcfedf71d472cf78fbb0a86e21e</hash>
        <iocs>
          <urls>
            <value>
              <url>https://api.ipify.org</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/avatars</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/embed/avatars</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/embed/avatars/0.png</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/v10/users/@me</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/v9/users/@me</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/v9/users/@me/billing/payment-sources</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/webhooks/1523448495569240114/OGaTCJl6t04tX2iCWg_Jmbj1xMk48jOv14pNkSeEH-gMHXNjumsiUpOG0gsaGvscsBm2</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://discord.com/users</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.ipify.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/avatars</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/embed/avatars</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://cdn.discordapp.com/embed/avatars/0.png</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/v10/users/@me</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/v9/users/@me</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/v9/users/@me/billing/payment-sources</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://discord.com/api/webhooks/1523448495569240114/OGaTCJl6t04tX2iCWg_Jmbj1xMk48jOv14pNkSeEH-gMHXNjumsiUpOG0gsaGvscsBm2</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://discord.com/users</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>api.ipify.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>cdn.discordapp.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>discord.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.ipify.org</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>cdn.discordapp.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>discord.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>162.159.130.233</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.137.232</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.26.12.205</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>2b4a9c8f3fc1e08227a34e42518a289c6b1229bec46b32bd44e32a1038447d3b</SHA-256>
              <SHA-1>e9524e647d689ce255f2175593a89684e784762c</SHA-1>
              <MD5>1f0bfc0865d324c2587920a7d80c609b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>image/png</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>774085c73d7aeecdd59894443d83d16b7e4e731c89420ca9f7356a5c9c928056</SHA-256>
              <SHA-1>d677b242a21df8bb9d696998193de662b96a9ff0</SHA-1>
              <MD5>041912d109d349cf8c39ccccc812126a</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>27c8ac93dd55b24e7f2c37d9e1e8df4271b7b95e63d06b8a043510a42f4d587c</SHA-256>
              <SHA-1>c7ed6a4cedb7c9f81cf996ad0bd9bd295d3dbfa8</SHA-1>
              <MD5>a68217b3f8e764dcc369f7c118bb709d</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>c40d59349200fe5889c3ecd1462494ca19d48fc4a9dc3595dc6f0c4a437fc3a6</SHA-256>
              <SHA-1>d6bf0e43fa969ee462f10e3f600f6d575d574a40</SHA-1>
              <MD5>f808d0835b7fd19a93580ed97f6bc923</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>da03fad50e4c13d842d0a1ebd6ccbeb460b0aaf6f880fc76510af138b72ce224</SHA-256>
              <SHA-1>12257964d6470203d77b96860712219f2120c7df</SHA-1>
              <MD5>f281578c09d73b4d3675eb3f4eb6b8eb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>Test.py</name>
        <report_id>c922ce7b-c80e-476f-ae0b-fc65ee85447a</report_id>
        <tags>
          <value>xml</value>
          <value>txt</value>
          <value>png</value>
          <value>python</value>
          <value>json</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>9511aa0be3886d8b472087a92f5f24ed8e8377a295ed1ee66ba393fef72a5ebb</id>
    <title>Analysis Report for 9511aa0be3886d8b472087a92f5f24ed8e8377a295ed1ee66ba393fef72a5ebb</title>
    <updated>2026-07-06T20:34:35Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c117674fb2f5922b6c619</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c115a3abf2760bd72cd5f</flow_id>
        <hash>9511aa0be3886d8b472087a92f5f24ed8e8377a295ed1ee66ba393fef72a5ebb</hash>
        <iocs>
          <urls>
            <value>
              <url>file:///tmp/tmppza7vrjc.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://worldpacific.com.au/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://worldpacific.com.au/?rns=c3Y9Z2VuZXJhbF8xX25vbSZ1aWQ9VVNFUjAzMDIyMDI2VTE3MDIwMzM5N0123Nhkn-machines@wagenfelder.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>wagenfelder.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://worldpacific.com.au/</url>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <url>https://worldpacific.com.au/?rns=c3Y9Z2VuZXJhbF8xX25vbSZ1aWQ9VVNFUjAzMDIyMDI2VTE3MDIwMzM5N0123Nhkn-machines@wagenfelder.de</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>wagenfelder.de</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>wagenfelder.de</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>https://worldpacific.com.au/</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>https://worldpacific.com.au/?rns=c3Y9Z2VuZXJhbF8xX25vbSZ1aWQ9VVNFUjAzMDIyMDI2VTE3MDIwMzM5N0123Nhkn-machines@wagenfelder.de</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>worldpacific.com.au</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>worldpacific.com.au</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>worldpacific.com.au</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <emails>
            <value>
              <email>c3Y9Z2VuZXJhbF8xX25vbSZ1aWQ9VVNFUjAzMDIyMDI2VTE3MDIwMzM5N0123Nhkn-machines@wagenfelder.de</email>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <email>hkn-machines@wagenfelder.de</email>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <email>c3Y9Z2VuZXJhbF8xX25vbSZ1aWQ9VVNFUjAzMDIyMDI2VTE3MDIwMzM5N0123Nhkn-machines@wagenfelder.de</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <email>hkn-machines@wagenfelder.de</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>198.38.93.188</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>f86d926c58befb0a049f4c93523e61ae3e7c8686b49d7ea2cf430a46c2bf9cc6</SHA-256>
              <SHA-1>411d546c985f09f3d1dc1550ecd2f7f869f3ec75</SHA-1>
              <MD5>68b2f8a9d1b09311f9c974f042f864b6</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/html</file_type>
            </value>
            <value>
              <SHA-256>b5d75c88a957f5682cced48b9030e608226934a07dbd97e22ca6b6bd7ed668ae</SHA-256>
              <SHA-1>42116b4615bb130fb63609e2e2453ee08be11ceb</SHA-1>
              <MD5>50b243ed31297e3e02be0c0c8d91ffc1</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>3bb40456027c77d05b991e4686f10e51739a6ebdca3e33ec5edcd1e2c28b34cf</SHA-256>
              <SHA-1>d62b5f0ec9ae7a82209938c347311519b9fc1084</SHA-1>
              <MD5>1326c16a18441423830933fbb3a6a290</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>70ea6b24-7bb0-4e84-94c4-d3133b34f347</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>html</value>
          <value>captcha</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>810d409aef915e09eaa59b1cb8df60559c72b2da1ac0ab14ec875fbe58ac03d9</id>
    <title>Analysis Report for 810d409aef915e09eaa59b1cb8df60559c72b2da1ac0ab14ec875fbe58ac03d9</title>
    <updated>2026-07-06T20:33:27Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c113d0bc678ad76e5c77f</_id>
        <file_type>text/x-shellscript</file_type>
        <flow_id>6a4c11133abf2760bd72cce2</flow_id>
        <hash>810d409aef915e09eaa59b1cb8df60559c72b2da1ac0ab14ec875fbe58ac03d9</hash>
        <iocs>
          <urls>
            <value>
              <url>http://152.70.4.175:5555/bot</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>152.70.4.175</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>_810d409aef915e09eaa59b1cb8df60559c72b2da1ac0ab14ec875fbe58ac03d9.sh</name>
        <report_id>95c2341c-b717-45cf-b937-49878de260b8</report_id>
        <tags>
          <value>shell</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>5b64550c87fc3a579694133117a265c756fe36cd31de5ef0b87a6f2faae7f791</id>
    <title>Analysis Report for 5b64550c87fc3a579694133117a265c756fe36cd31de5ef0b87a6f2faae7f791</title>
    <updated>2026-07-06T20:33:19Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c113b74fb2f5922b6c60c</_id>
        <file_type>text/x-shellscript</file_type>
        <flow_id>6a4c110e2c562ae7c822e2f1</flow_id>
        <hash>5b64550c87fc3a579694133117a265c756fe36cd31de5ef0b87a6f2faae7f791</hash>
        <iocs>
          <urls>
            <value>
              <url>http://152.70.4.175:5555/bot</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>152.70.4.175</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>_5b64550c87fc3a579694133117a265c756fe36cd31de5ef0b87a6f2faae7f791.sh</name>
        <report_id>283ee374-654a-4306-9173-7358df137d66</report_id>
        <tags>
          <value>shell</value>
          <value>busybox</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>7182b32bfcbb70dafa4ab5d60e8da986ab78ba71d5dcddaf226731a0439c86ad</id>
    <title>Analysis Report for 7182b32bfcbb70dafa4ab5d60e8da986ab78ba71d5dcddaf226731a0439c86ad</title>
    <updated>2026-07-06T20:32:43Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c110374fb2f5922b6c601</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c10e93abf2760bd72cc80</flow_id>
        <hash>7182b32bfcbb70dafa4ab5d60e8da986ab78ba71d5dcddaf226731a0439c86ad</hash>
        <iocs>
          <urls>
            <value>
              <url>https://sparkhub.wtf/api/v1/flow/complete-checkpoint?token=f7d15d5c-3971-4c58-9ba6-7151bb6c6838</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&amp;display=swap</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&amp;family=JetBrains+Mono:wght@400;500&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&amp;family=JetBrains+Mono:wght@400;500;600&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sparkhub.wtf/api/v1/flow/validate-session</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sparkhub.wtf/assets/index-BnTZlhTB.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sparkhub.wtf/assets/index-CHCww6tm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sparkhub.wtf/cdn-cgi/challenge-platform/h/b/jsd/oneshot/80a697ecdece/0.9387016727400471:1783368321:eGAAnKozlKXOrRZrDHxf5-W3-vnKmqsP4VZIn_rnLBQ/a171617dee0ee858</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sparkhub.wtf/cdn-cgi/challenge-platform/h/b/scripts/jsd/80a697ecdece/main.js?</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sparkhub.wtf/favicon.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sparkhub.wtf/key-bg.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sparkhub.wtf/key?verifying=true</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sparkhub.wtf/spark-icon.png</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>sparkhub.wtf</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>142.251.20.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.94</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.20.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>188.114.96.3</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>192.178.183.94</ip>
              <origin>URL_RENDER</origin>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>73b27e58c581d4b90d0bf8a83f6b8e516aa43ee3ea519f28158e48a8ef801366</SHA-256>
              <SHA-1>3d2894d5423cf6ad5280a156b614adf2d3895448</SHA-1>
              <MD5>7ec5eae22e7f31cf6c17dd0e3299dbf2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>hxxps://sparkhub.wtf/api/v1/flow/complete-checkpoint?token=f7d15d5c-3971-4c58-9ba6-7151bb6c6838</name>
        <report_id>6446a64f-4ce5-4b5a-9be4-6891fc7484ce</report_id>
        <tags>
          <value>html</value>
          <value>txt</value>
          <value>aidetect</value>
          <value>phishing</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>810d409aef915e09eaa59b1cb8df60559c72b2da1ac0ab14ec875fbe58ac03d9</id>
    <title>Analysis Report for 810d409aef915e09eaa59b1cb8df60559c72b2da1ac0ab14ec875fbe58ac03d9</title>
    <updated>2026-07-06T20:32:20Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c11000bc678ad76e5c774</_id>
        <file_type>text/x-shellscript</file_type>
        <flow_id>6a4c10d02c562ae7c822e2bb</flow_id>
        <hash>810d409aef915e09eaa59b1cb8df60559c72b2da1ac0ab14ec875fbe58ac03d9</hash>
        <iocs>
          <urls>
            <value>
              <url>http://152.70.4.175:5555/bot</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>152.70.4.175</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>810d409aef915e09eaa59b1cb8df60559c72b2da1ac0ab14ec875fbe58ac03d9.sh</name>
        <report_id>522ecd1f-f549-40af-8c19-4b015a65d3d6</report_id>
        <tags>
          <value>shell</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>5b64550c87fc3a579694133117a265c756fe36cd31de5ef0b87a6f2faae7f791</id>
    <title>Analysis Report for 5b64550c87fc3a579694133117a265c756fe36cd31de5ef0b87a6f2faae7f791</title>
    <updated>2026-07-06T20:32:07Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c10f274fb2f5922b6c5fe</_id>
        <file_type>text/x-shellscript</file_type>
        <flow_id>6a4c10c53abf2760bd72cc34</flow_id>
        <hash>5b64550c87fc3a579694133117a265c756fe36cd31de5ef0b87a6f2faae7f791</hash>
        <iocs>
          <urls>
            <value>
              <url>http://152.70.4.175:5555/bot</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>152.70.4.175</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>5b64550c87fc3a579694133117a265c756fe36cd31de5ef0b87a6f2faae7f791.sh</name>
        <report_id>c9f3db7a-f8ad-472d-acaa-e1f70328d641</report_id>
        <tags>
          <value>shell</value>
          <value>busybox</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e7ec650d702bc6d878dcd4bf33f0e50bc53a714744ab7c71ed81fb16fa40a34b</id>
    <title>Analysis Report for e7ec650d702bc6d878dcd4bf33f0e50bc53a714744ab7c71ed81fb16fa40a34b</title>
    <updated>2026-07-06T20:29:14Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c107b74fb2f5922b6c5e7</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c10192c562ae7c822e1b5</flow_id>
        <hash>e7ec650d702bc6d878dcd4bf33f0e50bc53a714744ab7c71ed81fb16fa40a34b</hash>
        <iocs>
          <urls>
            <value>
              <url>http://www.smithfield401k.com</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://bugcrowd.com/d8fe055f-e708-4ec0-a9a0-51c6f6782eda/external/report</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://bugcrowd.com/d8fe055f-e708-4ec0-a9a0-51c6f6782eda/external/script</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://proj8.retirementpartner.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://www.sipc.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/accessibility</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/businessContinuity</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/consolidatingYourRetirementAssets</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/faqs</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/finra</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/policies</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/privacy</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/securityCenter</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/systemRequirements</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/articles/terms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.smithfield401k.com#/login</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://2cd92a770690.o3n.io/images/p77khlwr3rybj414uqh6j8zkz/logo.gif</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://2cd92a770690.o3n.io/images/p77khlwr3rybj414uqh6j8zkz/logo.gif?l=https://smithfield401k.empower-retirement.com/participant/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Afetch%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=7a46db84-15f1-4dfa-85ad-2a1bc223d991</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Axhr%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=09fa928a-9f78-4248-9a89-f5d730f7c807</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Afetch%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=1826225d-200e-432e-99ea-24e65a6efa65&amp;batch_time=1783369766179</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Afetch%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=1b58cc47-6877-487e-92f2-bcb27b1715a1&amp;batch_time=1783369762686</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Afetch%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=1de2ba14-fc0a-4355-857e-1f5998888dbc&amp;batch_time=1783369762683</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Afetch%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=4cd871ef-8815-4afe-bea4-e3bf06b011f6&amp;batch_time=1783369764448</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Afetch%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=70181e85-0d19-403b-b7a3-ebe9f7da32e7&amp;batch_time=1783369762680</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Afetch%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=9d2a41e4-4da5-4168-9926-2001768bbcbb&amp;batch_time=1783369762748</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Afetch%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=d06a5052-2b40-4028-bdcb-44098a04f7ae&amp;batch_time=1783369763709</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Afetch%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=e2ab517e-8b17-4acd-ba31-02f270a89bc2&amp;batch_time=1783369763538</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&amp;ddtags=sdk_version%3A5.35.1%2Capi%3Axhr%2Cenv%3AProduction%2Cservice%3Awcdx---affiliate%2Cversion%3Alogin-ui%4026.5.5-OFFRELEASEJUN242026.5&amp;dd-api-key=pubcd5d6aa413e6fa3b236e55913db6156c&amp;dd-evp-origin-version=5.35.1&amp;dd-evp-origin=browser&amp;dd-request-id=2a11a3a8-d304-43c1-916b-7d82bb97157b&amp;batch_time=1783369762948</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser-update.org/update-browser.html#3.3.63npm:smithfield401k.empower-retirement.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-ResourceCenterRoot-VNM7M5EP.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-2VM56AXQ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-3OENCXPN.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-45ALXKW5.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-4R7HQ2FS.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-4ZNGPTRC.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-7JMB4BZ3.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-AR3Q6VR5.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-B3BHG36L.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-FZQKGCQH.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-OB72FTNZ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-UAKDFHDP.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-UMAWJZ5Y.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-V3VVNIQA.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-VRNCAX53.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/2ea1dde3e937cc7b1792d6b69d9d417523c4c820-chunk-W7KMGVW3.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.amplitude.com/engagement-browser/prod/split/index.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.walkme.com/player/lib/walkme_lib_20250807-163145-77ef090f-43fa730b.br.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.walkme.com/player/resources/wmjQuery360.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.walkme.com/users/c39541e892a643ec8f634a77c5b5f2c0/scripts/prelib-plugin-1817741f-89f1-3583-a2ec-ee3444313ff2.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.walkme.com/users/c39541e892a643ec8f634a77c5b5f2c0/settings.txt</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.walkme.com/users/c39541e892a643ec8f634a77c5b5f2c0/walkme_c39541e892a643ec8f634a77c5b5f2c0_https.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.walkme.com/users/c39541e892a643ec8f634a77c5b5f2c0/walkme_config_2478d607ab9848e9b29b2de4494ad75f.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://challenges.cloudflare.com/turnstile/v0/b/80a697ecdece/api.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cookies-data.onetrust.io/cfw/cmp/v1/session</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://es.smithfield401k.empower-retirement.com/participant-web-services/rest/nonauth/clearSpanishLanguageCookies</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;500;600;700&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://gs.amplitude.com/sdk/v1/config</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://gs.amplitude.com/sdk/v1/decide</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://gs.amplitude.com/sdk/v1/resource_center</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://gs.amplitude.com/sdk/v1/state</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://pagead2.googlesyndication.com/ccm/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://pagead2.googlesyndication.com/ccm/collect?rcb=9&amp;frm=0&amp;en=page_view&amp;dl=https%3A%2F%2Fsmithfield401k.empower-retirement.com%2Fparticipant%2F&amp;scrsrc=www.googletagmanager.com&amp;rnd=1952981360.1783369763&amp;navt=n&amp;npa=1&amp;_tu=CA&amp;gtm=45be6710v9198960588z86821260za20gzb6821260zd6821260xec&amp;gcs=G100&amp;gcd=13p3p3p2p5l1&amp;dma_cps=-&amp;dma=1&amp;tag_exp=115616986~115938465~115938468~118395333~119027224~119576881~119576885~119576891~119576895&amp;apve=1&amp;apvf=f&amp;apvc=1&amp;tids=AW-10901188227&amp;tid=AW-10901188227&amp;tft=1783369763170&amp;tfd=2544&amp;fmt=8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://pc-api.empower-retirement.com/api/versions/getWebAppVersions</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.google-analytics.com/g/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.google-analytics.com/g/collect?v=2&amp;tid=G-MDRRLSW4FM&amp;gtm=45je6710v872762227z86821260za20gzb6821260zd6821260&amp;_p=1783369761730&amp;gcs=G100&amp;gcd=13p3p3p2p5l1&amp;npa=1&amp;dma_cps=-&amp;dma=1&amp;_eu=AAAAAGAC&amp;are=1&amp;cid=2020647615.1783369763&amp;frm=0&amp;pscdl=denied&amp;rcb=8&amp;sr=800x600&amp;tt=prod&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;gaf=2&amp;_s=1&amp;tag_exp=115616985~115938465~115938468~118826210~119027224~119576881~119576885~119576891~119576895&amp;dt=&amp;dl=https%3A%2F%2Fsmithfield401k.empower-retirement.com%2Fparticipant%2Flogin%3Faccu%3DSmithfield&amp;sid=1783369762&amp;sct=1&amp;seg=0&amp;_tu=yA&amp;en=page_view&amp;_fv=1&amp;_nsi=1&amp;_ss=1&amp;ep.page_hostname=smithfield401k.empower-retirement.com&amp;ep.individualId=&amp;ep.planId=&amp;up.individualId=&amp;up.planId=&amp;up.sfcid=&amp;up.onetrust_active_groups=%2CC0001%2CC0002%2CC0003%2CC0004%2CC0005%2C&amp;up.traffic_type=prod&amp;up.funnel=UNKNOWN&amp;tfd=2571</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/cdn-cgi/challenge-platform/h/b/jsd/oneshot/80a697ecdece/0.9387016727400471:1783368321:eGAAnKozlKXOrRZrDHxf5-W3-vnKmqsP4VZIn_rnLBQ/a1715c6c7bced22b</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/80a697ecdece/main.js?</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant-web-services/rest/nonauth/bulletins/site?accu=Smithfield&amp;primaryDBFlag=1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant-web-services/rest/nonauth/clearLanguageCookies</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant-web-services/rest/nonauth/getPSCPath</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant-web-services/rest/nonauth/getPreLoginContactInfoByAccu/Smithfield/1/TOLLFREE</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant-web-services/rest/nonauth/isAuthenticated</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant-web-services/rest/nonauth/setAccu/Smithfield</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/esm-3-vX-Vxx-C662L2yc.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/index-BjYD5hLY.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/index-ySmAhvaV.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/inputmask-BSSfwiMQ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/jquery-t6z-JNBZ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/lodash-CWRs-v_9.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/moment-C41kvtqa.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/observers-yhycWD0n-B6AEuDEH.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/react-CilAFGgS.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/assets/rolldown-runtime-Bhmf7a9N.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/assets/scripts/login-ui.stylesheet.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/AccountsDefaultCustomization.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/articles/templatePreLoginBody.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/fonts/arimo/Arimo-Bold.woff</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/fonts/arimo/Arimo.woff</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/fonts/icomoon/fonts/icomoon.woff2?f19pt5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/fonts/webfonts/fa-brands-400.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/fonts/webfonts/fa-regular-400.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/images/magic-login/banner-mobile-app-xv1.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/images/magic-login/favicon.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/images/magic-login/tile-consolidate-twirl.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/images/magic-login/tile-security-guarantee-v1@2x.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Default/images/magic-login/tile-the-currency.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/EmpowerAccountsCustomization.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/consent/fe302350-870f-4223-b433-a6cfc02b6096/018e860c-b6f0-76b9-84b9-0dc4cbdf55aa/en.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/consent/fe302350-870f-4223-b433-a6cfc02b6096/018e860c-b6f0-76b9-84b9-0dc4cbdf55aa/logos/b6f2263b-8c47-42a5-acb4-6fca95381646/6410e0ab-d1d9-4398-aa51-8acabeec752d/b75eee75-8d58-4bf2-bcbc-e1a64f1da147/App_Logo_Light_188x20.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/consent/fe302350-870f-4223-b433-a6cfc02b6096/018e860c-b6f0-76b9-84b9-0dc4cbdf55aa/logos/static/ot_close.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/consent/fe302350-870f-4223-b433-a6cfc02b6096/018e860c-b6f0-76b9-84b9-0dc4cbdf55aa/logos/static/ot_guard_logo.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/consent/fe302350-870f-4223-b433-a6cfc02b6096/018e860c-b6f0-76b9-84b9-0dc4cbdf55aa/logos/static/powered_by_logo.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/consent/fe302350-870f-4223-b433-a6cfc02b6096/OtAutoBlock.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/consent/fe302350-870f-4223-b433-a6cfc02b6096/fe302350-870f-4223-b433-a6cfc02b6096.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/consent/fe302350-870f-4223-b433-a6cfc02b6096/otSDKStub.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/scripttemplates/202605.1.0/assets/otCommonStyles.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/scripttemplates/202605.1.0/assets/otFlat.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/scripttemplates/202605.1.0/assets/v2/otPcCenter.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Empower/scripts/vendors/oneTrust/empower-retirement.com/oneTrust_production/scripttemplates/202605.1.0/otBannerSdk.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Smithfield/SmithfieldAccountsCustomization.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Smithfield/featureFlags/features.json?v=1981521</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Smithfield/images/smithfield-logo.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Smithfield/locales/en_US.json?v=1981521</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/ui/customization-ui/customizations/Smithfield/styles/theme.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sr-client-cfg.amplitude.com/config/46a3bf0f27a13623b0932e31b3ae5fef?config_group=browser</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.empower.com/learning_center/stay-on-track.shtml#/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.empower.com/privacy</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.empower.com/the-currency/newsletter</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/officialempowertoday</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.finra.org/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.google-analytics.com/analytics.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=AW-10901188227&amp;cx=c&amp;gtm=4e6710</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-MDRRLSW4FM&amp;cx=c&amp;gtm=4e6710</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=GTM-WR3QWR</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.instagram.com/officialempowertoday/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.linkedin.com/company/empowertoday</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.onetrust.com/solutions/consent-and-preferences/?utm_source=cmp&amp;utm_medium=cmpbanner</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.snapchat.com/add/empowertoday</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.tiktok.com/@empowertoday</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.youtube.com/channel/UCFPLlGp16vPjBb-G7SnUWhQ</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://x.com/empowertoday</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/&amp;scrsrc=www.googletagmanager.com&amp;rnd=1952981360.1783369763&amp;navt=n&amp;npa=1&amp;_tu=CA&amp;gtm=45be6710v9198960588z86821260za20gzb6821260zd6821260xec&amp;gcs=G100&amp;gcd=13p3p3p2p5l1&amp;dma_cps=-&amp;dma=1&amp;tag_exp=115616986~115938465~115938468~118395333~119027224~119576881~119576885~119576891~119576895&amp;apve=1&amp;apvf=f&amp;apvc=1&amp;tids=AW-10901188227&amp;tid=AW-10901188227&amp;tft=1783369763170&amp;tfd=2544&amp;fmt=8</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://smithfield401k.empower-retirement.com/participant/login?accu=Smithfield&amp;sid=1783369762&amp;sct=1&amp;seg=0&amp;_tu=yA&amp;en=page_view&amp;_fv=1&amp;_nsi=1&amp;_ss=1&amp;ep.page_hostname=smithfield401k.empower-retirement.com&amp;ep.individualId=&amp;ep.planId=&amp;up.individualId=&amp;up.planId=&amp;up.sfcid=&amp;up.onetrust_active_groups=,C0001,C0002,C0003,C0004,C0005,&amp;up.traffic_type=prod&amp;up.funnel=UNKNOWN&amp;tfd=2571</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>2cd92a770690.o3n.io</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>browser-intake-datadoghq.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>browser-update.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.amplitude.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.walkme.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>challenges.cloudflare.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cookies-data.onetrust.io</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>es.smithfield401k.empower-retirement.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>geolocation.onetrust.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>gs.amplitude.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>pagead2.googlesyndication.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>pc-api.empower-retirement.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>region1.google-analytics.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>smithfield401k.empower-retirement.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>sr-client-cfg.amplitude.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.empower.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.finra.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google-analytics.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.instagram.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.onetrust.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.sipc.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.smithfield401k.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.snapchat.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.tiktok.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.youtube.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>x.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>bugcrowd.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>challenges.cloudflare.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>proj8.retirementpartner.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.18.32.137</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.41.242</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.94.41</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>13.219.58.83</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>13.32.121.2</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.20.157</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>146.75.122.132</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.64.146.14</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.64.155.231</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>18.245.86.111</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>192.178.183.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.32.36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.36.178</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>3.233.158.25</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>72.246.30.144</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>151.101.130.132</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.95.41</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.153.64</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>2b370ab0b3d05203b4d75f9c1eb8948cd426fe2807e4c05fd6d07a0abdfc313b</SHA-256>
              <SHA-1>6fee065e682f9d7ecf05bd05fe145b458e2da73b</SHA-1>
              <MD5>88a45d66eecba5552c46d8039b544999</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>4a179e20a9cc58201eed915fad2814ed843163e983087e5bd05f98e9006839da</SHA-256>
              <SHA-1>c4b36ced362c4021c5fb42055ad764101d62c0a3</SHA-1>
              <MD5>7235dbf1b2e7c9e8ccc5ad18dba242f1</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>4bfc3d3ed2a5431c2153a17bd427b1362cdf873d5dfb55a31e2fffc644ceae9c</SHA-256>
              <SHA-1>c8962fc2ade8fcd5f5f670f867beb919ebb81247</SHA-1>
              <MD5>9bac72699d1e8dd22f462600d5bd305f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>5dca59e34f5f9848cc62a9706b82d518262729c54dcfad34a9bc26f327fb8b09</SHA-256>
              <SHA-1>ababc33a9276ac3eda622c56296030da878a34d1</SHA-1>
              <MD5>b7b3e18e6c23a923c5c569d1f05d5899</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>d8fe055f-e708-4ec0-a9a0-51c6f6782eda</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxp://www.smithfield401k.com</name>
        <report_id>959bbddc-3841-4c1a-97fd-20377621a1d1</report_id>
        <tags>
          <value>html</value>
          <value>javascript</value>
          <value>obfuscated</value>
          <value>captcha</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>8ae01e946b52ecdc38d02b3f394b70793c7a4628d7a46d204030311b9b447a93</id>
    <title>Analysis Report for 8ae01e946b52ecdc38d02b3f394b70793c7a4628d7a46d204030311b9b447a93</title>
    <updated>2026-07-06T20:28:57Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c1028e094c2d9580612e6</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c1006327f9453dea7d3df</flow_id>
        <hash>8ae01e946b52ecdc38d02b3f394b70793c7a4628d7a46d204030311b9b447a93</hash>
        <iocs>
          <urls>
            <value>
              <url>http://kikyou.info/tvp/</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>kikyou.info</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>118.243.118.230</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>118.243.118.230</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>72570613a3fefc15c5bf6b98ced66bf1</MD5>
              <SHA-1>0d15d6f55884bad382ea34903dda3fa352eaffc6</SHA-1>
              <SHA-256>20b9cd707c65cc843f7d2563c435706b2046467027fa8b1b9d3228acdf9027a5</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>1851d0e954ad42e878e34578e191cf51</MD5>
              <SHA-1>da678a4b489bfc75463a6d3dbdcc175d0ea85827</SHA-1>
              <SHA-256>504f021d98e63c377155d016a5fea4600458889948e90d2773b08eb554540573</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>5633737b11ac191e57ed40ed7fc04f35</MD5>
              <SHA-1>df84fc401d19571a1b91789553232393ab96f323</SHA-1>
              <SHA-256>536072e0dcc767a745aad5bc4ad2c5d5b56c84bec4dd03419b5001cc572da66d</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>fc9f801be2a50ec2fe735d07b4eef575</MD5>
              <SHA-1>4abe907e990b405e9a8fee8d65cb94883e5f5d69</SHA-1>
              <SHA-256>6e85598eb18a524a211adb5fd229f39e7731d073d795bf9d18af08c42b3c6e4b</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>08d2d68d0dedc8a59807b2ef1d2b7c5f</MD5>
              <SHA-1>475651a8d4238adb743e9b81b218de4c3df0e0bc</SHA-1>
              <SHA-256>72fdde783687e61eaf8a06621ff19a4fd7f5f640722b171458053d7b850731dc</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>1a7dc12edb7f2257c3da685f3df88bc6</MD5>
              <SHA-1>2879b9044482b6c5a04f855dfcb3e455ec37a4de</SHA-1>
              <SHA-256>7b3ba68f64c1df2e83d19e59dcb65f7e680b16e60cb6887ea182e85f81e6e62b</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>4101528654e8438b25bc7251ddd95569</MD5>
              <SHA-1>85ed590f1073a39131486feb335064fb9192b494</SHA-1>
              <SHA-256>d4699321cdce0c68ad43d8901c02cacee61a2230c66e087dd63f02912b607000</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>b0f9b3ac3fc88f16b4adddafc234b875</MD5>
              <SHA-1>47c4f9afa9b5765581dbce9dfa0e3c57385fe55d</SHA-1>
              <SHA-256>d6ef2faca356d0f5375ae2200179e8206dd4249891ac182be9cf33d41e7a24e9</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>494fe1ef829dd0862e82c051ea99ae9d</MD5>
              <SHA-1>c8186e5193466a6adeb75d29b338af17e3427140</SHA-1>
              <SHA-256>d89c4b3be9920277851273700773be70dd802fe3a9a61541ffbec50172630fe5</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>a40263c75fde7440b1086b7da9c51fc2</MD5>
              <SHA-1>139a84f87110fb5cb16a386adade21f30cae98b0</SHA-1>
              <SHA-256>e7dbe99baa5c1045cdf7004edb037018b2e0f639a5edcf800ec4514d5c8e35b5</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>c2e928251659bb221c63506f0fac824f</MD5>
              <SHA-1>303bc4c583f2160396bbc596938ebdad7f9610bb</SHA-1>
              <SHA-256>ed2e77399839b123b6ff343d3265b7a48ea5332b17a57e52686c4c1c14dfe0a2</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <registry>
            <value>
              <registry>SOFTWARE\Borland\Delphi\RTL</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Borland\Delphi\Locales</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Borland\Locales</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>System\CurrentControlSet\Control\Keyboard Layouts\%.8x</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>System\CurrentControlSet\Control\MediaResources\mci\cdaudio</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>System\CurrentControlSet\Control\MediaResources\mci\cdaudio\unit %d</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
        </iocs>
        <name>fata.exe</name>
        <report_id>cd14e237-101c-4455-84be-c5169fe3df0a</report_id>
        <tags>
          <value>peexe</value>
          <value>packed</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>keylogger</value>
          <value>overlay</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>expired-cert</value>
          <value>borland_c</value>
          <value>signed</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>14e294b14219ef44c380494df1dc88efc2f478c8caabd2f3fc179840a1d7c11a</id>
    <title>Analysis Report for 14e294b14219ef44c380494df1dc88efc2f478c8caabd2f3fc179840a1d7c11a</title>
    <updated>2026-07-06T20:28:32Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c100274fb2f5922b6c5ce</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c0ff0ec5a848c0d69327c</flow_id>
        <hash>14e294b14219ef44c380494df1dc88efc2f478c8caabd2f3fc179840a1d7c11a</hash>
        <iocs>
          <urls>
            <value>
              <url>https://sfd.saoimzopagamentohostailzo.lol/index.html</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://sfd.saoimzopagamentohostailzo.lol/index.html</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://sfd.saoimzopagamentohostailzo.lol/index.html</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>file:///tmp/tmpwy28kymi.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://sfd.saoimzopagamentohostailzo.lol/index.html</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>sfd.saoimzopagamentohostailzo.lol</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>sfd.saoimzopagamentohostailzo.lol</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>sfd.saoimzopagamentohostailzo.lol</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>sfd.saoimzopagamentohostailzo.lol</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.21.56.139</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>a61ed0b3cb7c996c4fa4eca44f6b45e3590dc64512d07ada66f56f99e14009aa</SHA-256>
              <SHA-1>1f4c93aaaca3781e3e32a35bfaab26e28dab60b5</SHA-1>
              <MD5>d33dba461abd9e8e66e7ca553e5c7650</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/html</file_type>
            </value>
            <value>
              <SHA-256>9fb563c6f5248efcf4c78d6c75d9a85aff0022a093913a780c66e8a712f591a1</SHA-256>
              <SHA-1>34e28e3598c8f3c10ec32c3893b91e889c3bd6b2</SHA-1>
              <MD5>6f4eace548886ca9bdfa22a30bf89ca4</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>08377fbc-8f43-4013-a312-8cdb1508c095</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>f3bbbf159bc0118d61c590b0ec381acc126fcde6c87f3f624748133120423974</id>
    <title>Analysis Report for f3bbbf159bc0118d61c590b0ec381acc126fcde6c87f3f624748133120423974</title>
    <updated>2026-07-06T20:28:26Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c100c74fb2f5922b6c5d2</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c0fe82c562ae7c822e172</flow_id>
        <hash>f3bbbf159bc0118d61c590b0ec381acc126fcde6c87f3f624748133120423974</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.microsoft.com/winfx/2006/xaml</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schemas.microsoft.com/winfx/2006/xaml/presentation</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://127.0.0.1</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schemas.microsoft.com/expression/blend/2008</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schemas.microsoft.com/winfx/2006/xaml</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schemas.microsoft.com/winfx/2006/xaml/presentation</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schemas.openxmlformats.org/markup-compatibility/2006</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://api-cdn.wemod.com/steam_community</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://james.newtonking.com/projects/json</url>
              <origin>DOTNET_DECOMPILATION</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://api.github.com/repos/k1tbyte/Wand-Enhancer/releases/latest</url>
              <origin>DOTNET_DECOMPILATION</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://api.github.com/repos/k1tbyte/Wand-Enhancer/releases?per_page=20</url>
              <origin>DOTNET_DECOMPILATION</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://github.com/k1tbyte/Wand-Enhancer</url>
              <origin>DOTNET_DECOMPILATION</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api-cdn.wemod.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>schemas.openxmlformats.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.github.com</url>
              <origin>DOTNET_DECOMPILATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>github.com</url>
              <origin>DOTNET_DECOMPILATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>james.newtonking.com</url>
              <origin>DOTNET_DECOMPILATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>140.82.121.6</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>185.199.108.153</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.20.24.149</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>140.82.121.4</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>00a4470a5e167413646bc8230e9919fd636cc0d3d09df2f4899732cc4af14871</SHA-256>
              <SHA-1>53237d918150c89787f94f23cae9a55771e8cb48</SHA-1>
              <MD5>dea376b84f9f27c1a0e0d60ef4466464</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>0cfd2eaa944211cab5763e4424a11170834a4709f8079e7528a2aa467399222d</SHA-256>
              <SHA-1>07243600ee359ec0aec8f75846f3bd722efa035c</SHA-1>
              <MD5>cab0ef0d6cf933e670e11f7ee695368e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>2a2d744b1611b2a222d2d427dc165265057051494f831fb64b05ada782ca1d6f</SHA-256>
              <SHA-1>ad37bea4f31e64d8afa0eb1d7db9a690cf69718d</SHA-1>
              <MD5>d031daceedf9f26d985abc4c4ca8586f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>2d0d3f16be4272435a2a37206e61c9eb57201b25e2a3bb186dddf189fb9ec1ad</SHA-256>
              <SHA-1>516a12854131f196a2cbe08bf4d75b4b303d519a</SHA-1>
              <MD5>6211b1808d20c8a1323ed8510dde2723</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>49f7cd62e6a2912192220786395340a3a0bf83cbb1bae97cca5f2c995fd45aa6</SHA-256>
              <SHA-1>c6644d9d51a19f8b53e2fc1d1b4fc7860d30023e</SHA-1>
              <MD5>4b7df4f19128bd83904d668aff74bb09</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a</SHA-256>
              <SHA-1>cac699787884fb993ced8d7dc47b7c522c7bc734</SHA-1>
              <MD5>b7db84991f23a680df8e95af8946f9c9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>6cfad024454bb0dad1057f37e07a928a5f9b5d754c571c8445c377e8d2aff847</SHA-256>
              <SHA-1>520e44ededdda28ac74210e33919387e01e73bda</SHA-1>
              <MD5>27858cc1fe87283d9fd123135dbc96fe</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>89b4527ed664a52e99fb00e11b28418532b34b316341a26399e9949e740ec68f</SHA-256>
              <SHA-1>490208647ab593f890e9c948e8ba9e3c8d6538b4</SHA-1>
              <MD5>1bda69037692e04f396633ea11990a20</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>02b4f0fc710ba45769e81743ee160227abba962337658e0e0c11512739450634</SHA-256>
              <SHA-1>9426404af5d8a988c68501d996100d1b4a15148d</SHA-1>
              <MD5>702ab7055589f4ac4a8a1a58353b7f9b</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>35f0ddcff2b3959767198a70f626c33002389b157653432b0bbe3070df06a5da</SHA-256>
              <SHA-1>940d248dfe7c5b20ade1e15d76599151ee56527a</SHA-1>
              <MD5>b2843eb843e42643c9c2d18fa7cbc197</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>5b6b40a40211d41473acb418e319cfda7e021afb1a28f214018f2c77ce156c5e</SHA-256>
              <SHA-1>1a2731cbe8c38ad48ea8fc17e1a20a74f268782f</SHA-1>
              <MD5>d6c4078b7d698ce3ca0c6d588e4b736a</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>682d119dbabad2345b241005a62d1b6b405fbe2b0147457aeaf4168cd3f33a2a</SHA-256>
              <SHA-1>ccdeee61458d80eba8b3fc93392288740f968802</SHA-1>
              <MD5>f5c5d97b83115968ce50f9c4499344bb</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>8033980a225ef8123afb045b3e849be637c4f1af91dab30621f5a075bdf37d7f</SHA-256>
              <SHA-1>c33c568e11e50bc58ec11e2de7c8e34620722fff</SHA-1>
              <MD5>7efce3064119839cdd5dcd390f056928</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>98b2115f023a74c48acbe3cb72e8b992ac4e4ccd2251d4652cf570bee28f4b32</SHA-256>
              <SHA-1>456e2c0ff87ec3fd80e42507c7e6d007f5663e30</SHA-1>
              <MD5>4c7d515f5d198f7809b55676b45554b6</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>b226c7d5418ff57894c68a95487cc6404ca4c3bc1ec99d4b951db7a0f1b21bbe</SHA-256>
              <SHA-1>6bc7f4713c585fc36a5846909504b4e6237d2946</SHA-1>
              <MD5>810d6ca2604491191d3eb20b1d2f10d9</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>bdb7736db887df2a9342dfdceb5bd8b692b1748daa40fdec4dc8c38ca056086b</SHA-256>
              <SHA-1>8a4337e0d942bb64363c266e1a28d569da660b18</SHA-1>
              <MD5>679e1fbca5545a1cb62b730981ec8367</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>c659e9b49a3a4c8ab5732674b070d13a4bdebe918c8479b7332cab1561d3b2a9</SHA-256>
              <SHA-1>e9a7e9eefbb45210a42fd64bc2286fe39b367ac8</SHA-1>
              <MD5>79a0f53f731b677932afcc84e8122913</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>cc502a54d152b35236c8ab706a1decfdcfe2ebc4add8d0db004b85bfabe02b57</SHA-256>
              <SHA-1>84a567bbc4c7fc18009f5aaa9f4c7af6433cba23</SHA-1>
              <MD5>d47309af9d93092304357e937c29d3dd</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>38de3f705969392e8f1e1ef49034caea4184bfde6976cc9c608e47a68ff5f710</SHA-256>
              <SHA-1>ef206adf2c5881bca2b490ea4b4e661f5869bfe3</SHA-1>
              <MD5>a993e3cbf450d4c96f6ae065bc09c2c7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>6c665d903371899002a4627928b9ba6463b6002953bb60a84005b5ae8329ad1d</SHA-256>
              <SHA-1>3dde1ea328cc5c287cc72e25fb5950ee175dc4a7</SHA-1>
              <MD5>f2ecbf78b1c91ef944d2e3b53527b983</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>2fa40a00769fdcdca3d21eb0e54b40d7eba5bfce7c77364a84a72f36c1f0b692</SHA-256>
              <SHA-1>b00db3c6a2e542541b56e66b54069058ae18bd2c</SHA-1>
              <MD5>c12171b77d275054c659e0ca867cd205</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>9a34e93671d0d1efa292a2546a5659a67d9c93d2b289056a855dc482f67b6ddc</SHA-256>
              <SHA-1>1ca29166e93b1c5cb147df40ec0103d171dee95d</SHA-1>
              <MD5>13053b2ab90138e92741c4a77472f072</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e15365c4403c60b51090f6311b2c8b0b5044e138b6e93ccf5530f911bce81a77</SHA-256>
              <SHA-1>8f9c5062539620c9fe113117147574f2be7e75fc</SHA-1>
              <MD5>0299e92bcda04125f3d6c865c95e53e0</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>853b0d290303c7e5aafcb2c3257319797c6bd758fdea8aebe7447deceee98272</SHA-256>
              <SHA-1>8baa78172b9ee32d0654f79f2944f6cc48b6f296</SHA-1>
              <MD5>61b9b2a6c5b8ff24aa2317d26be88e2a</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>258EAFA5-E914-47DA-95CA-C5AB0DC85B11</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>WandEnhancer.exe</name>
        <report_id>5f8776e1-c740-4ea9-922f-7daf708b3075</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>json</value>
          <value>dotnet_pe</value>
          <value>anti-vm</value>
          <value>base64</value>
          <value>obfuscated</value>
          <value>reconnaissance</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>4b06e4c33a3ed62617c059ef47629b426971f2796f486449e19ae421f229fc16</id>
    <title>Analysis Report for 4b06e4c33a3ed62617c059ef47629b426971f2796f486449e19ae421f229fc16</title>
    <updated>2026-07-06T20:28:20Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0ff5e094c2d9580612d6</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c0fe23abf2760bd72ca98</flow_id>
        <hash>4b06e4c33a3ed62617c059ef47629b426971f2796f486449e19ae421f229fc16</hash>
        <iocs>
          <btc_wallets>
            <value>
              <btc_wallet>x11a0d:$btc: 3RWbDejiFbAi847yujDXSjEfZ</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x1e37c:$btc: 3jLtvur7uYWHgy9foGC5ANV65fFcbH5pj</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x21f16:$btc: 1vTtcKTQszJyH4RvjKdRxWDB3kEy4Pu</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x2a619:$btc: 31xFcEb6iwKp8x5MLXbguEqVBM</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x501d2:$btc: 1RUYzKfq2epjtTUpFcqsPC5X3esB</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x5fee1:$btc: 3HcFtMokHqvB8KqppMtdrdjwu</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x71195:$btc: 16fkEXVSwc1bPshe5cyGsVSG6</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x7b0dd:$btc: 3bGPjEGh3f3Yc6U8dHy1e31JD</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x7cbd2:$btc: 3shsTkWG7Rp8EsdPKADZzJ3wuH</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x84bb8:$btc: 1qWNjyVCHtykqvVMr2Tbz6NdsV</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>_4b06e4c33a3ed62617c059ef47629b426971f2796f486449e19ae421f229fc16.txt</name>
        <report_id>1310f5bb-db5d-4852-b578-22f7c6a3e31b</report_id>
        <tags>
          <value>txt</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>cc668803553940c2c7ee1f6e7929d487b7c07fc41d8bc3f19c773bb67bf27eaf</id>
    <title>Analysis Report for cc668803553940c2c7ee1f6e7929d487b7c07fc41d8bc3f19c773bb67bf27eaf</title>
    <updated>2026-07-06T20:27:29Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0fccff2e0900e305ac46</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4c0fb0327f9453dea7d3ce</flow_id>
        <hash>cc668803553940c2c7ee1f6e7929d487b7c07fc41d8bc3f19c773bb67bf27eaf</hash>
        <iocs/>
        <name>Mozi.a.elf</name>
        <report_id>728ec82c-fb2b-4eef-856b-359f6e8bb735</report_id>
        <tags>
          <value>elf</value>
          <value>masquerade</value>
          <value>rust</value>
          <value>mirai</value>
          <value>similar-threat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>7d94bd93047d469bdfd6c0a21fc1256495b0fd2ee86b865f6a24b8cbae86484c</id>
    <title>Analysis Report for 7d94bd93047d469bdfd6c0a21fc1256495b0fd2ee86b865f6a24b8cbae86484c</title>
    <updated>2026-07-06T20:27:29Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0fb474fb2f5922b6c5be</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0faf3abf2760bd72ca22</flow_id>
        <hash>7d94bd93047d469bdfd6c0a21fc1256495b0fd2ee86b865f6a24b8cbae86484c</hash>
        <iocs/>
        <name>Firefox.exe</name>
        <report_id>66660a31-70e3-439a-8bda-37668be3c0bb</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b2fe0f8cd0adb1d221d662e5f33b36b8245413178d8986b0d6dd3c42fc6d78de</id>
    <title>Analysis Report for b2fe0f8cd0adb1d221d662e5f33b36b8245413178d8986b0d6dd3c42fc6d78de</title>
    <updated>2026-07-06T20:27:23Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0fc474fb2f5922b6c5c1</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0faa9a95790273309aa8</flow_id>
        <hash>b2fe0f8cd0adb1d221d662e5f33b36b8245413178d8986b0d6dd3c42fc6d78de</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.microsoft.com/SMI/2020/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://crashpad.chromium.org/</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://crashpad.chromium.org/bug/new</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>crashpad.chromium.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>appro@openssl.org</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.121</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>110d31262fc1d5c2a33c27059c94469b6fb4f7e4e16a91572c0492795c3f21b7</SHA-256>
              <SHA-1>db94b2c361fd617c8ef978dc1e4e5f71e0538d7c</SHA-1>
              <MD5>f5a0e41bc60f9722f17d2eec66a72996</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>18621604c0b5f4229416994b569e2afda775a608e1759d5ba7082a31458e1169</SHA-256>
              <SHA-1>20e3548d16dbba68b8f322a1c4f7086e38110d10</SHA-1>
              <MD5>d790cb9b9086f45ea53fec385891355d</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>1d5368b17f83b194d52f24898fecb4f4dc49f8dd2b20bafbc84782be09aa8487</SHA-256>
              <SHA-1>82e6b5d38c09c026481addc31f486d4cec731d9c</SHA-1>
              <MD5>c46360a17c78054d8d6ff5d3bc8e0a11</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>262cab3d9d9e93880f428e4d5a227bc5839a826c2d72f2efaf671c53a8bccf73</SHA-256>
              <SHA-1>9f118ef7776747414d786bc102778958c1909a2d</SHA-1>
              <MD5>172fdbf6f0a2a563c7c3f67318ddbaf7</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>301dd8bfa3367d885952e01ba38c8e559b775e5bfa9ee827f82b000f76b080df</SHA-256>
              <SHA-1>bd21321b0e1cba575c7ee32d47710a69a74f5bb8</SHA-1>
              <MD5>850525ed1a5f92b8fab9bf7b48da34bd</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>382df7538aaafc68c28c1277af8f37862d3b5e5b215ac21bb8adbb3bc98b8e23</SHA-256>
              <SHA-1>aaf07f89ca1923940f8cb342a2dcb6fccc5ee748</SHA-1>
              <MD5>1dd3c75ab1275449627d0122524476b5</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>615c69d776ee8f53b6cf2869f171bd83e2ac8d939c53d118ba13c8069a9f602e</SHA-256>
              <SHA-1>d1477594ce09ec9cabd9156d7284ac7f76acb8db</SHA-1>
              <MD5>c257902b6e9ac104240feb7d8cfec43b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>7abae35099733d994c7168b58edf433d9a87096ffacdbee04cacc5a05dd84909</SHA-256>
              <SHA-1>97243c848ad1a29da52855996d88fbdb092ef48f</SHA-1>
              <MD5>1d631f6d8fa19398d2df5863be341a2c</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>9260d8b6f0fd7fc00e9a960db1b1283180efd59049be2c8867a4e660b1ff0123</SHA-256>
              <SHA-1>595b39dc0c92b6e3943ea918a213cec58503daf4</SHA-1>
              <MD5>7a8fd82c16489f1ed6e5cdc5dc38c815</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>977990ecb2a3a7bf7ef2edea2c484b538b73476eb46722791fb8591d19bcda4a</SHA-256>
              <SHA-1>3090f24b36ec71739d9820d550aa3f4eed8e52e9</SHA-1>
              <MD5>44ecf3fd91cf33cfb4535bb2ea59e27a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>999478dcbeb8d174935ae33d99a001b6c3c10fd05ebb26ed5860c03d3cf37725</SHA-256>
              <SHA-1>b3e7d09d04645b8944adcdc3df05cd304136b3f4</SHA-1>
              <MD5>ec8d8304ff7e81b40b132e500a8016a0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>a3fd88d04a6614f356467a620718260626c6883036f30ef4b9a06cca3b47a959</SHA-256>
              <SHA-1>df682158d347aa994435fa94645b49070a2a5ae3</SHA-1>
              <MD5>b8dc7c60ffd9fbd6e5f52727ed30aade</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>a8589c4aab8ed377a9602ef5bf3b6565e45a3357911efd6048f38a56b0a102c7</SHA-256>
              <SHA-1>821091dda1f7b14e9d84a2114021773366aead18</SHA-1>
              <MD5>faaa6b184f0de776b3694d7333bb7dd3</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>aaf574922157b9999a788235f28a029a46cffe59b38846f5f542aa0f1251809e</SHA-256>
              <SHA-1>a0b2eb228b41f93ce488e7e0a958c9597893c9d9</SHA-1>
              <MD5>62f774ad10214be95480f8583ce09acc</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>c714566bd8b7f0be360e68950a5615a2fb365d53b14ea7c2812f23c458497799</SHA-256>
              <SHA-1>3800127e39a03ea9b2a9f79538d40227ef4d0c89</SHA-1>
              <MD5>11921cfff61b5877c53bb37c86b6d09c</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>cbef4b9a98a6118f2665822d7a2868b8a4645f36c517627e3f4fe361f128ee32</SHA-256>
              <SHA-1>7f427a32af62958ee729a48113126b0034f8338d</SHA-1>
              <MD5>a29215c2d08412d0a09089bece74a8d8</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>d2e08e13576a7c8a812f415d8fd7df49fb89df926ab8736101370272945c0f4c</SHA-256>
              <SHA-1>44ae23ef17461db3d2db7070eaaea8a3a0c24e72</SHA-1>
              <MD5>61e096a903141e393cbe27b6682a0c32</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>f269848277f345c8fc62634f14c012bc8ee1afa4887e8819228e99c6915bbdf3</SHA-256>
              <SHA-1>36e5ac25f4b4f4b869d109c0072da7f6f1fd03c2</SHA-1>
              <MD5>d720ab3b897affd8516a5c73e9020b19</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>f5feb3ba96da36d90fb879e6f1af274a1c5f6fd4ba68332b1c25d97c6508d062</SHA-256>
              <SHA-1>0de249b988a94d3374bbf9eb3585f00ace2e5499</SHA-1>
              <MD5>7ab8c3240114b0f7ebc42c5c489060f6</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>553b56576f8629caa450a872d424500c0bca48a591f957fbadaadab6b869f3bb</SHA-256>
              <SHA-1>c4fd8c6a040497412df39828c1da275afec99966</SHA-1>
              <MD5>e5a257e76ae6b0ba0ccd0b47929ba19e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b3bdddd1d91c97286142dad83bead0a5e6d1b3a6ec8e97fa68d6637de5f729d7</SHA-256>
              <SHA-1>a2ce53b2bb8fea43315ba575c7ff67e6d51ecbbe</SHA-1>
              <MD5>d90462a0cf7d111db9af6cdb1f6d498e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>SOFTWARE\Microsoft\Windows NT\CurrentVersion</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
        </iocs>
        <name>Game.exe</name>
        <report_id>b2c4e816-29f0-4815-85b0-71ca45eedefd</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>anti-vm</value>
          <value>cmd</value>
          <value>lolbin</value>
          <value>rundll32</value>
          <value>crypto</value>
          <value>expand</value>
          <value>explorer</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>obfuscated</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>393b889c4d3cb7e1a030575af2a0a5664693b3e16c1c3879fbec24c81849b3ad</id>
    <title>Analysis Report for 393b889c4d3cb7e1a030575af2a0a5664693b3e16c1c3879fbec24c81849b3ad</title>
    <updated>2026-07-06T20:25:48Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0f5e0bc678ad76e5c72b</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0f482c562ae7c822e0b4</flow_id>
        <hash>393b889c4d3cb7e1a030575af2a0a5664693b3e16c1c3879fbec24c81849b3ad</hash>
        <iocs>
          <urls>
            <value>
              <url>https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>140.82.121.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>140.82.121.3</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>1e4a89b11eae0fcf8bb5fdd5ec3b6f61</MD5>
              <SHA-1>4260284ce14278c397aaf6f389c1609b0ab0ce51</SHA-1>
              <SHA-256>4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>ff9f975c76b8f72385e508a83c9a54a0</MD5>
              <SHA-1>b93ddfcd83457bac922c3a5ad965ddbe0378f685</SHA-1>
              <SHA-256>8fd0fe5731a3bc57f5f2bfdec777d8b4fc281d29e7a253098e7b492b0ed0a4ba</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <MD5>6b5fe71e8cc8b97946a430416ebf574a</MD5>
              <SHA-1>367b87dc21ac824202fe9785d493787ff2add15c</SHA-1>
              <SHA-256>5c5346923f5d5f26f67260bce52a3dedad8c0f098300238a428610b1fe17c19d</SHA-256>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <MD5>e61d9b50d3f6f5c54d485659ef28c130</MD5>
              <SHA-1>a2124a5ac42ef01679b481833594c0de5224a26c</SHA-1>
              <SHA-256>5e02e6026a605434493f887b889ea80926ff96e1312758eec1e51eb9061e18a6</SHA-256>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <MD5>e582b4b07134008c77d40427ffd7333e</MD5>
              <SHA-1>b06465f762bc91cd4472c596e25224a7a0fe0a34</SHA-1>
              <SHA-256>a83f6ce19c10802d8964c01f0f2eb1d33c85246d95105e4225d6f410f2fb1afe</SHA-256>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>UCRobloxExternal.exe</name>
        <report_id>ecf773ff-c22e-4f44-ab07-f929ddead198</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>json</value>
          <value>unsafe</value>
          <value>keylogger</value>
          <value>anti-debug</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>base64</value>
          <value>obfuscated</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b70633196b0420696db583ea6663f78507860578062c6e3e2591ee77acdc83f8</id>
    <title>Analysis Report for b70633196b0420696db583ea6663f78507860578062c6e3e2591ee77acdc83f8</title>
    <updated>2026-07-06T20:25:37Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0f5474fb2f5922b6c5ab</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c0f409a95790273309a48</flow_id>
        <hash>b70633196b0420696db583ea6663f78507860578062c6e3e2591ee77acdc83f8</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.mediafire.com/file/j8wl2q5b4s5d7xv/release.rar/file</url>
              <origin>MALWARE_CONFIG</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>www.mediafire.com</url>
              <origin>MALWARE_CONFIG</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.17.147.83</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>b3f62d52a19ade95a98f69f312c77d8ce25fc64a13aa46bd154425e52e14c123</SHA-256>
              <SHA-1>f1a384330b7b49ce979fc0ab6418b9d81ae9210d</SHA-1>
              <MD5>3673a8f10cd69a66595de051fe25b46a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f</SHA-256>
              <SHA-1>879dcf690e5bf1941b27cf13c8bcf72f8356c650</SHA-1>
              <MD5>a19a2658ba69030c6ac9d11fd7d7e3c1</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>93cec8980997921cb7c53e4489809bdc001f525db79658d943fed5e7bde94c1a</SHA-256>
              <SHA-1>f62291f98c62384a05cd85fa17d7402070e5691d</SHA-1>
              <MD5>55da61a0e2b39fbf34d246e466761b54</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </files>
        </iocs>
        <name>DekoLauncher_build.exe</name>
        <report_id>699ed612-4285-40a3-a203-a7556a8fb081</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>dotnet_pe</value>
          <value>xor-url</value>
          <value>explorer</value>
          <value>lolbin</value>
          <value>obfuscated</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>f8c23af182281c832e36b8c8de00b98bced562fb79cc8014b113c6b4b71fb13a</id>
    <title>Analysis Report for f8c23af182281c832e36b8c8de00b98bced562fb79cc8014b113c6b4b71fb13a</title>
    <updated>2026-07-06T20:23:09Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0ec674fb2f5922b6c591</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c0eac9a957902733099b5</flow_id>
        <hash>f8c23af182281c832e36b8c8de00b98bced562fb79cc8014b113c6b4b71fb13a</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.mediafire.com/file/j8wl2q5b4s5d7xv/release.rar/file</url>
              <origin>MALWARE_CONFIG</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>www.mediafire.com</url>
              <origin>MALWARE_CONFIG</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.17.148.83</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>5079d0a41fdb057bd7ee552a5d4dd8f84d2e51e53e5f1784b49ef7febbd64781</SHA-256>
              <SHA-1>3b4fcb21fa3766d53edbc48eb9640b003200bda8</SHA-1>
              <MD5>42b9baa73ce09853746af9b2e5a084e9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f</SHA-256>
              <SHA-1>879dcf690e5bf1941b27cf13c8bcf72f8356c650</SHA-1>
              <MD5>a19a2658ba69030c6ac9d11fd7d7e3c1</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>6af738674b08f83a751aee7aa58a7d0e6f0ec359db667a7810bea09461d37235</SHA-256>
              <SHA-1>b5d2556379aa2ac487399c1480a92ad1e63c9256</SHA-1>
              <MD5>974f0ba9f115d8eb73496c740b410c94</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>audio/vnd.wave</file_type>
            </value>
            <value>
              <SHA-256>216686a430266067a633296180285d1b9c90a997b51dacde68294fb0cdcca902</SHA-256>
              <SHA-1>d35e8c6e418cc9cc5fd6b059bbc58f16f92a334b</SHA-1>
              <MD5>671c9bc4d088ee72cb8acfc51fb96bb2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/x-rar-compressed; version=5</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>DekoLauncher.exe</name>
        <report_id>fe5bd67a-fe3c-4aa0-ae89-bdfb2b140df5</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>xor-url</value>
          <value>explorer</value>
          <value>lolbin</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>9c2c6d1c06aa45628aefedb589cee71057e4ea6817bec64150df7f04daa33a59</id>
    <title>Analysis Report for 9c2c6d1c06aa45628aefedb589cee71057e4ea6817bec64150df7f04daa33a59</title>
    <updated>2026-07-06T20:21:45Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0e7174fb2f5922b6c580</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c0e58def7044af0b84a6f</flow_id>
        <hash>9c2c6d1c06aa45628aefedb589cee71057e4ea6817bec64150df7f04daa33a59</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>4fc784db7849eb961ba097b8c06e1f9c848c135ae058556d06dd772590361630</SHA-256>
              <SHA-1>55d4e72a4c2ce87cd3dad77a4d5ed31a37b3f98d</SHA-1>
              <MD5>c1399bb796be6e3f0b8cca2fe1018b71</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>61c97f3ebb21bded2ed50fd0490fbb50eefbeb92e78b1eb15695675d03f3165e</SHA-256>
              <SHA-1>272afbc01ea9cbadcf3c0d9cc24de712e8136340</SHA-1>
              <MD5>72f267e776e912f3357a9e86eb467fff</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>Chrome.exe</name>
        <report_id>16522d5b-7b62-4c5e-8574-2ff4e0fc6f6f</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>cmd</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>1364110614ac2bcc4adc529cb9cc2240ce278d390a8d2c2de15bc21107f09af8</id>
    <title>Analysis Report for 1364110614ac2bcc4adc529cb9cc2240ce278d390a8d2c2de15bc21107f09af8</title>
    <updated>2026-07-06T20:21:08Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0e3c74fb2f5922b6c575</_id>
        <file_type>application/x-sharedlib</file_type>
        <flow_id>6a4c0e339a95790273309939</flow_id>
        <hash>1364110614ac2bcc4adc529cb9cc2240ce278d390a8d2c2de15bc21107f09af8</hash>
        <iocs>
          <btc_wallets>
            <value>
              <btc_wallet>1a5444f76eeafca12192e99d27b1c9e7</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>3b9ade1d6444eeba12f74826fb198ff7</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>fusermount3</name>
        <report_id>28f3860d-7437-4c67-9cf9-d642b5c2d923</report_id>
        <tags>
          <value>elf</value>
          <value>elf-shared</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c9570f664f4af2a470c1e739e11579949afa11f763b867b98f09c953e220086a</id>
    <title>Analysis Report for c9570f664f4af2a470c1e739e11579949afa11f763b867b98f09c953e220086a</title>
    <updated>2026-07-06T20:20:44Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0e3dff2e0900e305abff</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c0e1a2c562ae7c822df17</flow_id>
        <hash>c9570f664f4af2a470c1e739e11579949afa11f763b867b98f09c953e220086a</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e</SHA-256>
              <SHA-1>bac45b86a9c48fc3756a46809c101570d349737d</SHA-1>
              <MD5>24d3b502e1846356b0263f945ddd5529</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <SHA-256>4b3d3e8851f32823f85273d21c7c22ca71f5ece97a22b2e106f83f1f828b7013</SHA-256>
              <SHA-1>beb33dcceee2b7c221ef8f178baa43b911d2be18</SHA-1>
              <MD5>0b8e919224db46c321c7b9966851e480</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>1f67f21c4be481e48bea682c996d6b6d</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>xa70b3:$btc: 1QGLContextGroupResourceBas</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>QtOpenGL4.dll</name>
        <report_id>87552647-bfac-4424-b579-7888667a2288</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>crypto</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c9570f664f4af2a470c1e739e11579949afa11f763b867b98f09c953e220086a</id>
    <title>Analysis Report for c9570f664f4af2a470c1e739e11579949afa11f763b867b98f09c953e220086a</title>
    <updated>2026-07-06T20:19:56Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0e0374fb2f5922b6c569</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c0de92c562ae7c822deab</flow_id>
        <hash>c9570f664f4af2a470c1e739e11579949afa11f763b867b98f09c953e220086a</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e</SHA-256>
              <SHA-1>bac45b86a9c48fc3756a46809c101570d349737d</SHA-1>
              <MD5>24d3b502e1846356b0263f945ddd5529</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <SHA-256>4b3d3e8851f32823f85273d21c7c22ca71f5ece97a22b2e106f83f1f828b7013</SHA-256>
              <SHA-1>beb33dcceee2b7c221ef8f178baa43b911d2be18</SHA-1>
              <MD5>0b8e919224db46c321c7b9966851e480</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>xa70b3:$btc: 1QGLContextGroupResourceBas</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>1f67f21c4be481e48bea682c996d6b6d</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>QtOpenGL4.dll</name>
        <report_id>ac419c8c-7be0-4ba3-bea4-9859f03ce3f8</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>crypto</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>8aeeb278ad07b8f62d6b713c1ed67cdc9a72a99398c52c7f671084c619794b55</id>
    <title>Analysis Report for 8aeeb278ad07b8f62d6b713c1ed67cdc9a72a99398c52c7f671084c619794b55</title>
    <updated>2026-07-06T20:19:29Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0e0174fb2f5922b6c567</_id>
        <file_type>application/x-powershell</file_type>
        <flow_id>6a4c0dce9a9579027330988d</flow_id>
        <hash>8aeeb278ad07b8f62d6b713c1ed67cdc9a72a99398c52c7f671084c619794b55</hash>
        <iocs/>
        <name>obfuscated.ps1</name>
        <report_id>d655f900-752d-4988-aebe-7f0220d5fa90</report_id>
        <tags>
          <value>powershell</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>fe1939ffa824cedd01686d9ea1f3a1753fb87b6f06d51af47dd1f202e986509f</id>
    <title>Analysis Report for fe1939ffa824cedd01686d9ea1f3a1753fb87b6f06d51af47dd1f202e986509f</title>
    <updated>2026-07-06T20:18:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0dcc74fb2f5922b6c55b</_id>
        <file_type>application/x-sharedlib</file_type>
        <flow_id>6a4c0d7c9a9579027330980c</flow_id>
        <hash>fe1939ffa824cedd01686d9ea1f3a1753fb87b6f06d51af47dd1f202e986509f</hash>
        <iocs>
          <ips>
            <value>
              <ip>127.0.0.53</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>127.0.0.54</ip>
              <origin>INPUT_FILE</origin>
            </value>
          </ips>
        </iocs>
        <name>systemd-resolved</name>
        <report_id>aded83eb-a48a-473e-8fa0-c1ca2a49ee31</report_id>
        <tags>
          <value>elf</value>
          <value>elf-shared</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>91beeff1c0e97c128278cadb7767a69ea34d733ff02808f8bba53e3dcb791bba</id>
    <title>Analysis Report for 91beeff1c0e97c128278cadb7767a69ea34d733ff02808f8bba53e3dcb791bba</title>
    <updated>2026-07-06T20:18:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0dbb74fb2f5922b6c552</_id>
        <file_type>application/x-sharedlib</file_type>
        <flow_id>6a4c0d7c9a9579027330980c</flow_id>
        <hash>91beeff1c0e97c128278cadb7767a69ea34d733ff02808f8bba53e3dcb791bba</hash>
        <iocs>
          <btc_wallets>
            <value>
              <btc_wallet>14b219c25c85126f4ecdfb382ac76e3f</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>systemd-cgroups-agent</name>
        <report_id>80824380-1a62-4e4a-8877-f7a155033d51</report_id>
        <tags>
          <value>elf</value>
          <value>elf-shared</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>96bc343e893bb0128210de955338ad04f582628268be0518fff3b0d4cc617bec</id>
    <title>Analysis Report for 96bc343e893bb0128210de955338ad04f582628268be0518fff3b0d4cc617bec</title>
    <updated>2026-07-06T20:18:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0dbd74fb2f5922b6c554</_id>
        <file_type>application/x-sharedlib</file_type>
        <flow_id>6a4c0d7c9a9579027330980c</flow_id>
        <hash>96bc343e893bb0128210de955338ad04f582628268be0518fff3b0d4cc617bec</hash>
        <iocs/>
        <name>systemd-socket-proxyd</name>
        <report_id>6122f4be-0991-453e-8910-3cb4759a322f</report_id>
        <tags>
          <value>elf</value>
          <value>elf-shared</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3cc2c93d558d808258c87409b268151e8965d88bb76f6427984db2f61dd183ea</id>
    <title>Analysis Report for 3cc2c93d558d808258c87409b268151e8965d88bb76f6427984db2f61dd183ea</title>
    <updated>2026-07-06T20:18:04Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0dc474fb2f5922b6c558</_id>
        <file_type>application/x-sharedlib</file_type>
        <flow_id>6a4c0d7c9a9579027330980c</flow_id>
        <hash>3cc2c93d558d808258c87409b268151e8965d88bb76f6427984db2f61dd183ea</hash>
        <iocs>
          <btc_wallets>
            <value>
              <btc_wallet>11bc61a5cdaee16917ab6ed9f9b81249</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>systemd-import-fs</name>
        <report_id>72bc1ad3-f323-4212-ba4c-508a40cbe005</report_id>
        <tags>
          <value>elf</value>
          <value>elf-shared</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3a8c8062e19d6110e95ddfbfbb15e3a4943c8a181059aef6e077a2c4e8bf406a</id>
    <title>Analysis Report for 3a8c8062e19d6110e95ddfbfbb15e3a4943c8a181059aef6e077a2c4e8bf406a</title>
    <updated>2026-07-06T20:17:37Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0d9e0bc678ad76e5c6db</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c0d615a5245447d9c2bef</flow_id>
        <hash>3a8c8062e19d6110e95ddfbfbb15e3a4943c8a181059aef6e077a2c4e8bf406a</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.icontact.com/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schema.org/True</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://cdn.ziffstatic.com/jst/zdconsent.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://en.wikipedia.org/wiki/Digital_marketing</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://en.wikipedia.org/wiki/Email_marketing</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://fast.wistia.net/assets/external/E-v1.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&amp;display=swap</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Protest+Riot&amp;display=swap</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Roboto:wght@400;500&amp;display=swap</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Rubik:wght@500;700&amp;display=swap</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://help.icontact.com/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://icontact.my.salesforce-scrt.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/js/bootstrap.min.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://privacyportal.onetrust.com/webform/f73513a8-7a10-4a9d-939a-703f8d994839/0261e617-e956-4778-beb5-d8bcb9295c41</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://schester.beer/file.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://tags.fullcontact.com/anon/fullcontact.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://twitter.com/iContact</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.clarity.ms/tag/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.facebook.com/iContact</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/about-us/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/awards/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/contact/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-automation-tools/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-building-tools/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-insights-and-analytics-tools/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-list-management-and-growth-tools/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-marketing-integrations/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/icontact-for-salesforce/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/social-platform-posting/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/industries/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/resources/blog/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/resources/glossary/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/signup/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/bt-bb-ab/css/experiment-frontend.css?ver=2.5.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/bt-bb-ab/js/bt_conversion-min.js?ver=2.5.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/nelio-ab-testing/assets/dist/js/visitor-type.js?ver=287e8e4cd3bcff28c95d</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/searchwp-live-ajax-search/assets/javascript/dist/script.min.js?ver=1.8.7</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/searchwp-live-ajax-search/assets/styles/style.min.css?ver=1.8.7</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/seoai-client/assets/css/front.min.css?ver=2.22.8</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/seoai-client/assets/js/front.min.js?ver=2.22.8</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=4.0.3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-css/style.css?v=1.0.01783368398&amp;ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/functions.js?v=1.0.01783368398&amp;ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/jq.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/slick.min.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/04/cropped-icontact-logo-180x180.png</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/04/cropped-icontact-logo-192x192.png</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/04/cropped-icontact-logo-32x32.png</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/css/dashicons.min.css?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/oembed/1.0/embed</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.icontact.com%2F</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.icontact.com%2F&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-json/wp/v2/pages/82</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/xmlrpc.php?rsd</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.instagram.com/icontact/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.linkedin.com/company/icontact</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.youtube.com/user/icontact</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/api/tracking.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/static/dist/icontact-api.css</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/static/dist/icontact-api.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://x.com/iContact</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://www.icontact.com/a.pl/144186#</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.com/bat.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.com/p/action/25020686.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/action/0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/action/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=735eb053-1f24-43d0-98bc-e1e3904f603e&amp;bo=5&amp;pi=918639831&amp;lg=en-US&amp;sw=800&amp;sh=600&amp;sc=24&amp;nwd=1&amp;tl=iContact%20%7C%20Easy%20Email%20Marketing%20Platform%20for%20Businesses&amp;p=https%3A%2F%2Fwww.icontact.com%2F%3Fafid%3D144186&amp;r=&amp;lt=716&amp;evt=pageLoad&amp;sv=2&amp;asc=D&amp;cdb=AQEV&amp;rn=574294</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/actionp/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=735eb053-1f24-43d0-98bc-e1e3904f603e&amp;bo=1&amp;evt=consent&amp;src=update&amp;cdb=AQEV&amp;asc=D</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/actionp/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=735eb053-1f24-43d0-98bc-e1e3904f603e&amp;bo=2&amp;evt=consent&amp;src=update&amp;cdb=AQEV&amp;asc=D</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/actionp/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=735eb053-1f24-43d0-98bc-e1e3904f603e&amp;bo=3&amp;evt=consent&amp;src=update&amp;cdb=AQEV&amp;asc=D</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bat.bing.net/actionp/0?ti=25020686&amp;tm=gtm002&amp;Ver=2&amp;mid=735eb053-1f24-43d0-98bc-e1e3904f603e&amp;bo=4&amp;evt=consent&amp;src=default&amp;cdb=AQEV&amp;asc=D</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://browser.sentry-cdn.com/9.6.1/bundle.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/consent/0a882b5f-978a-4fe4-a910-ce62dedb1308/019e0d4c-7328-7201-b60b-e5323f61261c/en.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/consent/0a882b5f-978a-4fe4-a910-ce62dedb1308/0a882b5f-978a-4fe4-a910-ce62dedb1308.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/scripttemplates/202604.2.0/assets/otCommonStyles.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/scripttemplates/202604.2.0/assets/otFloatingRounded.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/vendorlist/googleData.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.cookielaw.org/vendorlist/iab2V2Data.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.ziffstatic.com/jst/otBannerSdk.202604.2.0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.ziffstatic.com/jst/otTCF.202604.2.0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.ziffstatic.com/jst/zdconsent_eu.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://connect.facebook.net/en_US/fbevents.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://connect.facebook.net/signals/config/407843040382976</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://connect.facebook.net/signals/config/407843040382976?v=2.9.349&amp;r=stable&amp;domain=www.icontact.com&amp;hme=f29d86973612db0f0627890a64bdc8c47b471189050b33f2680b7d76997afc9a&amp;ex_m=107%2C208%2C158%2C22%2C73%2C74%2C149%2C69%2C68%2C11%2C167%2C93%2C16%2C141%2C130%2C39%2C76%2C81%2C137%2C163%2C169%2C8%2C4%2C5%2C7%2C6%2C3%2C94%2C104%2C170%2C175%2C222%2C30%2C75%2C234%2C233%2C232%2C23%2C33%2C55%2C106%2C61%2C10%2C64%2C100%2C101%2C102%2C108%2C133%2C31%2C29%2C135%2C136%2C132%2C131%2C159%2C77%2C162%2C160%2C161%2C50%2C60%2C126%2C15%2C166%2C45%2C279%2C280%2C278%2C26%2C27%2C28%2C48%2C150%2C78%2C115%2C18%2C20%2C44%2C40%2C42%2C41%2C86%2C95%2C99%2C113%2C148%2C151%2C46%2C114%2C24%2C21%2C122%2C70%2C36%2C153%2C152%2C154%2C145%2C143%2C25%2C35%2C59%2C112%2C165%2C71%2C17%2C156%2C117%2C84%2C67%2C19%2C88%2C89%2C119%2C87%2C139%2C138%2C142%2C164%2C34%2C293%2C309%2C215%2C204%2C62%2C205%2C203%2C312%2C303%2C52%2C216%2C110%2C134%2C83%2C124%2C54%2C47%2C49%2C116%2C123%2C129%2C128%2C58%2C65%2C63%2C155%2C79%2C80%2C118%2C37%2C32%2C53%2C56%2C103%2C168%2C1%2C127%2C14%2C125%2C12%2C2%2C57%2C96%2C66%2C121%2C92%2C91%2C171%2C172%2C97%2C98%2C9%2C105%2C51%2C146%2C90%2C82%2C72%2C120%2C109%2C43%2C147%2C0%2C85%2C140%2C144%2C157%2C38%2C111%2C13%2C173</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fast.wistia.net/assets/external/E-v1.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Protest+Riot&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Roboto:wght@400;500&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Rubik:wght@500;700&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/rubik/v31/iJWKBXyIfDnIV7nBrXw.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://help.icontact.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://i.clarity.ms/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.salesforce-scrt.com/embeddedservice/v1/businesshours?orgId=00D80000000KqLk&amp;esConfigName=iContactMarketingSite</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.salesforce-scrt.com/embeddedservice/v1/embedded-service-config?orgId=00D80000000KqLk&amp;esConfigName=iContactMarketingSite&amp;language=en_US</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/htdocs/sitecontext.min.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/htdocs/sitecontext.min.html?parent_domain=https%3A%2F%2Fwww.icontact.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/js/bootstrap.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/js/inert.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://icontact.my.site.com/ESWiContactMarketingSite1760989644429/assets/styles/bootstrap.min.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://js.hs-analytics.net/analytics/1783368900000/4638697.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://js.hs-banner.com/v2/4638697/banner.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://js.hs-scripts.com/4638697.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://privacyportal.onetrust.com/webform/f73513a8-7a10-4a9d-939a-703f8d994839/0261e617-e956-4778-beb5-d8bcb9295c41</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/attribution_trigger</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/attribution_trigger?pid=4250652&amp;time=1783369087966&amp;url=https%3A%2F%2Fwww.icontact.com%2F%3Fafid%3D144186&amp;tm=gtmv2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/collect?v=2&amp;fmt=js&amp;pid=4250652&amp;time=1783369087966&amp;url=https%3A%2F%2Fwww.icontact.com%2F%3Fafid%3D144186&amp;tm=gtmv2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://px.ads.linkedin.com/wa/?medium=fetch&amp;fmt=g</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.google-analytics.com/g/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.google-analytics.com/g/collect?v=2&amp;tid=G-M3V3MD1N4B&amp;gtm=45je6710v871200659z872130907za20gzb9184794040zd9184794040&amp;_p=1783369087116&amp;gcs=G100&amp;gcd=13q3pPq2q7l1&amp;npa=1&amp;dma_cps=-&amp;dma=1&amp;tcfd=10s5v&amp;gdid=dYzg1YT&amp;ecid=1166365662&amp;_eu=AAACAEAC&amp;are=1&amp;cid=952270908.1783369088&amp;ec_mode=a&amp;frm=0&amp;gtm_up=1&amp;ngs=1&amp;pscdl=denied&amp;rcb=16&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;_s=2&amp;tag_exp=115938466~115938468~119027224~119381663~119576881~119576885~119576891~119576895&amp;sid=1783369087&amp;sct=1&amp;seg=1&amp;dl=https%3A%2F%2Fwww.icontact.com%2F%3Fafid%3D144186&amp;dt=iContact%20%7C%20Easy%20Email%20Marketing%20Platform%20for%20Businesses&amp;_tu=AAg&amp;en=page_view&amp;_et=3&amp;tfd=1601</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.google-analytics.com/g/collect?v=2&amp;tid=G-M3V3MD1N4B&amp;gtm=45je6710v871200659z89184794040za20gzb9184794040zd9184794040&amp;_p=1783369087116&amp;gcs=G100&amp;gcd=13q3pPq2q7l1&amp;npa=1&amp;dma_cps=-&amp;dma=1&amp;tcfd=10s5v&amp;gdid=dYzg1YT&amp;ecid=1166365662&amp;_eu=AAAAAEAC&amp;are=1&amp;cid=952270908.1783369088&amp;ec_mode=a&amp;frm=0&amp;gtm_up=1&amp;ngs=1&amp;pscdl=denied&amp;rcb=16&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;_s=1&amp;tag_exp=115938466~115938468~119027224~119381663~119576881~119576885~119576891~119576895&amp;sid=1783369087&amp;sct=1&amp;seg=0&amp;dl=https%3A%2F%2Fwww.icontact.com%2F%3Fafid%3D144186&amp;dt=iContact%20%7C%20Easy%20Email%20Marketing%20Platform%20for%20Businesses&amp;_tu=AAg&amp;en=page_view&amp;_fv=1&amp;_ss=1&amp;tfd=1599</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://scripts.clarity.ms/0.8.66/clarity.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://snap.licdn.com/li.lms-analytics/insight.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://snap.licdn.com/li.lms-analytics/insight.old.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://twitter.com/iContact</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.clarity.ms/tag/fbp9bfj68k</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/iContact</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.google-analytics.com/analytics.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-M3V3MD1N4B&amp;cx=c&amp;gtm=4e6710</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=GTM-5H25P7&amp;gtg_health=1</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=GTM-MRXDKP5F&amp;gtm_auth=_UWsnyiBRfHpLpu1XVGvFg&amp;gtm_preview=env-1&amp;gtm_cookies_win=x</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/?afid=144186</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/about-us/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/awards/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/careers/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/cdn-cgi/challenge-platform/h/b/jsd/oneshot/80a697ecdece/0.9668328224700566:1783364723:Tvlz35ymvkOFPn0zYajkCObi1GNs-2bE8clvkVwl5Xs/a1714bfa22d8d369</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/80a697ecdece/main.js?</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/cdn-cgi/rum?</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/contact/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/data-processing-schedule/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/engi/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/engi/gs/ccm/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/engi/gs/ccm/collect?rcb=3&amp;frm=0&amp;ae=g&amp;en=page_view&amp;dl=https%3A%2F%2Fwww.icontact.com%2F&amp;scrsrc=www.icontact.com&amp;rnd=985565837.1783369088&amp;navt=n&amp;npa=1&amp;us_privacy=1---&amp;gdpr=1&amp;gdpr_consent=CQm7WAAQm7WAAAcABBENCmFgAAAAAEPgACiQAAAWwABMNDogjLIgUCBQEIIEACgrCACgQBAAAkBRAQAmDAhyBgAusIkAIAUAAQQAgABBgACAAASABCIAIACAQAgQCBQABgAQBAQAMDAAGAChEAgABAdAxSAggECwASIwoDBAhAASCAlsqEEgCBBXCFIscAggREwUAACIABQAAAB4WAhJKCViQQBcQXQAIAAAAUQIMCKQswBRUGQLQVgScBkaYAkeYJEkOgiAJghIyDIhNUEg8UxRAghyAAAA.YAAACHwAAAAA.ILaNR_G__bXlv-bb36btkeYxf9_hr7sQxBgbIsm4FzLvW7JwG32EbNEyatiIKmRIAu3TBIQNtHIjURUChKIgVrzDsaEyUoTtKJ-BkiHMRY2JQCFhum4pjWQCZYur_50d0mR-N7dr-2dzyy5hnv3a9fuS1UJicKYetHfn8ZBKS-_IU9_x-_4v4_MbpEm8eSVv9tGtt43c64vP6dpuxt-Tyffyfv_f72fe7X__c__33_-qXX_r76-___0A&amp;ep.ads_data_redaction=0&amp;gdid=dYzg1YT.dNzQzZD&amp;_tu=AAg&amp;gtm=45E92e6710h1v72130907za204zd72130907xea&amp;gcs=G100&amp;gcd=13q3p3q2q7l1&amp;dma_cps=-&amp;dma=1&amp;tcfd=10s5f&amp;tag_exp=0~115938466~115938469~119027224&amp;apve=1&amp;apvf=f&amp;gap.gtb=2&amp;apvc=1&amp;tft=1783369087898&amp;tfd=1185&amp;fmt=8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-automation-tools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-building-tools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-insights-and-analytics-tools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-list-management-and-growth-tools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/email-marketing-integrations/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/icontact-for-salesforce/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/features/social-platform-posting/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/industries/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/legal/anti-spam-policy/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/legal/anti-spam-policy/#casl</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/legal/privacy/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/partner-program-agreement/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/partner/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/pricing/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/report-spam/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/resources/blog/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/resources/glossary/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/signup/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/understanding-gdpr/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/bt-bb-ab/css/experiment-frontend.css?ver=2.5.4</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/bt-bb-ab/js/bt_conversion-min.js?ver=2.5.4</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/nelio-ab-testing/assets/dist/js/visitor-type.js?ver=287e8e4cd3bcff28c95d</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/searchwp-live-ajax-search/assets/javascript/dist/script.min.js?ver=1.8.7</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/searchwp-live-ajax-search/assets/styles/style.min.css?ver=1.8.7</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/seoai-client/assets/css/front.min.css?ver=2.22.8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/seoai-client/assets/js/front.min.js?ver=2.22.8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/wp-smushit/app/assets/images/placeholder.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=4.0.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/blue-arrow-right.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/checkmark-icon.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/footer-logo.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/heart-icon.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/iContact_icon_Collapse.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/iContact_icon_Expand.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/icontact-logo.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/orange-highlight-line.png?v=1.01</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/pricing-decoration.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-fb.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-ig.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-li.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-tw.svg?v=1.01</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/images/social-icon-yt.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-css/style.css?v=1.0.01783368398&amp;ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/functions.js?v=1.0.01783368398&amp;ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/jq.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/themes/iccwpt/library/source-js/slick.min.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/01/hero-image-e1717772347543.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/04/cropped-icontact-logo-32x32.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-content/uploads/2024/05/Ai-Content-assistant-02.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/css/dashicons.min.css?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.instagram.com/icontact/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.linkedin.com/company/icontact</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.youtube.com/user/icontact</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.ziffdavis.com/privacy-policy</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/api/tracking.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/api/tracking.php</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/api/tracking.php?sRef=&amp;sReq=https%3A%2F%2Fwww.icontact.com%2F%3Fafid%3D144186</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/static/dist/icontact-api.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://wwwapi.icontact.com/static/dist/icontact-api.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.icontact.com</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/&amp;scrsrc=www.icontact.com&amp;rnd=985565837.1783369088&amp;navt=n&amp;npa=1&amp;us_privacy=1---&amp;gdpr=1&amp;gdpr_consent=CQm7WAAQm7WAAAcABBENCmFgAAAAAEPgACiQAAAWwABMNDogjLIgUCBQEIIEACgrCACgQBAAAkBRAQAmDAhyBgAusIkAIAUAAQQAgABBgACAAASABCIAIACAQAgQCBQABgAQBAQAMDAAGAChEAgABAdAxSAggECwASIwoDBAhAASCAlsqEEgCBBXCFIscAggREwUAACIABQAAAB4WAhJKCViQQBcQXQAIAAAAUQIMCKQswBRUGQLQVgScBkaYAkeYJEkOgiAJghIyDIhNUEg8UxRAghyAAAA.YAAACHwAAAAA.ILaNR_G__bXlv-bb36btkeYxf9_hr7sQxBgbIsm4FzLvW7JwG32EbNEyatiIKmRIAu3TBIQNtHIjURUChKIgVrzDsaEyUoTtKJ-BkiHMRY2JQCFhum4pjWQCZYur_50d0mR-N7dr-2dzyy5hnv3a9fuS1UJicKYetHfn8ZBKS-_IU9_x-_4v4_MbpEm8eSVv9tGtt43c64vP6dpuxt-Tyffyfv_f72fe7X__c__33_-qXX_r76-___0A&amp;ep.ads_data_redaction=0&amp;gdid=dYzg1YT.dNzQzZD&amp;_tu=AAg&amp;gtm=45E92e6710h1v72130907za204zd72130907xea&amp;gcs=G100&amp;gcd=13q3p3q2q7l1&amp;dma_cps=-&amp;dma=1&amp;tcfd=10s5f&amp;tag_exp=0~115938466~115938469~119027224&amp;apve=1&amp;apvf=f&amp;gap.gtb=2&amp;apvc=1&amp;tft=1783369087898&amp;tfd=1185&amp;fmt=8</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/?afid=144186&amp;dt=iContact</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/?afid=144186&amp;r=&amp;lt=716&amp;evt=pageLoad&amp;sv=2&amp;asc=D&amp;cdb=AQEV&amp;rn=574294</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.icontact.com/?afid=144186&amp;tm=gtmv2</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>www.icontact.com</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://www.icontact.com/a.pl/144186</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>bat.bing.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>bat.bing.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>browser.sentry-cdn.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.cookielaw.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.ziffstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>connect.facebook.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fast.wistia.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>geolocation.onetrust.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>help.icontact.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>i.clarity.ms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>icontact.my.salesforce-scrt.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>icontact.my.site.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>js.hs-analytics.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>js.hs-banner.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>js.hs-scripts.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>privacyportal.onetrust.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>px.ads.linkedin.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>region1.google-analytics.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>scripts.clarity.ms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>snap.licdn.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>static.cloudflareinsights.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>twitter.com</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.clarity.ms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google-analytics.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.icontact.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.instagram.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.youtube.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.ziffdavis.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>wwwapi.icontact.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.ziffstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>en.wikipedia.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fast.wistia.net</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>help.icontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>icontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>icontact.my.salesforce-scrt.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>icontact.my.site.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>privacyportal.onetrust.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>schester.beer</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>tags.fullcontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>twitter.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.clarity.ms</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.icontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.instagram.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.youtube.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>wwwapi.icontact.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>x.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>172.64.146.215</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.250.154.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.152.214</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.16.140.209</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.16.160.168</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.16.80.73</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.32.137</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.35.42</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.41.41</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.86.42</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.250.154.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.13.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.20.102</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>146.75.122.132</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>150.171.28.10</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>151.101.66.217</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>163.70.128.23</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.64.147.16</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.67.202.14</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>20.250.198.32</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.32.36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>23.213.161.204</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>23.55.161.151</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>4.153.72.49</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>52.13.101.60</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>188.114.96.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>185.15.59.224</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>65.8.131.10</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>20.250.198.32</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.67.202.14</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.36.162.6</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.0.227</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>146.75.122.132</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.127.139</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.127.94</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.35.42</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>44.241.161.22</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.155.119</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>163.70.128.174</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>163.70.128.35</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>67bbb05983ea1631f5c10c425bf86c3d04dfabd92bf6c8d6182f6d10079d752e</SHA-256>
              <SHA-1>5c2cb47038f8b3d685c0afc65615c8b8f837eec5</SHA-1>
              <MD5>68f8588d64ac53861eb065df8fcbbd09</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>571c45ed021f1c21fcd14709b905d76fd42bcd821c4be63c8bdb61c45dcdca09</SHA-256>
              <SHA-1>f5b507c178beb380fcb709b91c0724930c5dc928</SHA-1>
              <MD5>3efb3e7e60b4c0ba291f0d83e0aa43d6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>28c8688e80a9435d571bc0c60669a01d046cbe2e815eafbd4bc873a0e6d1f68a</SHA-256>
              <SHA-1>dd9062aa84991cbcb33d35c8db0a502c5d6bc36b</SHA-1>
              <MD5>0d635f1f213691b3db2b60f3c02f4534</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>1ff8dd12ad04ea9472173c93d2b7ff01cb6c157101c66e54e6bf6bf53a70bd10</SHA-256>
              <SHA-1>35fbe6138f16c818a26b53587f07760f25210ec0</SHA-1>
              <MD5>161181d6b261066774a15b845adfe2bb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>5bc388fae471d21537b34c808da6a99ac29d8ee92dc809cc5c110b9704ffba2e</SHA-256>
              <SHA-1>8b027b370a52f8b0a20f3c039b99a5206af2eaca</SHA-1>
              <MD5>e489223ac47cab98c03c2c1649c69cdd</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e8f2ded5d74c0ee5f427a20b6715e65bc79ed5c4fc67fb00d89005515c8efe63</SHA-256>
              <SHA-1>ae56ea57c52d1153cec33cef91cf935d2d3af14d</SHA-1>
              <MD5>fbe36eb2eecf1b90451a3a72701e49d2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>220bcb1ca2a00dad8195df3f900f82cab60fa423364e9d9aff31559947bf15ce</SHA-256>
              <SHA-1>8d52cf5d7815d3679d1cd8f326471edfe9fd9f34</SHA-1>
              <MD5>4ddcdb6a2d207dd0277856f0549bcf60</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>ffe03f9daa97e6882f02d313a1c2f96e3ae2549310310c51b31fa2bc79f38627</SHA-256>
              <SHA-1>8f9d94d803f654a6eb844854d8c6f77b22e6090f</SHA-1>
              <MD5>2b615394ea78ba6b62458fe062645135</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>0261e617-e956-4778-beb5-d8bcb9295c41</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>f73513a8-7a10-4a9d-939a-703f8d994839</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxp://www.icontact.com/a.pl/144186</name>
        <report_id>39ba7b88-d980-4bba-be24-984f7b15f04d</report_id>
        <tags>
          <value>html</value>
          <value>obfuscated</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>0df1fb59ef05cde08dde12baac71b39292c26a0cdb23c41d35e5a9f0cfc305ad</id>
    <title>Analysis Report for 0df1fb59ef05cde08dde12baac71b39292c26a0cdb23c41d35e5a9f0cfc305ad</title>
    <updated>2026-07-06T20:17:22Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0d9474fb2f5922b6c54a</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c0d512c562ae7c822dda7</flow_id>
        <hash>0df1fb59ef05cde08dde12baac71b39292c26a0cdb23c41d35e5a9f0cfc305ad</hash>
        <iocs>
          <urls>
            <value>
              <url>https://dmjps.com/</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://dmjps.com/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://thinkcatalyst.co</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://www.youtube.com/user/DMJandCo</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.css?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://dmjps.com/comments/feed/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/events/?ical=1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/feed/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/et-cache/121705/et-divi-dynamic-tb-113506-121705-late.css?ver=1783354842</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/et-cache/121705/et-divi-dynamic-tb-113506-121705.css?ver=1783354842</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=8.2.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=8.2.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=8.2.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=8.2.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=3.1.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=3.1.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/css/normalize.css?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/css/style.css?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/js/custom.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/js/jquery.exitintent.min.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/js/modernizr.custom.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/js/snap.svg-min.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/assets/scripts/magnific_popup.min.js?ver=1.1.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/assets/scripts/swiper.min.js?ver=6.4.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/divi-5/server/Modules/BlogSlider/assets/script.min.js?ver=2.1.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/divi-5/server/Modules/ImageCardCarousel/assets/script.min.js?ver=2.1.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/divi-5/server/Modules/ScrollImage/assets/script.min.js?ver=2.1.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/events-calendar-pro/build/css/tribe-events-pro-mini-calendar-block.css?ver=7.7.16</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/css/dist/basic.min.css?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/css/dist/theme-components.min.css?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/css/dist/theme.min.css?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=301fdc9aa6144168f3b854c4c2c8f6d3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=3f278756f0a3032bed328ff6a9f6c01d</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=7c651d0ba638ce98b9c65141edddd567</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/legacy/css/browsers.min.css?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/legacy/css/formreset.min.css?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/legacy/css/formsmain.min.css?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/legacy/css/readyclass.min.css?ver=2.10.5</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.11.3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/people/css/all.css?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/people/js/main.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/surbma-divi-gravity-forms/css/surbma-divi-gravity-forms.css?ver=5.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/build/js/views/breakpoints.js?ver=4208de2df2852e0b91ec</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/build/js/views/manager.js?ver=76866c0f9c1f9f397a02</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/tribe-common.js?ver=9c44e11f3503a33e9540</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/underscore-after.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/underscore-before.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/user-agent.js?ver=da75d0bdea6dde3898df</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/utils/query-string.js?ver=694b0604b0c8eafed657</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi-Space-Child-5/js/custom-blog-slider.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi-Space-Child-5/style.css?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.27.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.27.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.27.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/salvattore.js?ver=4.27.4</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/js/scripts.min.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/dist/a11y.min.js?ver=af934e5259bc51b8718e</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/dist/dom-ready.min.js?ver=a06281ae5cf5500e9317</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/dist/hooks.min.js?ver=7496969728ca0f95732d</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/dist/i18n.min.js?ver=781d11515ad3d91786ec</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/ui/menu.min.js?ver=1.13.3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/ui/selectmenu.min.js?ver=1.13.3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/underscore.min.js?ver=1.13.8</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-json/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-json/oembed/1.0/embed</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fdmjps.com%2F</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fdmjps.com%2F&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-json/tribe/events/v1/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-json/wp/v2/pages/121705</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/xmlrpc.php</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://dmjps.com/xmlrpc.php?rsd</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Overpass:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://get.adobe.com/flashplayer/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://js.hs-scripts.com/45694410.js?integration=WordPress&amp;ver=11.3.51</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://keywordstatic.com/semantic.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://kit.fontawesome.com/f334125f21.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://payv3.xpress-pay.com/pt/6aa930f4478811f0adef005056b805a0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://schema.org/EventScheduled</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://schema.org/OfflineEventAttendanceMode</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://simplecheckout.authorize.net/payment/CatalogPayment.aspx</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://static.addtoany.com/menu/page.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://static.hotjar.com/c/hotjar-</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://thinkcatalyst.co</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://twitter.com/DMJPSConnect</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://use.fontawesome.com/f11f345e79.js?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/DMJPSConnect</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/ns.html?id=GTM-T2X3L4G</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.instagram.com/dmjpsconnect/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.instagram.com/dmjpsconnect/?utm_source=ig_embed&amp;utm_campaign=loading</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.linkedin.com/company/dmjpsconnect/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.ncabcboards.org/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.ncbar.org/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.ncpeds.org/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.siteuptime.com/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.youtube.com/user/DMJandCo</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>http://www.youtube.com/user/DMJandCo</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://dmjps.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/#</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/about-us/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/about-us/our-community/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/business-provisions-of-the-2025-act-the-big-beautiful-bill/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/careers/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/client-center/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/contact-us/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/cpamerica-advantage/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/dmj-blog/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/dmjps-e-newsletters/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/event/2026-estate-planning-fiduciary-law-program/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/event/2026-nc-peds-annual-meeting/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/event/dmjps-webinar-real-estate-strategy-for-healthcare-practices/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/event/nc-association-of-abc-boards-2026-annual-meeting/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/events/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/feed/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/firm-directory/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/frequently-asked-questions-answers/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/guidance-for-employers-on-2025-tip-and-overtime-income/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/agriculture-2/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/charter-schools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/form/payment-online-creditcard/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/hospitality-restaurants-2/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/hospitality-restaurants-2/breweries/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/manufacturing-distribution/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/nonprofit/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/outdoor/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/professional-2/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/real-estate-construction/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/real-estate-construction/commercial-residential/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/real-estate-construction/real-estate-development-investment/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/retail-wholesale/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/industries/transportation/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/irs-clarifies-2024-rd-expensing-rules-for-businesses/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/locations/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/media-announcements/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/north-carolina-economic-report-2025-fourth-quarter/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/north-carolina-economy-report-2025-third-quarter/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/north-carolina-irc-conformity-update-what-taxpayers-should-know-now/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/our-people/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/personal-provisions-of-the-2025-tax-act-the-big-beautiful-bill/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/prepare-now-irs-to-require-electronic-refunds-starting-september-30-2025/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/reports/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/request-for-proposal/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/resources/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/accounting-auditing/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/accounting-auditing/employee-benefit-plans-erisa/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/business-advisors/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/business-advisors/transaction-advisory-services/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/healthcare-practice-consultants/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/healthcare-practice-consultants/dental/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/healthcare-practice-consultants/medical/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/healthcare-practice-consultants/pediatric/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/business-valuation/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/cost-segregation/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/disaster-relief-resources/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/fractional-cfo/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/fraud-detection-prevention/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/international-tax/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/litigation-support/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/mergers-acquisitions/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/quickbooks-cfo/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/specialized/succession-planning-2/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/tax-consulting/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/services/tax-consulting/caas/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/succession-and-exit-planning-make-sure-you-can-still-say-no/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/tax-watch-north-carolina-irc-conformity-status-update/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/tax-watch-tariff-update-refund-opportunities-and-what-businesses-should-know/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/tax-watch/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/testimonials/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/webinars-presentations-form/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/what-it-means-to-be-greater-reflections-from-the-future-of-our-profession/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/et-cache/121705/et-divi-dynamic-tb-113506-121705-late.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/et-cache/121705/et-divi-dynamic-tb-113506-121705-late.css?ver=1783354842</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/et-cache/121705/et-divi-dynamic-tb-113506-121705.css?ver=1783354842</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=8.2.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/img/icon-muted-white.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/img/icon-unmuted-white.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=8.2.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=8.2.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=8.2.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/LayerSlider/assets/static/layerslider/skins/v6/skin.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=3.1.2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=3.1.2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/css/normalize.css?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/css/style.css?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/js/custom.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/js/jquery.exitintent.min.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/js/modernizr.custom.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-overlays/overlay-effects/js/snap.svg-min.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/assets/scripts/magnific_popup.min.js?ver=1.1.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/assets/scripts/swiper.min.js?ver=6.4.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/assets/styles/diplSwiper.min.css?ver=2.1.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/assets/styles/magnific_popup.min.css?ver=1.1.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/assets/styles/swiper.min.css?ver=6.4.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/divi-5/server/Modules/BlogSlider/assets/script.min.js?ver=2.1.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/divi-5/server/Modules/BlogSlider/assets/style.min.css?ver=2.1.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/divi-5/server/Modules/ImageCardCarousel/assets/script.min.js?ver=2.1.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/divi-5/server/Modules/ImageCardCarousel/assets/style.min.css?ver=2.1.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/divi-5/server/Modules/ScrollImage/assets/script.min.js?ver=2.1.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/divi-plus/divi-5/server/Modules/ScrollImage/assets/style.min.css?ver=2.1.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/events-calendar-pro/build/css/tribe-events-pro-mini-calendar-block.css?ver=7.7.16</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/events-calendar-pro/build/css/widget-events-list-full.css?ver=7.7.16</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/events-calendar-pro/build/css/widget-events-list-skeleton.css?ver=7.7.16</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/events-calendar-pro/build/css/widgets-events-common-full.css?ver=7.7.16</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/events-calendar-pro/build/css/widgets-events-common-skeleton.css?ver=7.7.16</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/css/dist/basic.min.css?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/css/dist/theme-components.min.css?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/css/dist/theme.min.css?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/js/dist/scripts-theme.min.js?ver=301fdc9aa6144168f3b854c4c2c8f6d3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/js/dist/utils.min.js?ver=3f278756f0a3032bed328ff6a9f6c01d</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/assets/js/dist/vendor-theme.min.js?ver=7c651d0ba638ce98b9c65141edddd567</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/legacy/css/browsers.min.css?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/legacy/css/formreset.min.css?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/legacy/css/formsmain.min.css?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/gravityforms/legacy/css/readyclass.min.css?ver=2.10.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.11.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/people/css/all.css?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/people/js/main.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/surbma-divi-gravity-forms/css/surbma-divi-gravity-forms.css?ver=5.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/build/css/widget-events-list-full.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/build/css/widget-events-list-full.css?ver=6.16.5.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/build/css/widget-events-list-skeleton.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/build/css/widget-events-list-skeleton.css?ver=6.16.5.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/build/js/views/breakpoints.js?ver=4208de2df2852e0b91ec</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/build/js/views/manager.js?ver=76866c0f9c1f9f397a02</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/css/common-full.css?ver=6.11.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/css/common-skeleton.css?ver=6.11.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/css/variables-full.css?ver=6.11.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/css/variables-skeleton.css?ver=6.11.5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/tribe-common.js?ver=9c44e11f3503a33e9540</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/underscore-after.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/underscore-before.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/user-agent.js?ver=da75d0bdea6dde3898df</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/plugins/the-events-calendar/common/build/js/utils/query-string.js?ver=694b0604b0c8eafed657</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi-Space-Child-5/js/custom-blog-slider.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi-Space-Child-5/style.css?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/core/admin/fonts/builder.ttf</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.27.4</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.27.4</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.27.4</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/salvattore.js?ver=4.27.4</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/themes/Divi/js/scripts.min.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2022/03/DMJPS-CPAs-and-Advisors-RGB72-dpi.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2022/05/agriculture-square-300.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2022/05/hospitality-300.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2022/05/manufacturing-300.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2022/05/medical-300.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2022/05/professional-services-300.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2023/07/Be-Greater-website-slider-1280-%C3%97-400-px-1.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2023/07/nonprofit-image.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2024/03/Best-of-Accounting-BNC-1280-x-300-px-4-1.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2024/06/NCECF_FFNC-Certification-Badges_Established2024-DIGITAL-e1740494714325.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2025/02/Advisory-Icon-1.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2025/02/Assurance-Icon-1.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2025/02/Tax-Icon-6.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2025/02/best-of-accounting_2025-rgb-e1740494695235.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2025/03/AdobeStock_656345063-scaled.jpeg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2025/03/DJMPS-Testimonial-Greensboro.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2025/06/BestEmployers2025.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-content/uploads/2025/08/IPA-Award-Logo-Top-200-Firms.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/dist/a11y.min.js?ver=af934e5259bc51b8718e</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/dist/dom-ready.min.js?ver=a06281ae5cf5500e9317</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/dist/hooks.min.js?ver=7496969728ca0f95732d</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/dist/i18n.min.js?ver=781d11515ad3d91786ec</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/ui/menu.min.js?ver=1.13.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/jquery/ui/selectmenu.min.js?ver=1.13.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://dmjps.com/wp-includes/js/underscore.min.js?ver=1.13.8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Overpass:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/overpass/v19/qFdB35WCmI96Ajtm81GgY9nqxw.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/overpass/v19/qFdH35WCmI96Ajtm81GlU9s.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/robotocondensed/v31/ieVo2ZhZI2eCN5jzbjEETS9weq8-_d6T_POl0fRJeyVVpfBM.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://i.clarity.ms/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://i.vimeocdn.com/video/2099348508-12d02693f8973305026751498d01a399bb238221ee012b1a138469c7deea9d34-d_295x166?region=us</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/css/pro-v4-font-face.min.css?token=f334125f21</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/css/pro-v4-shims.min.css?token=f334125f21</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/css/pro-v5-font-face.min.css?token=f334125f21</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/css/pro.min.css?token=f334125f21</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/webfonts/pro-fa-solid-900-0.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/webfonts/pro-fa-solid-900-1.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://kit.fontawesome.com/f334125f21.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://kit.fontawesome.com/f334125f21/124682696/kit-upload.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://payv3.xpress-pay.com/pt/6aa930f4478811f0adef005056b805a0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://player.vimeo.com/api/player.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect?v=2&amp;tid=G-GPVNWSY8Z1&amp;gtm=45je6710v883401748z8831854553za20gzb831854553zd831854553&amp;_p=1783369044966&amp;_gaz=1&amp;gcd=13l3l3l2l1l1&amp;npa=1&amp;dma_cps=a&amp;dma=1&amp;_eu=EAAAAGA&amp;are=1&amp;cid=357779887.1783369045&amp;frm=0&amp;ir=1&amp;pscdl=noapi&amp;rcb=9&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;gaf=2&amp;_s=1&amp;tag_exp=115938466~115938468~118395335~119027224~119576881~119576885~119576891~119576895&amp;sid=1783369045&amp;sct=1&amp;seg=0&amp;dl=https%3A%2F%2Fdmjps.com%2F&amp;dt=DMJPS%20%7C%20CPAs%20%2B%20Advisors&amp;en=page_view&amp;_fv=1&amp;_ss=1&amp;tfd=632</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://script.hotjar.com/modules.fa52fb4272e01466771f.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://scripts.clarity.ms/0.8.66/clarity.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://simplecheckout.authorize.net/payment/CatalogPayment.aspx</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://static.addtoany.com/menu/modules/core.bycdb5qo.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://static.addtoany.com/menu/page.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://static.addtoany.com/menu/sm.25.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://static.hotjar.com/c/hotjar-1913252.js?sv=6</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://static.hotjar.com/c/hotjar-5311083.js?sv=5</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://stats.g.doubleclick.net/g/collect?v=2&amp;tid=G-GPVNWSY8Z1&amp;cid=357779887.1783369045&amp;gtm=45je6710v883401748z8831854553za20gzb831854553zd831854553&amp;rcb=9&amp;aip=1&amp;dma=1&amp;dma_cps=a&amp;gcd=13l3l3l2l1l1&amp;npa=1&amp;frm=0&amp;tag_exp=115938466~115938468~118395335~119027224~119576881~119576885~119576891~119576895</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://stats.g.doubleclick.net/j/collect?t=dc&amp;aip=1&amp;_r=3&amp;v=1&amp;_v=j102&amp;tid=UA-17849986-34&amp;cid=357779887.1783369045&amp;jid=919211630&amp;gjid=128173074&amp;_gid=1664522573.1783369045&amp;npa=1&amp;_u=YGBAgAABAAAAAG~&amp;z=1991418579</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://thinkcatalyst.co</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://use.fontawesome.com/f11f345e79.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://use.fontawesome.com/f11f345e79.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://vc.hotjar.io/sessions/5311083?s=0.25&amp;r=0.14058171329460545</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://vimeo.com/api/oembed.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://vimeo.com/api/oembed.json?url=https%3A%2F%2Fvimeo.com%2Fvideo%2F1148951429</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.clarity.ms/tag/ddtn0pyd3g?ref=gtm2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.facebook.com/DMJPSConnect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.google-analytics.com/analytics.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google-analytics.com/j/collect</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google-analytics.com/j/collect?v=1&amp;_v=j102&amp;a=87732256&amp;t=pageview&amp;_s=1&amp;dl=https%3A%2F%2Fdmjps.com%2F&amp;ul=en-us&amp;dt=DMJPS%20%7C%20CPAs%20%2B%20Advisors&amp;sr=800x600&amp;vp=1905x1080&amp;_u=YGBAgAABAAAAAC~&amp;jid=919211630&amp;gjid=128173074&amp;cid=357779887.1783369045&amp;tid=UA-17849986-34&amp;_gid=1664522573.1783369045&amp;_slc=1&amp;gtm=45He6710n81T2X3L4Gv831854553za200zd831854553&amp;gcd=13l3l3l2l1l1&amp;dma_cps=a&amp;dma=1&amp;tag_exp=0~115938466~115938468~118826210~119027224&amp;npa=1&amp;z=1828851045</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.de/ads/ga-audiences?v=1&amp;t=sr&amp;slf_rd=1&amp;_r=4&amp;tid=G-GPVNWSY8Z1&amp;cid=357779887.1783369045&amp;gtm=45je6710v883401748z8831854553za20gzb831854553zd831854553&amp;rcb=9&amp;aip=1&amp;dma=1&amp;dma_cps=a&amp;gcd=13l3l3l2l1l1&amp;npa=1&amp;frm=0&amp;tag_exp=115938466~115938468~118395335~119027224~119576881~119576885~119576891~119576895&amp;z=904435376</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-GPVNWSY8Z1&amp;cx=c&amp;gtm=4e6710</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=GTM-T2X3L4G</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.instagram.com/dmjpsconnect/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.instagram.com/dmjpsconnect/embed/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.instagram.com/dmjpsconnect/embed/?cr=1&amp;v=14&amp;wp=326&amp;rd=https%3A%2F%2Fdmjps.com&amp;rp=%2F</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.instagram.com/embed.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.linkedin.com/company/dmjpsconnect/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.youtube.com/user/DMJandCo</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>mailto:connect@dmjps.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>6.16.5.1</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://dmjps.com</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://dmjps.com/&amp;dt=DMJPS</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://dmjps.com/&amp;ul=en-us&amp;dt=DMJPS</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://vimeo.com/video/1148951429</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>ajax.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>dmjps.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>get.adobe.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>js.hs-scripts.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>keywordstatic.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>kit.fontawesome.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>payv3.xpress-pay.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>simplecheckout.authorize.net</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>static.addtoany.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>static.hotjar.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>thinkcatalyst.co</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>twitter.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>use.fontawesome.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.instagram.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.ncabcboards.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.ncbar.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.ncpeds.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.siteuptime.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.youtube.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>dmjps.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>i.clarity.ms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>i.vimeocdn.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>ka-p.fontawesome.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>kit.fontawesome.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>payv3.xpress-pay.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>player.vimeo.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>region1.analytics.google.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>script.hotjar.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>scripts.clarity.ms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>simplecheckout.authorize.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>static.addtoany.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>static.hotjar.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>stats.g.doubleclick.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>thinkcatalyst.co</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>use.fontawesome.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>vc.hotjar.io</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>vimeo.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.clarity.ms</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.facebook.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google-analytics.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.instagram.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.linkedin.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.youtube.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>141.193.213.21</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.127.94</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.171.172</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.66.0.227</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>184.86.103.201</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.250.154.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.21.27.152</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>163.70.128.174</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.40.68</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.20.20.192</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>141.193.213.21</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.250.154.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.157</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.13.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.14.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>146.75.120.217</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>162.159.138.60</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>163.70.128.174</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.66.171.172</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.67.142.245</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>18.66.102.51</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>18.66.112.15</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>192.178.183.101</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>20.250.198.32</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.34.36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>4.153.72.49</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>65.9.175.27</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.18.40.68</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>192.178.183.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.16.138.209</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.20.29.1</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>18.66.102.51</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.12.54</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>163.70.128.35</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>146.103.98.57</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.127.139</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>5c12b58a3382629ba06220049e332de53d30ef9025cfddd007e4151056b4b835</SHA-256>
              <SHA-1>f71e9a8bb0ec64cd4ac5f7a88cd2bca1881f497c</SHA-1>
              <MD5>3f5915efaa0aa814f7130cc1f7ac368c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>220bcb1ca2a00dad8195df3f900f82cab60fa423364e9d9aff31559947bf15ce</SHA-256>
              <SHA-1>8d52cf5d7815d3679d1cd8f326471edfe9fd9f34</SHA-1>
              <MD5>4ddcdb6a2d207dd0277856f0549bcf60</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393</SHA-256>
              <SHA-1>0004d4f82b546013424b2e0de084395071eef98b</SHA-1>
              <MD5>4b074b0b59693fa9f94fb71b175fb187</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>afa3bc27fcf656945c5cfb8c623ae114c155360293995941c08746c44c5892a6</SHA-256>
              <SHA-1>ed073c93f18d3075041ec48ed3e862882c5ef5e6</SHA-1>
              <MD5>10d4c620dbdff36dfb8cfe8ce59a4565</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e8f2ded5d74c0ee5f427a20b6715e65bc79ed5c4fc67fb00d89005515c8efe63</SHA-256>
              <SHA-1>ae56ea57c52d1153cec33cef91cf935d2d3af14d</SHA-1>
              <MD5>fbe36eb2eecf1b90451a3a72701e49d2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>c603e010fde495b46a92b2048ff695fbbab1153dc0fc70be146661f14c898241</SHA-256>
              <SHA-1>ee0d4ad1899f7a378f472c6c18dc3ad6a0c38cdb</SHA-1>
              <MD5>cff5276779ab9a04f0e076c67b5373b3</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>7281ec32abb2038b83146f255ab01a7603c35c0a9afa0fdcabad04bfa2333675</SHA-256>
              <SHA-1>97da7cca92454158dc42293ba6239690b7080e8a</SHA-1>
              <MD5>6c46f6c51e35382073249b62f720f7b0</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>fd1ae555-e3b1-4c0e-8d97-6e52c7b9932f</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>hxxps://dmjps.com/</name>
        <report_id>49b5557d-903c-40fa-b33d-1afaf4466138</report_id>
        <tags>
          <value>html</value>
          <value>xml</value>
          <value>anti-vm</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>29e90df3f89e343059d0925b933b09237457401a1a1278fb1275fa3c5c80ef29</id>
    <title>Analysis Report for 29e90df3f89e343059d0925b933b09237457401a1a1278fb1275fa3c5c80ef29</title>
    <updated>2026-07-06T20:15:51Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0d05ff2e0900e305abc7</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c0cf55a5245447d9c2bc2</flow_id>
        <hash>29e90df3f89e343059d0925b933b09237457401a1a1278fb1275fa3c5c80ef29</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>55598b59e7f3d9b4477d5196bf3e5454ddfca3e083296121c9be67c5a2ac01a5</SHA-256>
              <SHA-1>78bd6cb53c17903035aa8457d7b05fa811f3ee46</SHA-1>
              <MD5>4ed041848aef6925def7e2e78568b72f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>_29e90df3f89e343059d0925b933b09237457401a1a1278fb1275fa3c5c80ef29.dll</name>
        <report_id>d0981e09-9fe8-48e8-bfd0-10657587a922</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>microsoft_visual_cc</value>
          <value>packed</value>
          <value>overlay</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>29e90df3f89e343059d0925b933b09237457401a1a1278fb1275fa3c5c80ef29</id>
    <title>Analysis Report for 29e90df3f89e343059d0925b933b09237457401a1a1278fb1275fa3c5c80ef29</title>
    <updated>2026-07-06T20:15:42Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0cf774fb2f5922b6c52d</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0cec2c562ae7c822dcae</flow_id>
        <hash>29e90df3f89e343059d0925b933b09237457401a1a1278fb1275fa3c5c80ef29</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>55598b59e7f3d9b4477d5196bf3e5454ddfca3e083296121c9be67c5a2ac01a5</SHA-256>
              <SHA-1>78bd6cb53c17903035aa8457d7b05fa811f3ee46</SHA-1>
              <MD5>4ed041848aef6925def7e2e78568b72f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>29e90df3f89e343059d0925b933b09237457401a1a1278fb1275fa3c5c80ef29.exe</name>
        <report_id>fb1ea361-f24d-4f28-af7b-f2e01999bc26</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>microsoft_visual_cc</value>
          <value>packed</value>
          <value>overlay</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>63764b9d03d3564633cc301adf67b342f4e79d949f571ba2d513e6eb16aaa445</id>
    <title>Analysis Report for 63764b9d03d3564633cc301adf67b342f4e79d949f571ba2d513e6eb16aaa445</title>
    <updated>2026-07-06T20:15:15Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0ce1ff2e0900e305abc0</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c0cd3def7044af0b84931</flow_id>
        <hash>63764b9d03d3564633cc301adf67b342f4e79d949f571ba2d513e6eb16aaa445</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>4fc784db7849eb961ba097b8c06e1f9c848c135ae058556d06dd772590361630</SHA-256>
              <SHA-1>55d4e72a4c2ce87cd3dad77a4d5ed31a37b3f98d</SHA-1>
              <MD5>c1399bb796be6e3f0b8cca2fe1018b71</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>61c97f3ebb21bded2ed50fd0490fbb50eefbeb92e78b1eb15695675d03f3165e</SHA-256>
              <SHA-1>272afbc01ea9cbadcf3c0d9cc24de712e8136340</SHA-1>
              <MD5>72f267e776e912f3357a9e86eb467fff</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>Chrome.exe</name>
        <report_id>bf95aac6-afa8-487f-9757-02ae51954c22</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>cmd</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b240bfd6f256aa02c8ab9c4aaac8a0055f2b0b2fcc14750f81a449cf542f695b</id>
    <title>Analysis Report for b240bfd6f256aa02c8ab9c4aaac8a0055f2b0b2fcc14750f81a449cf542f695b</title>
    <updated>2026-07-06T20:14:21Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0cb174fb2f5922b6c51f</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0c9c2c562ae7c822db85</flow_id>
        <hash>b240bfd6f256aa02c8ab9c4aaac8a0055f2b0b2fcc14750f81a449cf542f695b</hash>
        <iocs>
          <urls>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://en.wikipedia.org/wiki/MIT_License),</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/Typography</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pkiops/docs/primarycps.htm0@</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>crl.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>en.wikipedia.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>95.101.9.215</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>7.7.7.7</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>185.15.59.224</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8</SHA-256>
              <SHA-1>fc12d7ad112ddabfcd8f82f290d84e637a4d62f8</SHA-1>
              <MD5>b8e76ddb52d0eb41e972599ff3ca431b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>673f69d96f0fe5645a9a97bcebb2b631f54d8a0509ac836c87f65c1ee7b50846</SHA-256>
              <SHA-1>d4c0a46a4f14abb2eaa634c9c399935e2c9785d0</SHA-1>
              <MD5>6544f9e433c49c2ab29bc8b74c276c9b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>c804b5ea-49b4-4238-8362-d851fa2254fc</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>CLAUDEAI.exe</name>
        <report_id>ac83d911-15f1-4ac2-a11b-da02f79f0e2d</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>keylogger</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>similar-threat</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>bdce9ff7ecaa0171c8d31264b3d81ee3bdfef025bb2617c852172f14a529a196</id>
    <title>Analysis Report for bdce9ff7ecaa0171c8d31264b3d81ee3bdfef025bb2617c852172f14a529a196</title>
    <updated>2026-07-06T20:12:01Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0c25ff2e0900e305ab9e</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c0c105a5245447d9c2b35</flow_id>
        <hash>bdce9ff7ecaa0171c8d31264b3d81ee3bdfef025bb2617c852172f14a529a196</hash>
        <iocs>
          <urls>
            <value>
              <url>https://qq88.computer:443</url>
              <origin>MALWARE_CONFIG</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>qq88.computer</url>
              <origin>MALWARE_CONFIG</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>188.114.97.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>36f1e71a1f89d3ad430149df8c1da3b8fafc2a8efd6be87075c0f619619f077c</SHA-256>
              <SHA-1>88fff34a80a18320ae05d7f8c0d7046a0d62851c</SHA-1>
              <MD5>d33a43b6fde60ad3faabf3e4a03304ea</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>4ff1c75a93b2280dabe75acecade82d644388c9f4412565d846aeb396bfdc133</SHA-256>
              <SHA-1>6a55e1445c1c915664fba385828c5a0078fe460d</SHA-1>
              <MD5>f3d7095de1636559aa56ad81b25bbff9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <SHA-256>a0922766cb5b8a7337b00a2c308882a84f6ab99ce5955d063317d497fb0a440b</SHA-256>
              <SHA-1>540c2fe4c8b1b4b3bb88eed7fa6723619555b057</SHA-1>
              <MD5>98d8e023285ce635a8e84be51b3c265b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>e0954342ae4fe56a0a7e276a06eb88c76593365164c01bd19f6efc9d5b41debe</SHA-256>
              <SHA-1>29df2a99a4971870b20361f640013fc10a1874cd</SHA-1>
              <MD5>eab05e70d64d2a69965a7703c6ab8bf9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>32b0a0c026452bbee5d54cf821e66358351e5c172676b91f1ad111f9c695a0fb</SHA-256>
              <SHA-1>4211786b5d016ebc9dca3ebfe74333696b68a882</SHA-1>
              <MD5>74e5a07340bd034cc43996868c272876</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>Software\</registry>
              <origin>DOTNET_DECOMPILATION</origin>
            </value>
          </registry>
        </iocs>
        <name>AsyncClient.exe</name>
        <report_id>cf823550-d3c4-41d6-91ba-d83b6d60fa3b</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>dotnet_pe</value>
          <value>asyncrat</value>
          <value>config-extracted</value>
          <value>rat</value>
          <value>samsam</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>adaptive-context</value>
          <value>base64</value>
          <value>packed</value>
          <value>reconnaissance</value>
          <value>lolbin</value>
          <value>schtasks</value>
          <value>obfuscated</value>
          <value>vbnet</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e01a98cdefa0d8df28337047c070d1ece50ba878e9f091e6f2d8286dfe2120df</id>
    <title>Analysis Report for e01a98cdefa0d8df28337047c070d1ece50ba878e9f091e6f2d8286dfe2120df</title>
    <updated>2026-07-06T20:11:11Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0c2ee094c2d958061206</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0bd92c562ae7c822da3c</flow_id>
        <hash>e01a98cdefa0d8df28337047c070d1ece50ba878e9f091e6f2d8286dfe2120df</hash>
        <iocs>
          <urls>
            <value>
              <url>https://bun.com/docs/project/licensing</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>bun.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>172.67.72.154</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.67.72.154</ip>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>8823f6dff7c75b2e18917bc1ba4e69b1</MD5>
              <SHA-1>c4a665ace1790a4b9daa838f758ee3bced488ff9</SHA-1>
              <SHA-256>06c283c3b415b52204605f6deef9399b0b9d2524c896c907f2acc37267836145</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe64</file_type>
            </value>
            <value>
              <MD5>b3c47bec4c05a1faa1ba8f3ff158d545</MD5>
              <SHA-1>78dd654b562d417d48c158f13ffe86bdc081b580</SHA-1>
              <SHA-256>1063ad7046f157523cf8df2f3dec18c1237c7d92ac0ac2363569f1826d1b6c18</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>855c8ed01f2a49206b3d49ad8a7340da</MD5>
              <SHA-1>9cfb6a093f57aceccc9548432d2396e234359284</SHA-1>
              <SHA-256>28aff0cc8760fe2123d1c98baebb4694c32cb54d6535835ba1c2168a0b72f174</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>99b038d813828a76a5539ba99cfd0b6e</MD5>
              <SHA-1>1a1929cfda144bd350b455173724b8b0571ce78a</SHA-1>
              <SHA-256>567756169fc0a523a1baad76083102d0fa3f5ea4488db9c4ef20dc6a003e0bda</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>f879d2fe0884351750983a136d6a09cf</MD5>
              <SHA-1>4ed194419deda280bb0ae64f9fe0508d81d28393</SHA-1>
              <SHA-256>72097c9cc802a1340f356d73513419703c0ec0a0b859fd8c67cf785d3a94e5b5</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>4ff3ba50db9bb15c647a0ed0b7ab6e13</MD5>
              <SHA-1>1b6a9815fd1850c31318ed9a71ebcfef81d79e9e</SHA-1>
              <SHA-256>7932e1faf5c837ae56e1c461a0da151a87ca3eaa126cd21b60014a8711d4767c</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>cbc15da914e01f63cd818717bf3b1b06</MD5>
              <SHA-1>1c15995d29cc93af8d3fb3e62e5159e79a31bf62</SHA-1>
              <SHA-256>96457c1bfbd1eebdea5105835acd1b639e2b2b1018befe8545a81b27a795f98e</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>4a9518f3475a0a6b1589e141bca6e0ed</MD5>
              <SHA-1>5395019fe15b9d5eb53754875a2574e549462bd1</SHA-1>
              <SHA-256>b43ff117fe349b464b5cc1f46ddb567158eeddef4d33b6843ad36c39da95f12f</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>6c493adbaf26f027e1d72e3cbb09f61f</MD5>
              <SHA-1>ba60811370c6529e7daf5fe1a28280bc1e8900e5</SHA-1>
              <SHA-256>c4c7969f75b3e1f78fae7e5b7d8f276b9fb5ad50a6ce9b80014818357224b876</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>eb695ee577437c8a937aa7f2b52f29e7</MD5>
              <SHA-1>c9840ceff5a1d97736dbee5289985eb085460a30</SHA-1>
              <SHA-256>c7332aeff27e4d983baa7dfc2d8ee82aa68c33b824220184b5d58a1142902ed0</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <eth_wallets>
            <value>
              <eth_wallet>0x39fc998:$eth: 0d9b296af33f2b851fcbf4df3e9ec89751734ba4</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x3b38af2:$eth: 1387778780781445675529539585113525390625</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x3b38b1b:$eth: 6938893903907228377647697925567626953125</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x3fe5990:$eth: 0000111122223333444455556666777788889999</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x402c607:$eth: c61a3a44d1a5bee35914cada6c788a05e0808f5b</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x415f6d7:$eth: c61a3a44d1a5bee35914cada6c788a05e0808f5b</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x415feef:$eth: c61a3a44d1a5bee35914cada6c788a05e0808f5b</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x4517990:$eth: 0\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x00</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x4519608:$eth: 0\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x00</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <eth_wallet>0x451e94c:$eth: 0\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x00</eth_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </eth_wallets>
        </iocs>
        <name>MasterHealerKale_Trainer.exe</name>
        <report_id>8fbee9e5-9bdb-4a3a-b58a-1fee0f78cb67</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>packed</value>
          <value>overlay</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>reconnaissance</value>
          <value>rust</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e6621429206f6173c4b5816ae39b46799f08160612045f328493938d668ca0c6</id>
    <title>Analysis Report for e6621429206f6173c4b5816ae39b46799f08160612045f328493938d668ca0c6</title>
    <updated>2026-07-06T20:10:41Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0bdd74fb2f5922b6c4f8</_id>
        <file_type>application/epub+zip</file_type>
        <flow_id>6a4c0bc0327f9453dea7d2b5</flow_id>
        <hash>e6621429206f6173c4b5816ae39b46799f08160612045f328493938d668ca0c6</hash>
        <iocs/>
        <name>Introduction To Solid State Physics by Charles Kittel, 9th Ed.epub</name>
        <report_id>2c8122ab-5a9c-45da-b7b0-5b78d21409f2</report_id>
        <tags>
          <value>epub</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>bc5cdd9c45a3b9fcac7a31d6ebd5c9ddd17fe3c0831f82583cb079ebbfebd062</id>
    <title>Analysis Report for bc5cdd9c45a3b9fcac7a31d6ebd5c9ddd17fe3c0831f82583cb079ebbfebd062</title>
    <updated>2026-07-06T20:07:22Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0b2874fb2f5922b6c4d7</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0af7def7044af0b8479b</flow_id>
        <hash>bc5cdd9c45a3b9fcac7a31d6ebd5c9ddd17fe3c0831f82583cb079ebbfebd062</hash>
        <iocs>
          <urls>
            <value>
              <url>https://aka.ms/dotnet/app-launch-failed</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://aka.ms/dotnet/download</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://aka.ms/dotnet/info</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://aka.ms/dotnet/sdk-not-found</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>aka.ms</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>2.23.246.9</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>04725e51490f660f0be0db9dfc598d45a998740aa0030e27b7c2577e191fc004</SHA-256>
              <SHA-1>e05dd2b467e82bd16916339c0c17906e5b757ec9</SHA-1>
              <MD5>ebbc50c07ff503607cd67960762cf4cf</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>0a24185b73aaba945692f9b9433d295bb726350b28a824bf2fbbeb0bf92be3c4</SHA-256>
              <SHA-1>a4607cdce89c790c625ddbf1fd79b1ad572d11ec</SHA-1>
              <MD5>5daf80e538bdf3ff2f6e2487b9582e6b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>0d2b7bd17070d0edda24b0efbd67c39f634c617de8aeb1ff60f7324cd7d722b1</SHA-256>
              <SHA-1>a53df0ad7329b2557bddbb1622d3d329ef4b0d0a</SHA-1>
              <MD5>1a7e1951d92cab726584244ac9504e71</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <SHA-256>2f1b3666c16022c6a521731f5e3d6f3a7413e31707cd0fd27138be43cf06cb92</SHA-256>
              <SHA-1>c3df92fc0d952459741f7a0cc0bfb4914e49eaf4</SHA-1>
              <MD5>3c2e166d4093b3c9896e744fd29efcf4</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>87d9be4391a18151f7bffe661e835039e78eb55619bb1faaa87dde7e9d29010c</SHA-256>
              <SHA-1>4ae30e3229eaeb5bb47830e6a5504af7df728645</SHA-1>
              <MD5>ef6a8ebbeecf47a0393d7ecf2481fa54</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>a173ed1df0ce73177e5776b8417df51255a99f6de1fb88345dedbb660a34261f</SHA-256>
              <SHA-1>19eb697669e814425bf1405fb6f0324fce9c11f4</SHA-1>
              <MD5>9e2145c12d8c64846a0194ec89d3fe93</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>b2198c13d08c75d8dea85f223e7064d4fcd60fee98699fa029bb5ef3d98c10dd</SHA-256>
              <SHA-1>c339909da5d19a2c6bdc3d00524e4d4d89527b07</SHA-1>
              <MD5>43c92e2394ca7a2df177dc91ee0893b2</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>ba3e1075446a6ab933a475396c05a86eadf08657316b78f54a8d615459819657</SHA-256>
              <SHA-1>c6551fc276fdb9fcd195dd29e432e1453adb53d6</SHA-1>
              <MD5>d9730439a7d699da3ead99a9417d3033</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>f75b0f644152431c3b228f421225b038da7b6486900d99f9e6f7a2e46a33ce4f</SHA-256>
              <SHA-1>94c85fb6902b2bd11e0be9990cd52607c521ab47</SHA-1>
              <MD5>24c5c3854395e9fb818ebcee7e42d24b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>8cb94db42659ebe2b4c09a60a09042988a80f1792aaba44f4a68f05947db0c02</SHA-256>
              <SHA-1>ab7a67a464c238e4cd34673552ca148100b42bb6</SHA-1>
              <MD5>1b2485780e71cb8afc81610c9f7a7e31</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>59cd8c35a9a1c97eaebab01475027e54d34fbc0e46ade6c3bea5e7bb489b9cc2</SHA-256>
              <SHA-1>dcc897dae965bc093ee861fc54243c67f1100cc3</SHA-1>
              <MD5>7ce25a650531216e1fbc5c82efafa7fe</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>717d1540da2fc94547a13a16fae3b6a0a9ada1ee48a17ea12316e06d2003cf95</SHA-256>
              <SHA-1>3095105a05381512bc20e430aba1b9f89c347e31</SHA-1>
              <MD5>bae356b198c2d7650d78e3d2aa99b2b4</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>87acde6ff38a88464ee6e07dd7ebfdde88081d3255fee870cadeec7c0f709f54</SHA-256>
              <SHA-1>5473ebfc5913daaf8616caf0f7dd6624dd2d0c96</SHA-1>
              <MD5>c6c948d6524ea35b49567c23c9b940e6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>12daee9aafc24ad5b19af19b8fb1b3c3</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <btc_wallet>3f45e5226241dc2687725bbbf6dc932b</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>Flarial.Launcher.exe</name>
        <report_id>3870537a-d567-4fb4-a724-0e08a34e5f30</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>packed</value>
          <value>anti-debug</value>
          <value>overlay</value>
          <value>dotnet</value>
          <value>fingerprint</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>33766d95bc883f3eb178cac4e6da5ba52c7f99756b384fc6a2a3082bba199f33</id>
    <title>Analysis Report for 33766d95bc883f3eb178cac4e6da5ba52c7f99756b384fc6a2a3082bba199f33</title>
    <updated>2026-07-06T20:06:06Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0ac174fb2f5922b6c4c3</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c0aaddef7044af0b8475c</flow_id>
        <hash>33766d95bc883f3eb178cac4e6da5ba52c7f99756b384fc6a2a3082bba199f33</hash>
        <iocs>
          <urls>
            <value>
              <url>http://bugreports.qt-project.org/</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>bugreports.qt-project.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>52.18.144.254</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e</SHA-256>
              <SHA-1>bac45b86a9c48fc3756a46809c101570d349737d</SHA-1>
              <MD5>24d3b502e1846356b0263f945ddd5529</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <SHA-256>ad1dc58614933d711f80852358dbbd35a8a14aae6599e3d6362ad7deae858d50</SHA-256>
              <SHA-1>f144ba58db6a687afd3327834b4068a64967332b</SHA-1>
              <MD5>be3c442033e2fb1ca86dc2608b210f1e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>a0db7e2adac00470231e58452965b6f053937822bdd326be10cde59749a6c2f2</SHA-256>
              <SHA-1>e407e3ac268d2de64541de368a0ea02915246bf8</SHA-1>
              <MD5>927743efbbdc8fc7f78db46890cd7804</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>x94d90:$btc: 1proxyAuthenticationRequire</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x94e10:$btc: 1httpAuthenticationRequire</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>xbd93d:$btc: 1QNetworkConfigurationManage</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>QtNetwork4.dll</name>
        <report_id>246b3fe7-19df-4601-8573-441febe3b0db</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>pedll</value>
          <value>crypto</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>anti-debug</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b677e8e5c88896d52378aa8f16a200226deacc07013e0f25c82de33c544787ab</id>
    <title>Analysis Report for b677e8e5c88896d52378aa8f16a200226deacc07013e0f25c82de33c544787ab</title>
    <updated>2026-07-06T20:04:59Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0a8874fb2f5922b6c4b7</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c0a689a95790273309368</flow_id>
        <hash>b677e8e5c88896d52378aa8f16a200226deacc07013e0f25c82de33c544787ab</hash>
        <iocs>
          <urls>
            <value>
              <url>https://partner.steamgames.com/doc/store/localization/languages</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://steamcommunity.com/sharedfiles/filedetails/?id=</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.iban.com/country-codes</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>iban.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>partner.steamgames.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>steamcommunity.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.102.49.106</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>34.89.152.107</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>2320fb41e4a674f48160a303706867f45c2ae098fcb21310eb7a481f39b571bd</SHA-256>
              <SHA-1>282b0531d857b5b657324a400bcd03f19e0d9913</SHA-1>
              <MD5>d3fd541dd6204c2a57a2b7eeb9c1f985</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df</SHA-256>
              <SHA-1>4260284ce14278c397aaf6f389c1609b0ab0ce51</SHA-1>
              <MD5>1e4a89b11eae0fcf8bb5fdd5ec3b6f61</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>ac2c461e12335b35372c4b529980d009cadbfb8c354b388062b9fa28a199fceb</SHA-256>
              <SHA-1>1573d175b4ba8b8168d5bc894fa3b422912218c8</SHA-1>
              <MD5>828ebed736a24c40bc229566fe17b3b5</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/plain</file_type>
            </value>
            <value>
              <SHA-256>f8ad03206e2ddb6ec8a5ef6f52554658ac902fa9cc633ed43c2c0a50214474d3</SHA-256>
              <SHA-1>21ed00bbd20683f64b8c9a8cbfd9c103b9fbc477</SHA-1>
              <MD5>da795caca3c633919b2405e4c26015d8</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>91e70e726cbdb00bf086f83a9d5b1a9b81f6b01c31ac1482e0cabd6aa500f9e9</SHA-256>
              <SHA-1>cf5bafaeee5eb5afbad1f3af592d53df0cc26386</SHA-1>
              <MD5>95cb55350c0f5f6831077c326a086e86</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>5e82ae3e79372d0d7181261a257b16d9335950ba3f10bb019e0b882b9452cd02</SHA-256>
              <SHA-1>e6c300c39de1e8b6e1a3468f8b8219bcc197e3db</SHA-1>
              <MD5>f4cc003d4d0d1f6d3cd01f3f708d6e96</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>b39764501f7a131ea7dc2813944a94be977d6dfa61a98a8761b7325fb659bf68</SHA-256>
              <SHA-1>50aa9dd24b826623a159f1d3af1e9a627f4aeb69</SHA-1>
              <MD5>cd52481f3719158520f6495c32afabd8</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>steam_api64.dll</name>
        <report_id>1d47b3f3-174f-43d4-ad2a-f3c70c32137e</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>xml</value>
          <value>pedll</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>base64</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>87b09c2827656a703ab28f00b94211eadb4bd722d6119fec0b516087f5f8b79e</id>
    <title>Analysis Report for 87b09c2827656a703ab28f00b94211eadb4bd722d6119fec0b516087f5f8b79e</title>
    <updated>2026-07-06T20:04:05Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0a5874fb2f5922b6c4aa</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c0a33327f9453dea7d225</flow_id>
        <hash>87b09c2827656a703ab28f00b94211eadb4bd722d6119fec0b516087f5f8b79e</hash>
        <iocs>
          <urls>
            <value>
              <url>https://api.judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://api.judge.me/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://app.judge.me/reviews</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn.judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cdn.judge.me/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn.shopify.com/extensions/019f3845-fbe5-7808-8b1f-db51bec1ef86/judgeme-608/assets/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn.shopify.com/extensions/019f3845-fbe5-7808-8b1f-db51bec1ef86/judgeme-608/assets/loader.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn.shopify.com/extensions/019f3845-fbe5-7808-8b1f-db51bec1ef86/judgeme-608/assets/shopify_v2.css</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cdn.shopify.com/shopifycloud/shop-js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn.shopify.com/shopifycloud/storefront-forms-hcaptcha/ce_storefront_forms_captcha_hcaptcha.v1.5.2.iife.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn.shopify.com/storefront/standard-actions.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn.shopify.com/storefront/standard-events.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn1.judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cdn2.judge.me/cdn/widget_frontend/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdnwidget.judge.me/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://drivertech.net</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://drivertech.net/cdn</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/perf-kit/shopify-perf-kit-3.6.1.min.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/portable-wallets/latest/accelerated-checkout-backwards-compat.css</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/privacy-banner/storefront-banner.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://drivertech.net/password</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://extensions.shopifycdn.com/cdn/shopifycloud/web-pixels-manager</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://judge.me/content-policy</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://judge.me/login</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://judge.me/privacy</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://judge.me/terms</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://monorail-edge.shopifysvc.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://monorail-edge.shopifysvc.com/unstable/produce_batch</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://monorail-edge.shopifysvc.com/v1/produce</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://drivertech.net</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://cdn.shopify.com/extensions/019f3845-fbe5-7808-8b1f-db51bec1ef86/judgeme-608/assets/loader.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.shopify.com/shopifycloud/storefront/assets/storefront/origin_trials-5059b83f.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.shopify.com/storefront/standard-actions.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.shopify.com/storefront/standard-events.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/.well-known/shopify/monorail/unstable/produce_batch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/api/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/fonts/bricolage_grotesque/bricolagegrotesque_n4.3c051773a9f927cd8737c10568a7e4175690f7d9.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/fonts/bricolage_grotesque/bricolagegrotesque_n7.de5675dd7a8e145fdc4cb2cfe67a16cb085528d0.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/fonts/inter/inter_n4.b2a3f24c19b4de56e8871f609e73ca7f6d2e2bb9.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/fonts/inter/inter_n5.d7101d5e168594dd06f56f290dd759fba5431d97.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/s/trekkie.storefront.370ef8ffef154dc56bb5a814fea4666724353464.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/accordion-custom.js?v=97588419883090888471783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/anchored-popover.js?v=95953304814728754461783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/auto-close-details.js?v=58350291535404441581783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/base.css?v=126590144970261393271783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/cart-discount.js?v=138990160074728809221783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/component-quantity-selector.js?v=67906657287482036641783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/component.js?v=175690430936884589731783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/dialog.js?v=50435175020407122251783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/events.js?v=99399773727497444581783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/floating-panel.js?v=151277338116891310371783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/fly-to-cart.js?v=48483246440248933081783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/focus.js?v=60436577539430446401783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/jumbo-text.js?v=40893161465570559361783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/layered-slideshow.js?v=30135417790894624731783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/localization.js?v=15585934801240115691783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/media-gallery.js?v=154207211298275592001783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/media.js?v=37825095869491791421783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/morph.js?v=182601902166245204061783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/overflow-list.css?v=16727044177065489451783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/overflow-list.js?v=46858356770684902511783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/page-view-event.js?v=12823247316348680231783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/performance.js?v=171015751390534793081783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/popover-polyfill.js?v=119029313658895111201783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/price-per-item.js?v=115937180292451397851783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/product-card.js?v=37238785082130356571783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/product-form.js?v=75424241456978697291783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/product-inventory.js?v=7173209571153411411783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/product-price.js?v=179333985604099329921783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/product-sku.js?v=28741104639155857071783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/quick-add.js?v=43065342542833269571783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/recently-viewed-products.js?v=94729125001750262651783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/rte-formatter.js?v=40306132146590816021783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/scroll-container.js?v=127018149358875384221783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/scrolling.js?v=162288454571026455011783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/section-hydration.js?v=108434990705342316311783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/section-renderer.js?v=44511745960026958271783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/show-more.js?v=94563802205717136101783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/slideshow.js?v=28306258147874261831783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/standard-actions-override.js?v=171683365447094389611783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/utilities.js?v=66596746310761568671783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/variant-picker.js?v=21977969907998071131783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/video-background.js?v=25237992823806706551783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/view-event-elements.js?v=34258756885466567141783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/view-transitions.js?v=5297208939214537721783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/volume-pricing-info.js?v=94479640769665442661783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/assets/volume-pricing.js?v=15442793518842484731783346247</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/compiled_assets/styles.css?v=93313513869703545441783367815</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shop/t/21/compiled_assets/styles.css?v=93313513869703545441783367815&amp;subset=AAAADAAAAAAAAAAAgAACAAACAAAAAAEQAAAAAAAC</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/AddressPresenter.CV2zOWWg.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/AutocompleteField-hooks.BOEGMscz.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/BillingAddressForm.BRCmcRYI.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/BillingAddressSelector.B8ZFra6O.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/ChangeCompanyLocationLink.A1hHp_xe.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/CompactChoiceList.DLZnED49.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/DutyOptions.CYPLctxB.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/EstimatedDeliveryContent.D1oKz-xL.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/GooglePayButton-index.BXJBKUX-.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/LocalizationExtensionField.B8Iq3E01.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/MarketsProDisclaimer.C3TBfa6b.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/MerchandiseModal.D4Witi7N.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/Middot.C5HJArf7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/MobileOrderSummary.BHJLe-oA.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/Monorail-monorailMetric-wallets.NoRr_1r0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/OffsitePaymentFailed.BgNJEmQb.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/PayPalOverCaptureInfoBanner.DIFjFfG7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/PaymentErrorBanner.DeVXpW0l.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/PaymentIcon.Bs6FhGHt.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/PaymentLine.B2-8rW9N.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/PendingShipping.ChcFcj9q.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/PhoneField.BT9l6qNG.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/Section.DEzkWRUP.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/ShipmentBreakdown.Yc9oxBuM.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/ShippingGroupsSummaryLine.DO_c4vVd.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/ShippingMethodSelector.iBNasApz.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/SplitDeliveryMerchandiseContainer.B4o5mJ91.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/StackedMerchandisePreview.DdJ3QCq6.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/StockProblems-StockProblemsLineItemList.CLUHxaSQ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/SubscriptionPriceBreakdown.BphaY67V.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/Switch.BnGpDOpq.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/TextArea.A6ty8Z1c.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/WalletLogo.BbstAUHa.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/WalletsSandbox-WalletSandbox.EMmJWZD7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/app.Cmmke1X_.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/BillingAddressForm.Dj0n4Opx.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/ButtonWithRegisterWebPixel.B_TNV6i2.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/ChangeCompanyLocationLink.uqpm88mq.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/CompactChoiceList.BEvzDDvy.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/DutyOptions.LcqrKXE1.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/EstimatedDeliveryContent.Dl_bEC_c.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/LocalizationExtensionField.DugS7mXw.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/Middot.D7Ujmshx.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/MobileOrderSummary.CqVkJv9Z.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/OnePage.CQM_ODoE.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/PayPalOverCaptureInfoBanner.CuS5ve3d.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/PaymentIcon.CLVwzp6i.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/PaymentLine.7870thps.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/PhoneField.DN6CUyst.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/Section.CU18S7Ap.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/ShippingMethodSelector.B0hio2RO.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/SplitDeliveryMerchandiseContainer.D_EbuoqI.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/StackedMerchandisePreview.D6OuIVjc.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/SubscriptionPriceBreakdown.vTcdVGq4.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/Switch.Dq_6Ius6.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/UnauthenticatedErrorModalPayload.PQOzdEj1.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/WalletLogo.CIy8uDiZ.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/WalletSandbox.CnR7qNLY.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/app.CMvjny27.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/useOnePageFormSubmit.CtCAWdWo.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/usePostPurchase.uv-X4L1-.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/useShopPayButtonClassName.BrcQzLuH.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/assets/useSuppressShopPayModalOnLoad.D-V2RVyM.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/billing-address-hooks.DTdc6Ux3.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/context-browser.Bue-A1Di.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/esnext-vendor.CPjoSbTv.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/extension-targets-shipping-options.C-fhC21r.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/extensions-rpc.CvnaBHQQ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/graphql-PaymentSessionMutation.DjRRajQj.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/graphql-ShopPayCheckoutSessionQuery.Bf6r37XE.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/graphql-UserPrivacySettingsSetMutation.CKZIFKAA.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/helpers-installmentsNotSupportedForAddress.D-OFNhwa.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useAvailableShopPromotionDiscount.bipzZKrD.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useCheckoutProtocolDarkTheme.TvPF3vm5.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useForceShopPayUrl.C9387eLh.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useGeneralPaymentErrorMessage.Cvm9o-XG.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useHasOrdersFromMultipleShops.DTS6m9-y.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useOnePageFormSubmit.DZ_V8xIA.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-usePaypalRowEffects.Lfe-JWXS.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-usePostPurchase.BaoBeIRf.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useShopCashCheckoutEligibility.BA5jEcRJ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useShopPayCheckoutGqlVersion.DXSO25iH.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useShopPayPaymentRequiredMethod.BK6f4JkP.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useShowShopPayOptin.CyebETDK.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useSuppressShopPayModalOnLoad.CVFBmvtW.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useUnauthenticatedErrorModal.TFAzavDy.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useUpdateCheckoutAddress.CCRKQUzp.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hooks-useWalletsTimeout.DV5Eo-jN.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/hydrate.B7mQ5ny8.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/images-flag-icon.C_eXYJRt.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/locale-en.CvaZGFCd.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/page-OnePage.CrxgElh-.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/polyfills.iRHCMwIP.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/proposal-delegated-payment-instrument.DP1klbNg.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/remember-me-hooks.Csfd5kjN.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/types-UnauthenticatedErrorModalPayload.BTNWxjr9.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/useShopPayButtonClassName.SjlAAaNz.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/utilities-get-negotiation-input.wqxEmG3R.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/utilities-publishMessage.CB5l4f1M.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/utilities-shop-discount-offer.Cb_nvUGk.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/utils-getCommonShopPayExternalTelemetryAttributes.DyfOxY-X.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/checkout-web/assets/c1/utils-shopId.BKXUfw2L.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/importmap-polyfill/es-modules-shim.2.4.0.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/perf-kit/shopify-perf-kit-3.6.1.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/portable-wallets/latest/accelerated-checkout-backwards-compat.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/privacy-banner/storefront-banner.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.authorize_CPxox-Yu.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.casing_Bd8FVtoj.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.defineInitFunction_D4of-Jj4.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.document_CC4DPZSc.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.errors_CTUuk3kr.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.hooks_C0-Ojk5t.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.index_BpfL6aWy.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.init_BnE1avLs.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.preact-module_Cvpcobqs.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.storage_BGV5Ustn.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.tslib-es6_i06t5CRd.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.useEventListener_DMgdZeth.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.useUserRecognitionSignal_DaylYjKO.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.utils_1bb8Zmgu.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.v4_CSBSzmbm.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.validators_Cj2qrO-d.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/chunk.window_BV7pwtSs.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/client.init-shop-cart-sync_B2h2QLrd.en.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/client.shop-cart-sync_hl953UBK.en.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/shop-js/modules/v2/loader.init-shop-cart-sync.en.esm.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/storefront/assets/shop_events_listener-4e26a9ce.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/storefront/assets/storefront/autosizes-84416378.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/shopifycloud/storefront/assets/storefront/load_feature-1bd60354.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/cdn/wpm/b884e51e7w4ac0e82ap522bb270m20c07008m.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/checkouts/internal/preloads.js?locale=en-DE</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/password</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/services/login_with_shop/buyer/callback</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/services/login_with_shop/buyer/callback?analytics_trace_id=3fc909ee-dfec-4fe9-8a1b-ae6de44e3ff2&amp;target_origin=https%3A%2F%2Fdrivertech.net&amp;token=UGZubGVFRE02VjhEUUZpcmtQakt0cUZENEhmcWlGNkxVT01JNGR1eWtKSTQ2SlZ5THBQR3J0azYxZ0kyRGRRTkVKa3Z6M09aSUFORWFPMlUzUG5yZmhuNFNEc0JIZVlCeHF0Tk5IcFdDSjJROXF5S2NKTy9LMjVMYmJ6UGx4ZDFON2pYQnhrT2U3Q1EzTkJqQ1V3R3J1WlV1czFpL0dkTGpJTWw5d01tMnZsS3NpSW1TZnRYZlQ3cFVudTE2SnMwcW1XZFJtMWpvVHpSM0lRNVVmL0s0ajdrUlNnMmhuZmp4VXZSTmdISWp3YSt2RHR3eGFDTkt0SnJ0VjdmSEJKWnVnSDVVZ0pXeHNJd3RSODUxVllsVmVTbXJNdE4ycm5Nc0lqZWhkbTJlWWJkY1dML1U3YTl1akVHZWphRUNLdGQ2ZGdPRHdnRTYvV0pBTFB2bEhwRGtMREovZlNTRC9pQjJQT1pJajJaS0xPY2ZMeFdvSFlIdmUwbU0wSlg0MmlJdXFWTGI3d0MxamxMZGZMb3pmSkVoUE1UM3NoWWRNYzRZSzN1Z2VQSEZQbDRCazJwMk5vTW5URnpXaUN0UkpueDZHSDBRZURaNDFPQlZ3eTVNVlBGbGZ3QTNZSGxQejE4Q05lcWlOZEtPekxONzNNbnhrQUMxN1dQVlozdVQyaW9NR2IvV295K2oyUkwzVnlkTUpOUFlNOHVKeWxJVXBvME90TXlMUzRHU1dwdE5YOE9DR3grY3hyeWZHL29QT2VzUTBGWi9hT0tLMTA5cFMrK084cnZvVmhPREljOVlwOTZac3ZzVkh3UkwzUWlkZWFHYVJjQ0tEOGNOY2UzOVVNUFFyeSs4d1BQRzRVa25GbVgxdjV1cThUb2l3VzlUa0xLK2o1YlVOeldRaTEvem9PT3dQNGFIMVJMU2pTaWdKcEVQK2xQdUM0aGJSd21qOXlJNk9RK09kbm5sQ1hia1ptSHFLWFZINHhIZDhkMUlmMWFBT04xWWhhODh0dXp5eVAzOFJBME1jb3E0aUgyRmtqa0pHcG9xL2JNRjVYZXhjWEZTekgxODhPMmcrczlGKzJNd1graFNuclI5VkdnUDJvREQ3WENHN3VDUmkrM1F5MkxOTkEwUDJMd0hMV2NnQkR5ekpITHFGQURHNW89LS1JcUgwSXpTMlI1UFA1dkl2STJxUWJ3PT0%3D--0c69b163ebfc546ef9b85e11ee729f1729ce0ee1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net/services/login_with_shop/buyer/finalize</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://monorail-edge.shopifysvc.com/unstable/produce_batch</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://monorail-edge.shopifysvc.com/v1/produce</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://otlp-http-production.shopifysvc.com/v1/metrics</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://drivertech.net</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>api.judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>app.judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cdn.judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cdn.shopify.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>cdn1.judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cdn2.judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cdnwidget.judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>drivertech.net</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>extensions.shopifycdn.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>judge.me</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>monorail-edge.shopifysvc.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cdn.shopify.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>drivertech.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>monorail-edge.shopifysvc.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>otlp-http-production.shopifysvc.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>shopify.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>185.172.148.132</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>52.84.174.110</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>34.8.119.189</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>18.209.239.255</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.227.39.200</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.227.38.72</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>23.227.39.200</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>34.160.147.240</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>34.8.119.189</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>34.199.168.181</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>108.138.7.87</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.227.38.72</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e</SHA-256>
              <SHA-1>8216b0cc6876cbd44f01c158e7dff3833ceccd41</SHA-1>
              <MD5>086707e4369f60afedcafb16050a7618</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>2a9e01249f154673e65a621d707d5e128dad4921a955eb4ae349718e2a4b1fab</SHA-256>
              <SHA-1>d819e7b6f9b96863e7386066bcea7724a89d468d</SHA-1>
              <MD5>0bc2294941d05462f5d4ee319e46238d</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>ee14f4b260134e8674b8fe77449eb54d0540606a7215dc2c0a2899152ffcd2e0</SHA-256>
              <SHA-1>d2e3a453655278538d342fe278f3917a9e027443</SHA-1>
              <MD5>ad828dad87ce84d0947f89af823e1b4b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>1d2009e4aea51a8e6a0f6404f282d8948f473e26f80e45c7ed9bbb12e470d661</SHA-256>
              <SHA-1>1a79b5a75ec04e4e848ff1fac2ec61dee8497f9f</SHA-1>
              <MD5>aced3fea9748fd1195082cf5f0d9a49e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>fda09b82bd0db425b03a81a39ab47895c91d8340f5774444948c88c07b5b710f</SHA-256>
              <SHA-1>13df895c296e3083037011956756fba3084169a5</SHA-1>
              <MD5>c66a06f1a094f7fe2c538044ab084cc8</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>358644c12c9fa8023e3822a2a11de5b9adfb209dc47ece923dbe91fbb3da4f85</SHA-256>
              <SHA-1>50cc0351938890971e846092c5e996f36eb3ac7d</SHA-1>
              <MD5>594252e2c2cea9ed7b15c95ab54ec4ee</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>c1fff7386e1215a725b941aaf8962a516da49a562dd3cf0036ce63f185d72296</SHA-256>
              <SHA-1>0fb1d0cd061da79c893a5cfaad4e29c24274f9d5</SHA-1>
              <MD5>13fa576e2199ca3afda083d630a7d79f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>84d4cc537cfda4702102cc650247a2df96cc88d43b733c2a66a2f61fab2d4130</SHA-256>
              <SHA-1>7a3f4aee51f73cb2397aa5246034d9107a9959ff</SHA-1>
              <MD5>a1a87967a48a6ebf5df85d644cf6b283</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>019f3845-fbe5-7808-8b1f-db51bec1ef86</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>113b9adc-38a8-4b9d-9097-927a9675c187</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>248cb471-7357-4193-a892-dc0b089c1704</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>262392f4-bd52-4136-8ed3-3e5d6879d435</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>61ccd3b1-a9f2-4160-9fe9-4fec8413e5d8</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>d4bbf30a-7ca1-4902-a5d1-728143987df8</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>f06e6c50-85a8-45c8-87d0-21a2b65856fe</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <btc_wallets>
            <value>
              <btc_wallet>x2d9a:$btc: 1544279351884248473178334624</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>xde9:$btc: 3425875688546656714178334624</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>hxxps://drivertech.net</name>
        <report_id>ac2acaa9-019f-4b61-b826-64d09c20ca99</report_id>
        <tags>
          <value>html</value>
          <value>xml</value>
          <value>javascript</value>
          <value>captcha</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b94f04ed23e299dcabcddbf467dfe029f839bda0d5250f7c983d1ade04aa23d3</id>
    <title>Analysis Report for b94f04ed23e299dcabcddbf467dfe029f839bda0d5250f7c983d1ade04aa23d3</title>
    <updated>2026-07-06T20:03:43Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0a5374fb2f5922b6c4a9</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0a1bddf0075731164712</flow_id>
        <hash>b94f04ed23e299dcabcddbf467dfe029f839bda0d5250f7c983d1ade04aa23d3</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.microsoft.com/SMI/2016/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>39f7e0c509e6200dbc671c72c4992a07b768dc62cb6b0bcf500515e14061d27a</SHA-256>
              <SHA-1>77530d15f5462d467d7c6ee5a13f6af174750d32</SHA-1>
              <MD5>0091100369672668b7bfcfedc76d25e4</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/zlib</file_type>
            </value>
            <value>
              <SHA-256>4c8e57a7d8aa690c52cd738825c21f2ba29f019af20947dd9fc98c32096e197e</SHA-256>
              <SHA-1>3ed349dbfc032e641dd6809d6d4f3a983ce325b5</SHA-1>
              <MD5>9c1078ab7dd9207f80e8b3838f137a2b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>72c3f0059b152745c8e188f1e9bda908a37bc5b5c88ecc18b1b71412512113e7</SHA-256>
              <SHA-1>8301ae85cf6cb139e08e9ed52ada97747097efb9</SHA-1>
              <MD5>983059ddd9a14c049d31d5e6084f7ad0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>9c049c46b39b09903724c067a1354a76d59421570f2b53f08aa4db2e26e43b38</SHA-256>
              <SHA-1>69e17d1a0cf2923086ed210b4f81c910865157a7</SHA-1>
              <MD5>e7b988371d9661a21a28a108f2e0eae3</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>a4d27205ec43d56c42459d4c82dc2f270dd7d9970b02aa09c6b728e45b456e43</SHA-256>
              <SHA-1>87240605c2eb4720246a62d8a6c1c029ddf05abe</SHA-1>
              <MD5>8312f1cff88981ee05eadb66f8aef7ed</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>a80a7a06f7f5f5837736aa5af2c93f80ed4cd3c726d22d4cbc7a1975e833b532</SHA-256>
              <SHA-1>799c3e89d3fd37f980b404cf3bdccb874eac845b</SHA-1>
              <MD5>5c84199ac4df04f115cc80a4ab9e5a86</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11</SHA-256>
              <SHA-1>5f8991f3e065fd95614859a293f88b9c70e4bb23</SHA-1>
              <MD5>84da8dee6b319ea0b10b6de5489c6aae</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>b5d550678bbe2982b6fa9eeb5916e8f1e924ed989e3aa71aeb1eff1ff0172123</SHA-256>
              <SHA-1>52b141aa77e4b5f8704d352492ccd6ad555aa7ea</SHA-1>
              <MD5>8d402ffe9c5f69f0968a3c9af1b1e380</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>_b94f04ed23e299dcabcddbf467dfe029f839bda0d5250f7c983d1ade04aa23d3.exe</name>
        <report_id>ab9e6cbc-4ba9-4839-96b3-362097807866</report_id>
        <tags>
          <value>peexe</value>
          <value>packed</value>
          <value>overlay</value>
          <value>anti-debug</value>
          <value>expand</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>pyinstaller</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>064f34fc2dc285b07e6dc04d397792d6b673aff8e170b682c89276248396d039</id>
    <title>Analysis Report for 064f34fc2dc285b07e6dc04d397792d6b673aff8e170b682c89276248396d039</title>
    <updated>2026-07-06T20:03:00Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0a7574fb2f5922b6c4b2</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c09f29a9579027330929a</flow_id>
        <hash>064f34fc2dc285b07e6dc04d397792d6b673aff8e170b682c89276248396d039</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>2370db5cfa60bc01a044352c0ec414c201beec0243589118962b6e1535facd55</SHA-256>
              <SHA-1>be2c731443ff067b2af420defce55d0add7fad30</SHA-1>
              <MD5>28c5c99a6c60fbf3a58d837f1ee79a86</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/javascript</file_type>
            </value>
            <value>
              <SHA-256>52bb237125099dc7ae448d462e4571f06bb7fd4d8a2ebc83bd4a746b3277a0b5</SHA-256>
              <SHA-1>de461db18147aaf773d8beb8bd4b09d08898d810</SHA-1>
              <MD5>1b0500921ec31f1aa74b5e1945fa47ad</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/javascript</file_type>
            </value>
            <value>
              <SHA-256>631a106755f13a78032d7c17cd19c5185fe89d93fda2ac108c4f53e27dcdecdb</SHA-256>
              <SHA-1>93045ea061f23421d61b14ab2b89eb618c0e6daf</SHA-1>
              <MD5>1754ecb52a0c9fb6f11c43476975be9e</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload; format=pe</file_type>
            </value>
            <value>
              <SHA-256>63e1f4a5e31c74a90bf3323681fc7fcbe0267c84276db5fbc0eceb2c8b63583b</SHA-256>
              <SHA-1>42542ef3555d9b2a90ead4040381365010374899</SHA-1>
              <MD5>b7007e95986bf87da8d01cccb5be1a59</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>text/javascript</file_type>
            </value>
            <value>
              <SHA-256>7e97fbf5cee26ab01227d564f023337736310868c1cf23920e4dceeeb1c11701</SHA-256>
              <SHA-1>86a8b08c70a5b095b603211a706148ca266951a9</SHA-1>
              <MD5>575eba56aa4c2e409d643f719cd1dbba</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload; format=pe</file_type>
            </value>
            <value>
              <SHA-256>7ec2aaed56985c4d64bedd90815f98d5dda827cdbede3ce41da3fbe042c4edbe</SHA-256>
              <SHA-1>0eec2f8a345542649d292c629052916d0241afcb</SHA-1>
              <MD5>af070b17b160038c1f87e9338af5aaf0</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>9afb7db6e3407d84f8aad7aa8d389579e2ddcaf3c7545cd0af957d9212f3f449</SHA-256>
              <SHA-1>edb78758c888d5dc3757d8b52c8a93ea1726f19e</SHA-1>
              <MD5>0ce0e49eabd82554c3ffaaaaac749089</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-dosexec</file_type>
            </value>
            <value>
              <SHA-256>a5bc083f53b0cfd65cce805364238beefd400f6724d9cd61b5b8383f61788810</SHA-256>
              <SHA-1>c215fd44d7573868db2bee4c1a3c0eb1da376251</SHA-1>
              <MD5>e97d5025d32c75bbd9a21278bf1ec65b</MD5>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-nsis-decompiled</file_type>
            </value>
          </files>
        </iocs>
        <name>MEGAsyncSetup64.exe</name>
        <report_id>1dcaf66c-6f40-47a0-8427-053e6876a18e</report_id>
        <tags>
          <value>peexe</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>packed</value>
          <value>installer</value>
          <value>reconnaissance</value>
          <value>expired-cert</value>
          <value>nsis</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>7544eaa425d6f1e6aeb2e7a6761da54d699ddc10d5ce56ea7b7335a76de67532</id>
    <title>Analysis Report for 7544eaa425d6f1e6aeb2e7a6761da54d699ddc10d5ce56ea7b7335a76de67532</title>
    <updated>2026-07-06T20:02:46Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c09f874fb2f5922b6c493</_id>
        <file_type>application/vnd.openxmlformats-officedocument.wordprocessingml.document</file_type>
        <flow_id>6a4c09e49a95790273309282</flow_id>
        <hash>7544eaa425d6f1e6aeb2e7a6761da54d699ddc10d5ce56ea7b7335a76de67532</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>67928445a11344ec4c030d08878c71a0a159d9a81aa8b6faf4971d0afc4e34b1</SHA-256>
              <SHA-1>5b7337e549a6b7aa7a71373fdda4bffa9020752e</SHA-1>
              <MD5>a3c8474475c79898b6623f9ca567c51b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>96367138dc44ce09bf2c8f0f8e49348a1478d2c5c0af69bbc2bbc38b63cdcead</SHA-256>
              <SHA-1>8c0783443eb2c940a65b84ad0ca38d2f4014952a</SHA-1>
              <MD5>90fd87cbb448593802403de5b92f8006</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/jpeg</file_type>
            </value>
          </files>
          <revision_ids>
            <value>
              <revision_id>00034616</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <revision_id>0006063C</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <revision_id>0015074B</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <revision_id>0029639D</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <revision_id>00B47730</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
          </revision_ids>
        </iocs>
        <name>_BRONEX_la_naissance_des_constellations_imaginée_par_Stendhal_versት+.dotx</name>
        <report_id>8e75493b-2e41-4687-b519-cc569e0e5544</report_id>
        <tags>
          <value>docx</value>
          <value>masquerade</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3bf8c7654f06c13c5a502bbca1bc8074f10614d4800bf608e89a68834cd04b15</id>
    <title>Analysis Report for 3bf8c7654f06c13c5a502bbca1bc8074f10614d4800bf608e89a68834cd04b15</title>
    <updated>2026-07-06T20:02:22Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c09e674fb2f5922b6c48d</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c09cbddf0075731164681</flow_id>
        <hash>3bf8c7654f06c13c5a502bbca1bc8074f10614d4800bf608e89a68834cd04b15</hash>
        <iocs>
          <urls>
            <value>
              <url>file:///tmp/tmpvz9ynk80.html</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <files>
            <value>
              <SHA-256>0d9db3993d7c12ded826d25f537e283377e1a6f3332460bf80e062aaae42ddc0</SHA-256>
              <SHA-1>1d33e2c327c0063594fe5a68f8ed75a535656b16</SHA-1>
              <MD5>fdb1ae4bd0751893c9038e5964493b55</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/plain</file_type>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>e340c6fd-5998-4709-beef-7ac38383bf8e</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>obfuscated</value>
          <value>aidetect</value>
          <value>phishing</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>1caca980c513fb63e07f98e59b77b4d244f98d7cc4a70731e2684ce753bb1ac1</id>
    <title>Analysis Report for 1caca980c513fb63e07f98e59b77b4d244f98d7cc4a70731e2684ce753bb1ac1</title>
    <updated>2026-07-06T20:01:49Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c0a1e74fb2f5922b6c49d</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c09ac5a5245447d9c29b5</flow_id>
        <hash>1caca980c513fb63e07f98e59b77b4d244f98d7cc4a70731e2684ce753bb1ac1</hash>
        <iocs>
          <urls>
            <value>
              <url>https://github.com/bloxstraplabs/bloxstrap/releases/download/v2.11.3/Bloxstrap-v2.11.3.exe</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schemas.microsoft.com/SMI/2005/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://schemas.microsoft.com/SMI/2016/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://aka.ms/dotnet-core-applaunch?</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://aka.ms/dotnet/app-launch-failed</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://api.github.com/repos/bloxstraplabs/bloxstrap/releases/latest</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://bloxstraplabs.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://bloxstraplabs.com/wiki/help/</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://bloxstraplabs.com/wiki/help/roblox-crashes-or-does-not-launch/</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://github.com/bloxstraplabs/bloxstrap</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://github.com/bloxstraplabs/bloxstrap)</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://github.com/bloxstraplabs/bloxstrap/commit/</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://github.com/bloxstraplabs/bloxstrap/issues/new</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://github.com/bloxstraplabs/bloxstrap/wiki/Release-notes-for-Bloxstrap-v</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://github.com/bloxstraplabs/custom-bootstrapper-examples</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://github.com/bloxstraplabs/rbxcustom-fontemojis/releases/download/my-phone-is-78-percent/</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://go.microsoft.com/fwlink/?linkid=798306</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://raw.githubusercontent.com/bloxstraplabs/config/main/assets/</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://setup-aws.rbxcdn.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://setup.rbxcdn.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://status.roblox.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://support.microsoft.com/en-us/topic/media-feature-pack-list-for-windows-n-editions-c1c6fffa-d052-8338-7a79-a4bb980a700a</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.roblox.com/games/</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>aka.ms</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>api.github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>bloxstraplabs.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>docs.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>go.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>raw.githubusercontent.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>roblox.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>setup-aws.rbxcdn.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>setup.rbxcdn.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>status.roblox.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>support.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>13.35.58.43</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.102.56.144</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>140.82.121.4</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>128.116.44.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>140.82.121.5</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>54.192.35.42</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>2.23.246.9</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>54.192.35.27</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>185.199.109.133</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.67.161.127</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.52.181.141</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>0237987f5b5a2db72ac1e052442839f356aa42f1d9d020a8479524728400ace2</SHA-256>
              <SHA-1>e7015ba1e1425ed6ec00dd418b17e644b235a4d3</SHA-1>
              <MD5>e6a3f6475366a0a3bd0abe0d0692fb59</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>0250862464f8461b36f016ef14fcf0e9b6cf73d68142a65ed1f60b3d304d1bab</SHA-256>
              <SHA-1>78b31f726a0e7c8631492ec74a0a5564f9ae6d4f</SHA-1>
              <MD5>b52bebffc26b123804996935f6406be5</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>0481a24a3f18f25364c3cf2c49c9ad20f66e00837a3892c50e782a85d77fb7fd</SHA-256>
              <SHA-1>400a8f5f38b284932179bf930317a9ddd05b7d71</SHA-1>
              <MD5>a371cd296d10309de7ebf572c24d2c10</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>09d2b2a1a4d1c8ba4d9a44198a4679bbdeb6a1c3bf0fccef9928e824df2ecbbc</SHA-256>
              <SHA-1>e03502e621fdfaa421f6f8cb0413fc7471cf5019</SHA-1>
              <MD5>cb183db1438b78184354ac4264274913</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>09f7eeca0ca1ddf92ceb162d61facbb3d8367b9549ac982db2e196708e2dc5be</SHA-256>
              <SHA-1>b6b6a2d223493c759b493c7659f747fc08d70c93</SHA-1>
              <MD5>71a872668b386795289ee3aa242e08fc</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>119d49741853a1ef16fb695ad864c92d64b8e038062bca6b3b2570d1f35d7ebe</SHA-256>
              <SHA-1>f6c9edae7a5ca37c11a80e26c39a08239471f49b</SHA-1>
              <MD5>c523e822dc87d21f5228058fb29ea971</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>140b1feccbbcfd05b04e4af3067872ef8a029811a3a6beb24757e63d307209ef</SHA-256>
              <SHA-1>80b5ec454cc6b2d444253bf9acbc635af6da6da9</SHA-1>
              <MD5>53e0b7042dac06bb8dd411f04b69f893</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>1734d5bb466b1b55d133a2de21a9b4be5b1b6f4a427b98994d377d563d1e4997</SHA-256>
              <SHA-1>6ad7b4da69a1b77c68bd389814b599e9073d909c</SHA-1>
              <MD5>a725d85fa47f2157471daede5f851d8d</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>1954c5a46820549a86e9a6a5a06d4941eab53b3d24e3b090f3f1eda2eb97c620</SHA-256>
              <SHA-1>61973f1584be4d8b31f1ac47f08b98ccea7e8647</SHA-1>
              <MD5>596bbbc2d4c6b9721ccce5d0f1b9313c</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>1b6e738b9fcfbc4277ca988bebe53ad56b5b6b46834e4403232a6a7fb5b77a14</SHA-256>
              <SHA-1>120da705c324c9ad33e5219e63b97d673f73a668</SHA-1>
              <MD5>1808f10c454d825a0f95b82c37672e46</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>1c442502cdb5ee238ce671269ef5bab0dfa39cec93ceecd0eafac28a96b50a80</SHA-256>
              <SHA-1>836b63d0a10b9e495005ab4895253c0894a08ab0</SHA-1>
              <MD5>ddb032cf9a5c29d50cfa7ebf5b7dba08</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>1cdaf236ef7b4e7935124a72aef8c525aac5d06830b2d48f75ca5c7dd5a4942a</SHA-256>
              <SHA-1>6dd286363c2e12046d2084390f63573a2d51e1a7</SHA-1>
              <MD5>3e43872dbb86bac9b763afe63763e223</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>22c84815fa5b102838bc3cd10a4fd3f37c5921a37d1faf8c24d0b13553f93994</SHA-256>
              <SHA-1>22453cd24836ddaf4809c498b1f8316589675747</SHA-1>
              <MD5>791340df55630acef2dd8f82ea1c51fe</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>26689ab55693e0a6f0b6bdf2634786c840ba0681cdb3b2635583b513217d1ca7</SHA-256>
              <SHA-1>f61818abb3f06674a740630c563db7ed3d9a914c</SHA-1>
              <MD5>3a02547392edd5df2e60853e55401a5b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>2672fef462426114445756fd4fff05e20cfe981d7e38099f9ba5e5d66659f395</SHA-256>
              <SHA-1>2581b38a6088ab3c622e9c4aa3035419620a1251</SHA-1>
              <MD5>996e05a8ef61fcad57f4bc25f7c059d6</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>2b67f7c890fc4e01bfa63766643e4f0b1321298637ab673ff012c493bf8bb76e</SHA-256>
              <SHA-1>872bb07d1958155f48ed45b99e65d23fc12893b6</SHA-1>
              <MD5>962dc5fb404af62442a64ddc65521565</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>2c75f1bca6705edac27866da02fb4334e1b93627941191d6fb5a8b79c70f5430</SHA-256>
              <SHA-1>19740e8c731fbd485248493d5a2d75ed7600c341</SHA-1>
              <MD5>8f7a59dc5cf9651c4c21d876f83f273a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>2f2f704c7bf4df37a989256b256609e4958d68523fe8a170e8e3272315952dbf</SHA-256>
              <SHA-1>397c50dbf0148d63be3cdba862023a7850ec7156</SHA-1>
              <MD5>2b1816d4e2c5fddf008b5e2e314287e3</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>2f428f101c10ead5b2bc2030447715d1059955426707b5774a9501e74bb02739</SHA-256>
              <SHA-1>37ed41cb31384dcd2faa880a7d42b6a98d482d23</SHA-1>
              <MD5>f94a74c1b39e321f8fa5abccf35384ff</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>3080b07e54d2b1e5d66de42af8e13867c6bfa07f3b84bdef1c15fe1f3f13e4e7</SHA-256>
              <SHA-1>515a48d1e16e5655d02858dfb5488c2889bf808d</SHA-1>
              <MD5>b6ccc0a558a75515324d8ffa0a8603fd</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>3252a12ffe1b44b7084284042acc1abc7e71100c3b4247885adf2048a2a2381e</SHA-256>
              <SHA-1>677cca62aac507d6270cb286523639bb0eb3463e</SHA-1>
              <MD5>6ed47e8b15d951948738de1722664705</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/json</file_type>
            </value>
            <value>
              <SHA-256>32d6a481177ca83554d36cb326f367f46ff3c2f05f6c8de6df162382d2b9a1c4</SHA-256>
              <SHA-1>33c53dbf82472c1445d9b16e91a77e8e92795061</SHA-1>
              <MD5>c72825574d893b47c93a0aea2488d38c</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>33ebe5dc905ac9b80c40a509251c0a60fce574c2b6c0c17939a810958aeeea93</SHA-256>
              <SHA-1>2cd5eb3e4dc626554f10d24cecc40562ed716be9</SHA-1>
              <MD5>cae3a49c7645ea198659612aa921b50d</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>33f4bf44ee55f275df3ceabf7d52ef492a4db5e2d3e89931e79c52a6a1c1ba1c</SHA-256>
              <SHA-1>0b3a3790ba6d785c4f89baef91d364b784c87b74</SHA-1>
              <MD5>8d9a125971aea24ac3e6d44a7481bbff</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>36cb9338a795dfbec7aaf371c9c8693076bf3c9323da934870f7e668bfffb5cf</SHA-256>
              <SHA-1>0a7aaa5f69fc0cecbb68b81cf9ea63d083f903a1</SHA-1>
              <MD5>ca1c174724290ddbd1fcb86afc9ba6f3</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>3ac7b302b66a6ea69f629b0570f4e1c833268b33a3ab58377abf97e7153e2913</SHA-256>
              <SHA-1>3799f074e1737bd95374ebf8ead028e9a5f8dad0</SHA-1>
              <MD5>dbcc7a1685fda430b7dee8b11096859e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>3f561a580a59c7fa4aa4550d151cdcba23c7ff3819efa509d02d76d15449f814</SHA-256>
              <SHA-1>753194d2b1c056c45abd5cc829ac0d95d36cb49b</SHA-1>
              <MD5>473e4284b9c94f6d86bdad637dffe2b7</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>4164d7a621deb171c47b63e5e0355a04070e0a4dafeecdb5f6111193e286f179</SHA-256>
              <SHA-1>b28648a3bea1d4c9c268813cab60afc21234e505</SHA-1>
              <MD5>2260d8dc79728fee6712bae0d15f57a5</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>440b635e4379b06a27399a9938e986a79e9ed0cfec479fad2074e9eda8c658d7</SHA-256>
              <SHA-1>af4a701effa0a70daef3442ad294cb67e1d0718d</SHA-1>
              <MD5>0c22fd19b912820b23dd8c9697946719</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>4c1612f5a2c8dc9fc8aed0e2c5ff51e103913caf0dc16e7dcd2cb819b16e9ef7</SHA-256>
              <SHA-1>7eccf14b13c1bbe84ec2b4cdf41014733772e6ab</SHA-1>
              <MD5>71f9d3dfb3fbc8ed8f8371bab438b039</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>4d25ce1aa0d3b6cf6a01034d6d5112b42658f574332d043e9dd9fd7aed4fccf6</SHA-256>
              <SHA-1>ec79966adf8f892c4b8c65ab46b43439ffc9d6b6</SHA-1>
              <MD5>c3e998c494480c3abd3bf81a293c0a24</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>4d5511fdf9df1dbc541a759f044296ab93969f189a61abd26ed8b34ed8202174</SHA-256>
              <SHA-1>640139417119f7f58425b0baae9d69b7d20d84fb</SHA-1>
              <MD5>e1278cfc847282aea0595ab68863c832</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>4f3625460717eaba76e78045b6e55d09e7a1a71bcb398f64fd6e8bbbfd81ebd8</SHA-256>
              <SHA-1>a2069232c53c149403326f228f35dfe9d199d2c8</SHA-1>
              <MD5>e102f7a212cf485d99f60c82c6c37e0d</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe64</file_type>
            </value>
            <value>
              <SHA-256>5b5dee89b2edb3137dfcb9a04fa8c4a82b534adbe1be275ab4cd6c85e48abb98</SHA-256>
              <SHA-1>6ef93cdd633bbae4d8fa990519f04412b6118ffc</SHA-1>
              <MD5>50f91a1ef2c3ae6044e29258deef6658</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>5e0749d11ea32a87460c9d683b3c9c8b7e8ba516a99bd4fcafdc399f23a829e5</SHA-256>
              <SHA-1>30258a97c12bba0997c8de1f315b1262808e1aab</SHA-1>
              <MD5>e5ab1fdd7d97f510f620f35fd24c36f5</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>5f0670dfad6a73781bc697e5feaeb0ea1fe1a68600af86e106f5a9586b30b6af</SHA-256>
              <SHA-1>655c922f631193de2cb3aabf20d4a57594cdc39e</SHA-1>
              <MD5>33b7a6471c91aee05a37aeebd5cd3929</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>6043f150ccb8b6107d8e57fa2450f0a9623d04b1ccfee37a928135e9c03dd3ce</SHA-256>
              <SHA-1>3b1aca6356a220ad3b5cd5971bdd042392e66e0a</SHA-1>
              <MD5>a93d0142b69ba93209d1d55f53192942</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>6233b64356ba858e7ccb5cd59f06c9b7b7952c0056fff8ab455b4cd2e1eae3aa</SHA-256>
              <SHA-1>429804490f95cc90b8553c66cab420b7627cc5df</SHA-1>
              <MD5>eed2e7a04d29cbb0b774e5024edafdc6</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>648b9e716f2ccd17b52faf6e6938c6060a15803a921f81ef2daf6cd86ffbeab7</SHA-256>
              <SHA-1>ea905eeda44dc76ae5e27b29bd3303358fe2a047</SHA-1>
              <MD5>d4eb0a9667e96b9b0979b81dc8a29c4f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>66f5587745229ba20156a6450a810ed4d84b31507ef8a482f126efd2dcda4613</SHA-256>
              <SHA-1>dcb23277cd8dd0c752f1fbd885adc6985c95bfed</SHA-1>
              <MD5>792ccd2fa1ee5ac6a4f05d01de7ba7c0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>6ad51168fc7a0be8592712e3680aa06a3f693efd11953718ff9e24b3b975e9a2</SHA-256>
              <SHA-1>b068de3adf3ce7a5f39f39bd3e55abe53606bfef</SHA-1>
              <MD5>00a17f20429652fac86cc4287623a7ce</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe64</file_type>
            </value>
            <value>
              <SHA-256>6b68ca1c60fa636fc1de1d91b554fac8fdbcfad309bb6d4214b4291872bb6106</SHA-256>
              <SHA-1>634fdb82a543a1b4a60432e2156ba6c78f2b3a58</SHA-1>
              <MD5>b8af8f488d31d68998d60390b45cc802</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>6b9b33f292e0e201f8b193977d0330d7bce97484b8546d44249fd69033e7bedc</SHA-256>
              <SHA-1>ab0e93f726282ef25b7543cf1bc6d5a3cec37053</SHA-1>
              <MD5>e5257f9fd85ad7cc99e81bbf6b5f9f88</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>703378a12fe567681e841215ddb159ea907512fc91b612eced4244750e91f7bd</SHA-256>
              <SHA-1>6bbb52e2210a04af3a6dde759a700183ab57a32b</SHA-1>
              <MD5>9d2f96803138be5de2b9ac16ea3eb443</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>70480c3f98a4e6560ca1180bd8bc26b50466a09c2f4c1c977a53402c438417c5</SHA-256>
              <SHA-1>2da892bc0bd5f8e69b455ff161ba9c8ff94287f5</SHA-1>
              <MD5>3a263b68bddaa9865397103cdddcea9a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>70e34cddba81a33d5f9f9864e752f2d8638962ccbf27020b0c11815b1d4a3775</SHA-256>
              <SHA-1>dce874dfa1b3afba6d2ee0f72953411b179eb0c4</SHA-1>
              <MD5>9372e6d24291ae726047b6fe6db6b036</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>742f6de330674fa9308385d4dfa408bac8f7498de822176671fc77804db6b75e</SHA-256>
              <SHA-1>549a55e09318ff6829abdfdf624955abb4cd6776</SHA-1>
              <MD5>73f60e86e7ab2b7a73a1f1a18e93b7ad</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>7555cb8f1683c7abb17d2d29fe6f8b639705506247ff4fa7fb165c59a7771cbf</SHA-256>
              <SHA-1>51fd2592b407d1788c6109a9ace51597b96d6d2e</SHA-1>
              <MD5>f8e47516f92e38688fb2cf9c9bc4fc38</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>77cb87dc3692d4d51b60c1a849774d324014b64dc7a6ec453ee81663c6864f19</SHA-256>
              <SHA-1>814a232ca9de51f4788f5a75ae03fb2354ab93cc</SHA-1>
              <MD5>f3ea5357b70a2b92b823e53788b46023</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>780d92147b8c3b4ba77f20916af485282e79fafee7d0d0a39fdb9dc3ea8a6d9e</SHA-256>
              <SHA-1>6078e110f4e7482ace40ee7d843850980b8bee78</SHA-1>
              <MD5>4726e77f28bcb3b86ce16d67056a337f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>879b0b967c8a9084f3e70c9c7e1aa578bd5267687c685a1df1d191f16a50da12</SHA-256>
              <SHA-1>98ef49ad4c18dc7087becdaacf9501f77a5bde6b</SHA-1>
              <MD5>b89126e185b470c59ed5af186edcc2cc</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>88f4878bf553d591950567e6c19dcec7a421adc10f525d55f336c080ae202aaa</SHA-256>
              <SHA-1>f973f7f77106562eeee1c363c6bb4582bd06a59c</SHA-1>
              <MD5>191dee7e812db0110eda2ce6c06c7ddf</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>8f01b6862e2ee3f15f2423c6ac9dab7f7c405eb376bbd41a224ca138dfe2ab7a</SHA-256>
              <SHA-1>37a5e2df81a940443284e5d33bdee9b1a6d7fc61</SHA-1>
              <MD5>a897b7397659687d8295e87965cb7955</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>92e7838c19bb35b8ae87d333ad94e036660a4bac4431f170a26f54485a8ab8f2</SHA-256>
              <SHA-1>ceff63b413dad6948dcd4732fdf9a76af0db25fe</SHA-1>
              <MD5>50735f1055585331b7f8f5067f330447</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>9a28861e3712ebbf9dde507d87b9f4a638006f8182033b9fc6e749315bd6f9e4</SHA-256>
              <SHA-1>b06bc1e0b5e9f9d861b278ee3b394c222d43b4b5</SHA-1>
              <MD5>4a20f310ff6b9294da7eaac9e4c03331</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>9daf2c32c0d9e6a0470cf8aeba4b8409e660507a1351a761cd649c1f13475c5b</SHA-256>
              <SHA-1>5a6da5afc880bcfa9a5b8c90560e9e22c521787b</SHA-1>
              <MD5>ca1100e0fa92b5efc5c4061f6d50853a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>9ee5e339b18475c6908e3d499ab2cb2d03ee54d1c70d651d4c4c8644884c28f0</SHA-256>
              <SHA-1>1ad21742f5a78452ce5ca495565c74b210bf6ee6</SHA-1>
              <MD5>a0952fc3f50f292593723d66e8e20a6d</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>a74bddeec5d01600ba3f7204284922b79207efd1db63ddbedc0190af24d37861</SHA-256>
              <SHA-1>c896c25e66acaa6afa97eee288a6e48d5f17df59</SHA-1>
              <MD5>02faa916f4d3d3c8c68900ed762a5696</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>a8088d07e4f0adeb065eca2cc463fcdaef59efb99563723683a171bdcfc74f72</SHA-256>
              <SHA-1>7735fd9b3753d5829b30e414413b543e4fbfbd64</SHA-1>
              <MD5>771273a59da8e84a9adce8214f95cddb</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>ac2b929ac4ec15b3d7f0e0fa31cbd16586939bb1b2df9202d8c09c7edec92b5f</SHA-256>
              <SHA-1>906a6c377806ae3ce92243dcc8c9505f46dfc87e</SHA-1>
              <MD5>a941e919bc35665e8f1d3936c657242a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>aeaa93f1168b8f80195b7e0228160611e4560d53bbf0cdfea507a8cd407cefe2</SHA-256>
              <SHA-1>4a2683ba5800343c1075f4cf006295efa036b4f3</SHA-1>
              <MD5>7dd94f90ea7b176753933683a6a8572a</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>bd929944d206d9e64c9af60cabb9afba3b41a402ff37948e4e6bca50bea9b02d</SHA-256>
              <SHA-1>eff7f880589a518db59ed23332cbd1c13f7a87af</SHA-1>
              <MD5>ea89a2a5ef7862993ae2c26e3ce80888</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>c486c9b82abc8deabf2e79fc1d4c41200809c05edc0ff4441168eb4e45f670bd</SHA-256>
              <SHA-1>96435466865a9fe82aec753339ba3aa300ce66aa</SHA-1>
              <MD5>2e5970a7b2b205d143b7f421d9660d4f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>c4b1570b726039cab6575dfeb7c8ab300d67161785bff1cbc9e65310f2ded1a1</SHA-256>
              <SHA-1>80290e051d8ed9e36caafb585bef9d970e063825</SHA-1>
              <MD5>2ca602080956bc40269fde07dde1de0b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>caf6f8369d4b8f4bfdf28e1abae255bd0e3f1f8f8c37cf4956be011fa74f26b9</SHA-256>
              <SHA-1>0a1d570646ac382517b7fb4bee1eab64185748e8</SHA-1>
              <MD5>9077bfd86c25d318fb96cdfbdedaae0e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>ce40c026eb8f24770dfed39f2ce75dfcc9ed943969ca31080609f3ebd55f6aad</SHA-256>
              <SHA-1>014266f1e7a53724c72efe03101885657c751097</SHA-1>
              <MD5>ba2449578e2353da8a28d50f2b1deb10</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>cefad2ee93891cff9c3000d98b586843a068297fa7603405bc719dd676aa9b4c</SHA-256>
              <SHA-1>1ffd1ceb4f4484a811ba61734d4e10018f10aa8c</SHA-1>
              <MD5>0e74432caab984672e83dafbcc404c4b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>cf56a2378fd2901f81814f5ead372e62f2fae77b848a4a1ac54f0c0f7a088110</SHA-256>
              <SHA-1>78003f47f0b2b90734f669c52f2dc939075f1fae</SHA-1>
              <MD5>8e8d36a6f62d3ab2dfe36a19b6e5a4ea</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>d000fdc5c0d85a435d4c791df86faf3612e63c8ceecd0f5814f26e97cee5a328</SHA-256>
              <SHA-1>0eaa2b3a1180ad12c257709585d71f3f91870aa5</SHA-1>
              <MD5>f7e0cd125edaf948e6e2587a0b4210c8</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>d151cd540e860ed156447ee26034f69ab765b1c2a95423ca0c8cd4352352907b</SHA-256>
              <SHA-1>9c8de733efc7fa39c71fa4a84cdc8f31acc3aed4</SHA-1>
              <MD5>c608d8aceac505184d87ea5e1063db46</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>d7ce4b7d8559b8e0da3cfbdd072af752d4fa503c0e872bfb5779bef79475f635</SHA-256>
              <SHA-1>f56afeb798733762358cb327bd3947db5df6773b</SHA-1>
              <MD5>0e3acf18cfc0c7355ad782801a81504e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>da97a4abf5f701889f80d815b747eee96ef131d08eb510b3b628df47509b01ac</SHA-256>
              <SHA-1>fd3e1ab6b644fb84a36b38c5864753447af1c8d4</SHA-1>
              <MD5>9ccf1d5d87a6659a4bf18925f308ddda</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>e46d2097f2e9d40ecc9b4613f6351768b6105f858d83d2d49782520528c0913e</SHA-256>
              <SHA-1>76c7673a6f65ceca9ae48e06ad35015b51213662</SHA-1>
              <MD5>3c459711a3267bf941949983feb50f7f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>e5b9c8d3ed2b71b5446120fe5b848ec40180b7b6b8309f1ab0cc04a4fcb1f140</SHA-256>
              <SHA-1>beae27446ef94699d6743c59563b383ca2276af3</SHA-1>
              <MD5>cf43e0c86b55a11ea8f5f2d7db9b5772</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>e7cdb10b8a6a9167611169fa1c83330c3a3e70e17a86e4f07ee78bebc8ddd0bd</SHA-256>
              <SHA-1>b0641ab3f544e65ce7865d3bae0072d7e5cc1c57</SHA-1>
              <MD5>4a763ea29bf4dac142b2e51acd33dca0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>e92e3183a2eacb193523cbcd9bc6f1f81229e2b0dd3bd247b2d938821db6e125</SHA-256>
              <SHA-1>24b1366dd8d8577a1765e1674263dc30ee27a024</SHA-1>
              <MD5>23e7d3d0b13bdebe1a4d5b3731437b59</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>edcbbe5586effdbb46d6c352852676726097b853b8c5193c776c55b881663c0e</SHA-256>
              <SHA-1>548895804efbb2d2ed01912dd336d716300559ae</SHA-1>
              <MD5>e003a121cb697ef30bf479475f872c04</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>f1791011f95675d492bc9fd58ccc05895034773706b77c3ef5197fa7913d9910</SHA-256>
              <SHA-1>7c1ac2982810745a45bac2be4e5ccf840c1c9f0b</SHA-1>
              <MD5>4100dfc5d6339406d33caf107a423fa6</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>f29b28ae3c7ba8b49639f3c40d90883c86091e17384c60787d04f148a5e3ca00</SHA-256>
              <SHA-1>ae29407134ed7a75a9a96582eda238c1952bb5c5</SHA-1>
              <MD5>2c5500d8ff931bded0d6a115983f7ff7</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>f3ffee56fa4df63a63b65df80ee5c06ba7b1f15dff753d0d2a035bddeb5b73b3</SHA-256>
              <SHA-1>41138b8382a78e64faca6016d5ac4211320d5049</SHA-1>
              <MD5>e1bd74381219d9a580f5221fb95dde89</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>f6ee9167967e7ec82ea9d4fbebc4667f348633b540d7a769e329b82107ca82ae</SHA-256>
              <SHA-1>0ff617dad2746be3d74bd0add815de47d5d6f2f2</SHA-1>
              <MD5>14ae2a9e55547c556bfec0227d8e2713</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>f79caa1d70eac4ac619e64197d0bbb3a932305d5565a006ea399c83d49b0ccc6</SHA-256>
              <SHA-1>8108fdb4c8572445a0f3a8be59c03a8ec8be23b7</SHA-1>
              <MD5>c2d7bf05ad5c2ad57752f7affabf487f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>f8660e30caa642fbdd5e115fd4e8261995577bcaa992e83dac916d7fddb33f44</SHA-256>
              <SHA-1>4fea476bf3f82c1bd6911b83766e20bff1ff5846</SHA-1>
              <MD5>346dbe21919512743e687152d7b0f855</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>f88050e62a1da3847b6d2431a6f92e4f88e29c7bada28a7cd51f917a3d21b390</SHA-256>
              <SHA-1>538d3ab418a8e43860c5af3a3a66d2eab094a247</SHA-1>
              <MD5>61171abf644f0da494154958a5e2d3cc</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>fc2cc273ad39b3cd8aedefa30a128df8787ba9f5275f16f6e895aac85d302b0f</SHA-256>
              <SHA-1>d836677f05a43a75257d0d6a308595db4e8fa5f4</SHA-1>
              <MD5>9b612494013ed8ae8abfad5d07f18e62</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>fdcbe585c7779894f9772495e74ced2e5553b7032d50a07523fa1c9440a4b6c2</SHA-256>
              <SHA-1>d17389ec05234face5c4fff7c865e6a14de9336f</SHA-1>
              <MD5>bab3f3e26e7702cfea8a6caf29a499e8</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>fdf5f79eac53052549ac3f26d2068211a0d776cb0b2b84f0da23e84f5e18a964</SHA-256>
              <SHA-1>35400077caeef39354292cf08e679ee22240d808</SHA-1>
              <MD5>970d05bc086b5e9acd0f726dc14fba96</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>fe54269c1469190d2b955d6283dadc9ff60e8e368e09350d6f8da918a87ec9c1</SHA-256>
              <SHA-1>e5ee1f9a008cad6ddb229873ab5b0a702901e2c3</SHA-1>
              <MD5>a6cd484729d0c9a48b6bc367c49c3d34</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe32</file_type>
            </value>
            <value>
              <SHA-256>043a47f9eff9927c3447b6f8b30e76ef289382e36ae9aad8643db54746fb2773</SHA-256>
              <SHA-1>2624e1a9060de85239fa18adfcbe84e238d14601</SHA-1>
              <MD5>f52f45f4510e8d175b1c468cb5a830a0</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>0cadd7912c7299f332a2d87e6610192fe55a3faa80cf6a0e0e277bb509de19a8</SHA-256>
              <SHA-1>84310151d8ac70efd7ffc14b0d8d74d95f1e2739</SHA-1>
              <MD5>99babaf18670a47756c1a2dc53966412</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>33622dc3b1fddcefb0a2f78371f65c4720052784aaec46b4b87e162753329e7a</SHA-256>
              <SHA-1>a45ae9adc142233b2a51cd11bac20c093134876a</SHA-1>
              <MD5>b0fd7771852ff9d82a4393150e0c11af</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>34c0e0436e35277a999d1323a7184fa2635fea1fd961840ebda0844201cd3b68</SHA-256>
              <SHA-1>60af172ff54d88a7b62a2415786301ea0e49bdfb</SHA-1>
              <MD5>210f916af3369db3bf33b0d886a3a8d8</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>3d5c54eb142c1fa17da21eb0dc2f79d424090ae1c29616ecf1631367a781411a</SHA-256>
              <SHA-1>8a8aa87bd8c2072dbb1e46ce4185dd42d2827daa</SHA-1>
              <MD5>0a8b2994993b702c1434a8abf18d9ed1</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>4fdf94c8fd09d9f6f82b9aa8019b8171522d63b1fc5d5d1835d5136b84a9ad73</SHA-256>
              <SHA-1>8c3f1cedbf1eab3573fb75bed388e65aa33568de</SHA-1>
              <MD5>53585afef45967afedc2249bbd93d63d</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>52726e6f9ced7b8b5d8b4a13d31475c6c04209a8114c2d1c6c7704ef9acf7178</SHA-256>
              <SHA-1>761497f2b8cec1b0cb76653f321a9521d2c8d1dd</SHA-1>
              <MD5>34ddd7ba628a22bf1baf1ecc5aeebe24</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>52ab93ca01b133c0ec180fb5c0bc0c092114334a3af7bb471343671c53e1fb62</SHA-256>
              <SHA-1>160c802113ed173bf72034753a174333bf6e33b6</SHA-1>
              <MD5>d038ff50ed454d90331dcc9f3a5b9a0f</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>632a68c4fbca8de432884220bc11b49096a837c30f8d29c43109f75bfa8b4b18</SHA-256>
              <SHA-1>b554330ba3a5166f3e032c2a64060743cb3f484b</SHA-1>
              <MD5>2bc2672fa46880481fe354aae32320d2</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>69fb9eddb29946cd0c3de6d64c47913b2a7b3004fc31169c73ccf556e62bc5ac</SHA-256>
              <SHA-1>4fa578eca316a873065a5e6a881afce765b451b2</SHA-1>
              <MD5>df3ecb5a41a0b064953b1f75b8213b24</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>7772d386ab1d6ccc70528447c4765c91928ced6e7230929b747e64ed6192d37c</SHA-256>
              <SHA-1>d42cddd1e2f7dae78f60f216a1624abf0b6be681</SHA-1>
              <MD5>007671a3805a195974d4cd376b859164</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>7816431f43db76471a2f63b2e5b07100ab802c67314a29207b2e875a778617ee</SHA-256>
              <SHA-1>2bd4cef79b5f5bf2419868789c33a46ec7739fe9</SHA-1>
              <MD5>aa175aff8afac7029cc63d2b4e0d77ce</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>a26992c48892a590b0ab25d55e2d51f9e555d5dc2f7872542323badf745a417f</SHA-256>
              <SHA-1>1b1ac58785dccd64fceeb33e2993c31bb2f3abd4</SHA-1>
              <MD5>8d8109b7bf60dee35c8c4fb600a6766d</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>a2f803892dd67f5f9cdcb29d624a2f6e70f063e69f388951c7bb7715b572ce73</SHA-256>
              <SHA-1>00f20bf36550bae00e5cdd71a73c0dccc70b320b</SHA-1>
              <MD5>e42910da76a195b3c972c07180f405cd</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>af74a37d54221a9d5e7e53cfb9b818dcc9d3550303ea51fc85aff3209a9162b6</SHA-256>
              <SHA-1>614de3824fcd08ed2a683693f9202b011774a273</SHA-1>
              <MD5>7c7d038959d3d33a95c5feff777fcf93</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>bb2ba7dc5e75a7cf7abd5ade0f98c4a17db78393796db07f62b16d90285e7916</SHA-256>
              <SHA-1>3858f218982a2f39b6b4ba9599602b1a3543be07</SHA-1>
              <MD5>aa43dce5603d7be9b5635247aa4ad385</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>c58205c1f9ac0ed4458b6f4a99e194a1456c5234bea5ad7b77b2bbc552469d35</SHA-256>
              <SHA-1>5e66744121fda12a7e47f44a2a3c128279eecc92</SHA-1>
              <MD5>80cb6f9c240fcc7bd2a886ec85e8d4f6</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>c6ffd995f34883561eb83172dfc00bd0dbe5cb8a50e688be43565f885f2d3481</SHA-256>
              <SHA-1>43c7ffe28bad028d3d631ae3c1a50a0dea7dc557</SHA-1>
              <MD5>6e8ddd1fa6000924a39951bf679056ef</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>cf961133406c6a936e71bf726bf437151c33ed318434d6b0b31ae15c9b66fc86</SHA-256>
              <SHA-1>a35429ba7ad1fd7e85138c1e8730efe180de263d</SHA-1>
              <MD5>5835883dc0463b1027f9869a00964562</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>ee97078c0deee16e1f1511c61bf4b69ae25568171cae6cca81118d85a3a3e0f8</SHA-256>
              <SHA-1>3941e869bd57c9609a74958bda258e198986d3ad</SHA-1>
              <MD5>2afe922d4a827ef459599a56bee58314</MD5>
              <origin>DOTNET_RESOURCES</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>1e47e8d8e77cc7b3b193d484fa706ad3b6c87f1be5ab27d06af18d3241e69314</SHA-256>
              <SHA-1>83c884a5a4cce22fd4ad12fd12a63332cdae33c3</SHA-1>
              <MD5>42a1a7f0c4c81e8eacd87be4be7b804f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>d74ebf4f8041dbc54527726dd4d42ff85597ac080da3e3c6574c34b5f7083a47</SHA-256>
              <SHA-1>bb51b8ff02fa57b80bcb6d633ce1d4b11cb3047a</SHA-1>
              <MD5>68fe6aafd6c4fca4a086a727db71153b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>dace5cec01821895194b2e2e6b9ecbe0944beeddba7e23c54f255c2131eeaec7</SHA-256>
              <SHA-1>d9a86515cc486d37bb19c44a426fe3b46ecb968c</SHA-1>
              <MD5>bd2e6a6dfec9fb3c9c27638563c8751f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b77fa173ad27b915787a9adcf351e5d31d21c23f442e2d244771a2d45a434cb3</SHA-256>
              <SHA-1>e9df857927aa97bc62a3240303c85fbe660bf2b7</SHA-1>
              <MD5>16332d860976b2e61fe9a7e04db334bd</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>fa57fa70ffde4386902d1c52eb56e966ef98a0e3d45344e64b4534a5ce80765a</SHA-256>
              <SHA-1>720077c88b5fc8d84e64bf2632f260f233678d35</SHA-1>
              <MD5>0eded7cc4f753a11da9c407ed4d29fa7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>42721d5ae564349cf761795d0c8c57f4c0974fc70330727411643044760e0bcd</SHA-256>
              <SHA-1>53988494c8fd2b2e065b40ac880aa13e7cee9c66</SHA-1>
              <MD5>1996c14485d5e82512c7995adb5f8a1e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>87acde6ff38a88464ee6e07dd7ebfdde88081d3255fee870cadeec7c0f709f54</SHA-256>
              <SHA-1>5473ebfc5913daaf8616caf0f7dd6624dd2d0c96</SHA-1>
              <MD5>c6c948d6524ea35b49567c23c9b940e6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>c1c6fffa-d052-8338-7a79-a4bb980a700a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>d38cc827-e34f-4453-9df4-1e796e9f1d07</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes</registry>
              <origin>DOTNET_DECOMPILATION</origin>
            </value>
            <value>
              <registry>HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize</registry>
              <origin>DOTNET_DECOMPILATION</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>SOFTWARE\ROBLOX Corporation\Environments\</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Classes\</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Uninstall\roblox-player</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Uninstall\roblox-studio</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </registry>
        </iocs>
        <name>hxxps://github.com/bloxstraplabs/bloxstrap/releases/download/v2.11.3/Bloxstrap-v2.11.3.exe</name>
        <report_id>2402e1c4-40e6-4a0c-bb2b-ed2b7610d2e4</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>json</value>
          <value>adaptive-context</value>
          <value>anti-vm</value>
          <value>overlay</value>
          <value>anti-debug</value>
          <value>explorer</value>
          <value>fingerprint</value>
          <value>lolbin</value>
          <value>rundll32</value>
          <value>base64</value>
          <value>reconnaissance</value>
          <value>dotnet</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>cdb580fe3d95c1d738319e38022b7f9d9fb2d2ba695d28149425fe59c85d122b</id>
    <title>Analysis Report for cdb580fe3d95c1d738319e38022b7f9d9fb2d2ba695d28149425fe59c85d122b</title>
    <updated>2026-07-06T19:59:48Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c095374fb2f5922b6c464</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c0933def7044af0b845f6</flow_id>
        <hash>cdb580fe3d95c1d738319e38022b7f9d9fb2d2ba695d28149425fe59c85d122b</hash>
        <iocs>
          <urls>
            <value>
              <url>https://kleinanzeigen-rechnung.412838191.net/getpayment/66878821</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
        </iocs>
        <name>hxxps://kleinanzeigen-rechnung.412838191.net/getpayment/66878821</name>
        <report_id>a0602509-0d76-4b64-923f-ccfd770f13a7</report_id>
        <tags>
          <value>html</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>86c3576671efea74518113358d507d58e90a72011a4e1ca657a14a39544ef818</id>
    <title>Analysis Report for 86c3576671efea74518113358d507d58e90a72011a4e1ca657a14a39544ef818</title>
    <updated>2026-07-06T19:58:39Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c08fd74fb2f5922b6c44c</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c08eeddf0075731164541</flow_id>
        <hash>86c3576671efea74518113358d507d58e90a72011a4e1ca657a14a39544ef818</hash>
        <iocs/>
        <name>attempt3.js</name>
        <report_id>f6affc07-5112-48f6-9fe6-a74ff41c7308</report_id>
        <tags>
          <value>javascript</value>
          <value>evasive</value>
          <value>repaired</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>78d2d069ede94449eca05b223cf3f809dcb6430f2fcd1d3e49c9137a2a1e6cac</id>
    <title>Analysis Report for 78d2d069ede94449eca05b223cf3f809dcb6430f2fcd1d3e49c9137a2a1e6cac</title>
    <updated>2026-07-06T19:57:36Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c08c274fb2f5922b6c43b</_id>
        <file_type>image/vnd.djvu</file_type>
        <flow_id>6a4c08af9a95790273309019</flow_id>
        <hash>78d2d069ede94449eca05b223cf3f809dcb6430f2fcd1d3e49c9137a2a1e6cac</hash>
        <iocs/>
        <name>Waves Berkeley Physics Course by Frank S. Crawford Jr.djvu</name>
        <report_id>5a108154-ccd5-4525-b34c-89c1e879068d</report_id>
        <tags>
          <value>masquerade</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>ed105b46d3a374db93cc79ce058e897b63dfce9bcc3a27d93ab8f254baeae58a</id>
    <title>Analysis Report for ed105b46d3a374db93cc79ce058e897b63dfce9bcc3a27d93ab8f254baeae58a</title>
    <updated>2026-07-06T19:57:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c08a474fb2f5922b6c431</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c088dddf00757311644c8</flow_id>
        <hash>ed105b46d3a374db93cc79ce058e897b63dfce9bcc3a27d93ab8f254baeae58a</hash>
        <iocs/>
        <name>gmodule-2.0.dll</name>
        <report_id>7053d313-4826-47db-bb1c-4a4c74601036</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>2c76ddda266dbada9597eec8d7559b0669c25f2037344c19b4807e4d61b6dcfe</id>
    <title>Analysis Report for 2c76ddda266dbada9597eec8d7559b0669c25f2037344c19b4807e4d61b6dcfe</title>
    <updated>2026-07-06T19:57:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c089e74fb2f5922b6c42b</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c088dddf00757311644c8</flow_id>
        <hash>2c76ddda266dbada9597eec8d7559b0669c25f2037344c19b4807e4d61b6dcfe</hash>
        <iocs/>
        <name>gobject-2.0.dll</name>
        <report_id>4f0138fa-424d-4858-afa3-e47945657d81</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>dbee15d75e4bfc40a0091878009dedf0cca795f224554c91ad776710eb3a76a9</id>
    <title>Analysis Report for dbee15d75e4bfc40a0091878009dedf0cca795f224554c91ad776710eb3a76a9</title>
    <updated>2026-07-06T19:57:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c089f74fb2f5922b6c42d</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c088dddf00757311644c8</flow_id>
        <hash>dbee15d75e4bfc40a0091878009dedf0cca795f224554c91ad776710eb3a76a9</hash>
        <iocs/>
        <name>vmtools.dll</name>
        <report_id>10c5509f-ffa8-4620-a239-7bd19b90fd3d</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>0360055ce0adbe1ef727880f9eafcba0688bf79e60def733d067362daac0347d</id>
    <title>Analysis Report for 0360055ce0adbe1ef727880f9eafcba0688bf79e60def733d067362daac0347d</title>
    <updated>2026-07-06T19:57:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c08a274fb2f5922b6c42f</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c088dddf00757311644c8</flow_id>
        <hash>0360055ce0adbe1ef727880f9eafcba0688bf79e60def733d067362daac0347d</hash>
        <iocs/>
        <name>intl.dll</name>
        <report_id>442ddca7-f34f-482d-8b10-8eb5fd6964ce</report_id>
        <tags>
          <value>peexe</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>2803b74d5466845e4dc9063bd516f3679aa2a3f70a30d9e93976c212e87f6e87</id>
    <title>Analysis Report for 2803b74d5466845e4dc9063bd516f3679aa2a3f70a30d9e93976c212e87f6e87</title>
    <updated>2026-07-06T19:57:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c089974fb2f5922b6c422</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c088dddf00757311644c8</flow_id>
        <hash>2803b74d5466845e4dc9063bd516f3679aa2a3f70a30d9e93976c212e87f6e87</hash>
        <iocs/>
        <name>Cursor Ai .exe</name>
        <report_id>7c345e19-b4d9-4b9a-860b-ea8b53d7edf5</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>29f281e0e9ebc9cc7b54af08535509feac1930a60d3d2e2fe9528f77711f04a8</id>
    <title>Analysis Report for 29f281e0e9ebc9cc7b54af08535509feac1930a60d3d2e2fe9528f77711f04a8</title>
    <updated>2026-07-06T19:57:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c089b74fb2f5922b6c426</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c088dddf00757311644c8</flow_id>
        <hash>29f281e0e9ebc9cc7b54af08535509feac1930a60d3d2e2fe9528f77711f04a8</hash>
        <iocs/>
        <name>glib-2.0.dll</name>
        <report_id>00eebf68-6d5d-4e5c-adf8-a0a63f6f6084</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c</id>
    <title>Analysis Report for 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c</title>
    <updated>2026-07-06T19:57:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c089c74fb2f5922b6c428</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c088dddf00757311644c8</flow_id>
        <hash>2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c</hash>
        <iocs/>
        <name>VCRUNTIME140.dll</name>
        <report_id>542965e3-4cda-4190-af4c-69a40f12eb1f</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>67332a8c1fa3a2bb449aea74cbcff3c64754fafb09c273ae51bafac91deac340</id>
    <title>Analysis Report for 67332a8c1fa3a2bb449aea74cbcff3c64754fafb09c273ae51bafac91deac340</title>
    <updated>2026-07-06T19:57:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c089674fb2f5922b6c41e</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c088dddf00757311644c8</flow_id>
        <hash>67332a8c1fa3a2bb449aea74cbcff3c64754fafb09c273ae51bafac91deac340</hash>
        <iocs/>
        <name>pcre.dll</name>
        <report_id>9e524980-bcd7-4508-bc8b-d21bcc226a7c</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>1f2d41c4aa5db0bc33ebf7b66d72943a817d7ce6cbe880502a9403823633093f</id>
    <title>Analysis Report for 1f2d41c4aa5db0bc33ebf7b66d72943a817d7ce6cbe880502a9403823633093f</title>
    <updated>2026-07-06T19:57:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c089874fb2f5922b6c420</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c088dddf00757311644c8</flow_id>
        <hash>1f2d41c4aa5db0bc33ebf7b66d72943a817d7ce6cbe880502a9403823633093f</hash>
        <iocs/>
        <name>VCRUNTIME140_1.dll</name>
        <report_id>36bcbf1c-518e-44df-aba6-b745252e1bcb</report_id>
        <tags>
          <value>peexe</value>
          <value>expired-cert</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
        </tags>
        <verdict>BENIGN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>86d81bf2f9fd1905451cb70fe034e48590ecbc4580880e406c3bddfd287380b2</id>
    <title>Analysis Report for 86d81bf2f9fd1905451cb70fe034e48590ecbc4580880e406c3bddfd287380b2</title>
    <updated>2026-07-06T19:56:26Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c088e74fb2f5922b6c417</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c0869ddf0075731164493</flow_id>
        <hash>86d81bf2f9fd1905451cb70fe034e48590ecbc4580880e406c3bddfd287380b2</hash>
        <iocs>
          <urls>
            <value>
              <url>http://slidebean.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/assets/i18n/en.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/cdn-cgi/challenge-platform/h/b/jsd/oneshot/80a697ecdece/0.9668328224700566:1783364723:Tvlz35ymvkOFPn0zYajkCObi1GNs-2bE8clvkVwl5Xs/a1712c4cede8d370</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/80a697ecdece/main.js?</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/cdn-cgi/rum?</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyU2xpZGViZWFuJTIyJTJDJTIyeCUyMiUzQTAuNDM3NDQ2ODkxMjcwODE3MTUlMkMlMjJ3JTIyJTNBODAwJTJDJTIyaCUyMiUzQTYwMCUyQyUyMmolMjIlM0ExMDgwJTJDJTIyZSUyMiUzQTE5MjAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZhcHAuc2xpZGViZWFuLmNvbSUyRnNicCUyRjFiNDhhMjI1M2QlMkYlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/cdn-cgi/zaraz/t</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-25J7P2VZ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-2TTU3KO6.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-4GEIHSMX.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-5J7HKVRJ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-5QPNXRMP.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-6ILOI7VA.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-6SJ73W5E.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-6XWZLVBX.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-7PYNZJAA.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-7TKZTHIA.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-ABDBG5UF.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-CEDGL475.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-DAZO6FE7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-EKIYOYXO.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-FY6556YK.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-GSHK3YMC.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-GUA5E6SP.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-I6XEQJGJ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-IPIOFLQV.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-IUBZX35H.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-J4LAST3W.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-JFPZR3PZ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-KEI532AJ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-LPHLDDZD.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-MBHHHEU7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-OFFWK7JZ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-PGFMHHNG.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-POYDR2SY.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-QHU3BXFZ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-QJWHG2LY.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-SCPTAVXB.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-SCUKVIV5.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-TDLFFJP4.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-TQ5L2XEO.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-VEZZMHPV.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-VMW2MPKR.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-VNYVUKO5.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-VTOZSLDX.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-W42LINRK.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-W566D6AA.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-WIIELPHP.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-XFCWBSYG.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-YFKMY4MX.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-YFKUMYZM.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-YK5TCF3F.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-YK7NVGF3.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-YYUUY3B6.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-ZJDX4W2H.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-ZQTIRBEQ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/chunk-ZXWLFDH7.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/favicon-192.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/favicon.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/main-GNAR7GZQ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/manifest.webmanifest</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/media/fa-light-300-RGQQSHIQ.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/media/fa-regular-400-M64KPLJB.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/polyfills-6236VOIQ.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/sbp/1b48a2253d</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/sbp/1b48a2253d/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/scripts-T6DMDFTB.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/styles-LW2G5QXO.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.matomo.cloud/slidebean.matomo.cloud/container_hLa4lSOk.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.slidebean.com/fonts/atlas-grotesk/atlas-grotesk-regular.otf</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.slidebean.com/fonts/atlas-grotesk/font.css?weight=300,400,700</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.slidebean.com/fonts/biofolio/biofolio-ultimate-bold.otf</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.slidebean.com/fonts/biofolio/biofolio-ultimate-semi-bold.otf</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdn.slidebean.com/fonts/biofolio/font.css?weight=200,400,600</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Montserrat:400,700</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/montserrat/v31/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ipinfo.io/?token=0080ddba77868d</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://mail.slidebean.com/-/events/page-event</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://mail.slidebean.com/-/widgets/get</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://mail.slidebean.com/app.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect?v=2&amp;tid=G-TPMFXXQWP6&amp;gtm=45je6710v887118902za200zd887118902&amp;_p=1783367790609&amp;_gaz=1&amp;gcd=13l3lPl2l1l1&amp;npa=1&amp;dma_cps=a&amp;dma=1&amp;_eu=AAAAAGAC&amp;are=1&amp;cid=258899174.1783367791&amp;frm=0&amp;pscdl=noapi&amp;rcb=7&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;gaf=2&amp;_s=1&amp;tag_exp=115616985~115938465~115938469~118826209~119027224~119576881~119576885~119576891~119576895~119787195&amp;sid=1783367790&amp;sct=1&amp;seg=0&amp;dl=https%3A%2F%2Fapp.slidebean.com%2Fsbp%2F1b48a2253d%2F&amp;dt=Slidebean&amp;en=page_view&amp;_fv=1&amp;_nsi=1&amp;_ss=1&amp;_ee=1&amp;tfd=1423</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect?v=2&amp;tid=G-TPMFXXQWP6&amp;gtm=45je6710v887118902za200zd887118902&amp;_p=1783367790609&amp;gcd=13l3lPl2l1l1&amp;npa=1&amp;dma_cps=a&amp;dma=1&amp;_eu=AAAAAGQC&amp;are=1&amp;cid=258899174.1783367791&amp;frm=0&amp;pscdl=noapi&amp;rcb=7&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;gaf=2&amp;_s=3&amp;tag_exp=115616985~115938465~115938469~118826209~119027224~119576881~119576885~119576891~119576895~119787195&amp;dl=https%3A%2F%2Fapp.slidebean.com%2Fsbp%2F1b48a2253d&amp;sid=1783367790&amp;sct=1&amp;seg=1&amp;dt=Presentation&amp;en=page_view&amp;_ee=1&amp;_et=902&amp;tfd=3315</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.analytics.google.com/g/collect?v=2&amp;tid=G-TPMFXXQWP6&amp;gtm=45je6710v887118902za200zd887118902&amp;_p=1783367790609&amp;gcd=13l3lPl2l1l1&amp;npa=1&amp;dma_cps=a&amp;dma=1&amp;_eu=AEAAAGQC&amp;ae=a&amp;are=1&amp;cid=258899174.1783367791&amp;frm=0&amp;pscdl=noapi&amp;rcb=7&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;gaf=2&amp;_s=2&amp;tag_exp=115616985~115938465~115938469~118826209~119027224~119576881~119576885~119576891~119576895~119787195&amp;sid=1783367790&amp;sct=1&amp;seg=0&amp;dl=https%3A%2F%2Fapp.slidebean.com%2Fsbp%2F1b48a2253d%2F&amp;dt=Slidebean&amp;en=scroll&amp;epn.percent_scrolled=90&amp;_et=6&amp;tfd=2338</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://serveprocore.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://slidebean.matomo.cloud/matomo.php</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://slidebean.matomo.cloud/matomo.php?action_name=%2Fsbp%2F1b48a2253d&amp;idsite=1&amp;rec=1&amp;r=861202&amp;h=19&amp;m=56&amp;s=31&amp;url=https%3A%2F%2Fapp.slidebean.com%2Fsbp%2F1b48a2253d&amp;_id=d6acb60161d2332d&amp;_idn=1&amp;send_image=0&amp;_refts=0&amp;pv_id=eNgiYX&amp;pf_net=17&amp;pf_srv=170&amp;pf_tfr=2&amp;pf_dm1=173&amp;pf_dm2=90&amp;pf_onl=2&amp;uadata=%7B%22formFactors%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Linux%22%2C%22platformVersion%22%3A%22%22%7D&amp;pdf=1&amp;qt=0&amp;realp=0&amp;wma=0&amp;fla=0&amp;java=0&amp;ag=0&amp;cookie=1&amp;res=800x600</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://static.cloudflareinsights.com/beacon.min.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://static.cloudflareinsights.com/beacon.min.js/v4513226cdae34746b4dedf0b4dfa099e1781791509496</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://stats.g.doubleclick.net/g/collect?t=dc&amp;aip=1&amp;_r=3&amp;v=1&amp;_v=j86&amp;tid=G-TPMFXXQWP6&amp;cid=a25a822c-f2c9-4433-9685-2d6286bffb11&amp;_u=KGDAAEADQAAAAC%7E&amp;z=1109384004</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://stats.g.doubleclick.net/g/collect?t=dc&amp;aip=1&amp;_r=3&amp;v=1&amp;_v=j86&amp;tid=G-TPMFXXQWP6&amp;cid=a25a822c-f2c9-4433-9685-2d6286bffb11&amp;_u=KGDAAEADQAAAAC%7E&amp;z=135712366</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://stats.g.doubleclick.net/g/collect?v=2&amp;tid=G-TPMFXXQWP6&amp;cid=258899174.1783367791&amp;gtm=45je6710v887118902za200zd887118902&amp;rcb=7&amp;aip=1&amp;dma=1&amp;dma_cps=a&amp;gcd=13l3lPl2l1l1&amp;npa=1&amp;frm=0&amp;tag_exp=115616985~115938465~115938469~118826209~119027224~119576881~119576885~119576891~119576895~119787195</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://thewall.slidebean.com/auth/refresh-token</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://thewall.slidebean.com/graphql</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://thewall.slidebean.com/pusher/auth</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://use.typekit.net/af/28ba4b/000000000000000000015226/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&amp;fvd=n6&amp;v=3</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://use.typekit.net/af/845de0/00000000000000000001522b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&amp;fvd=i3&amp;v=3</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://use.typekit.net/af/a2df1e/00000000000000000001522a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&amp;fvd=n3&amp;v=3</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://use.typekit.net/af/dbedf7/000000000000000000015230/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&amp;fvd=i6&amp;v=3</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://use.typekit.net/fky0jiu.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.com/ads/ga-audiences?t=sr&amp;aip=1&amp;_r=4&amp;v=1&amp;_v=j86&amp;tid=G-TPMFXXQWP6&amp;cid=a25a822c-f2c9-4433-9685-2d6286bffb11&amp;_u=KGDAAEADQAAAAC%7E&amp;z=1109384004&amp;slf_rd=1</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.google.de/ads/ga-audiences?v=1&amp;t=sr&amp;slf_rd=1&amp;_r=4&amp;tid=G-TPMFXXQWP6&amp;cid=258899174.1783367791&amp;gtm=45je6710v887118902za200zd887118902&amp;rcb=7&amp;aip=1&amp;dma=1&amp;dma_cps=a&amp;gcd=13l3lPl2l1l1&amp;npa=1&amp;frm=0&amp;tag_exp=115616985~115938465~115938469~118826209~119027224~119576881~119576885~119576891~119576895~119787195&amp;z=82118761</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-TPMFXXQWP6</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://app.slidebean.com/sbp/1b48a2253d&amp;_id=d6acb60161d2332d&amp;_idn=1&amp;send_image=0&amp;_refts=0&amp;pv_id=eNgiYX&amp;pf_net=17&amp;pf_srv=170&amp;pf_tfr=2&amp;pf_dm1=173&amp;pf_dm2=90&amp;pf_onl=2&amp;uadata</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://app.slidebean.com/sbp/1b48a2253d&amp;sid=1783367790&amp;sct=1&amp;seg=1&amp;dt=Presentation&amp;en=page_view&amp;_ee=1&amp;_et=902&amp;tfd=3315</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://app.slidebean.com/sbp/1b48a2253d/&amp;dt=Slidebean&amp;en=page_view&amp;_fv=1&amp;_nsi=1&amp;_ss=1&amp;_ee=1&amp;tfd=1423</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://app.slidebean.com/sbp/1b48a2253d/&amp;dt=Slidebean&amp;en=scroll&amp;epn.percent_scrolled=90&amp;_et=6&amp;tfd=2338</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://cdn.slidebean.com/fonts/atlas-grotesk/font.css?weight=300,400,700</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cdn.slidebean.com/fonts/biofolio/font.css?weight=200,400,600</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://static.cloudflareinsights.com/beacon.min.js</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://app.slidebean.com/sbp/1b48a2253d/</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>app.slidebean.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.matomo.cloud</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.mxpnl.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.slidebean.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>ipinfo.io</url>
              <origin>URL_RENDER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>mail.slidebean.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>region1.analytics.google.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>serveprocore.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>slidebean.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>slidebean.matomo.cloud</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>static.cloudflareinsights.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>stats.g.doubleclick.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>thewall.slidebean.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>use.typekit.net</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>www.google.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.google.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdn.slidebean.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>static.cloudflareinsights.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.16.79.73</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.26.2.193</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>104.26.3.193</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>13.226.244.13</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>13.226.244.24</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>13.226.244.31</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>13.226.244.83</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>130.211.5.208</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.154</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.155</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.156</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.127.157</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.153.119</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.67.72.28</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>18.157.122.248</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>18.195.235.189</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>18.205.142.17</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>184.24.77.144</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>184.24.77.152</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>184.24.77.156</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>192.178.183.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>192.178.183.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2001:4860:4802:32::36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2001:4860:4802:34::36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.32.36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.34.36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2600:9000:2013:1000:17:ac82:1a80:93a1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2600:9000:2013:1a00:17:ac82:1a80:93a1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2600:9000:2013:5000:17:ac82:1a80:93a1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2600:9000:2013:5a00:17:ac82:1a80:93a1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2600:9000:2013:7200:17:ac82:1a80:93a1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2600:9000:2013:8200:17:ac82:1a80:93a1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2600:9000:2013:b200:17:ac82:1a80:93a1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2600:9000:2013:f800:17:ac82:1a80:93a1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2606:4700:20::681a:2c1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2606:4700:20::681a:3c1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2606:4700:20::ac43:481c</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2a00:1450:4001:c1f::5e</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2a00:1450:4001:c21::9a</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2a00:1450:4001:c21::9b</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2a00:1450:4001:c21::9c</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2a00:1450:4001:c21::9d</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2a00:1450:4001:c25::5e</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2a00:1450:4001:c25::5f</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2a02:26f0:480:f::213:7ec6</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>2a02:26f0:480:f::213:7ee1</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>3.126.133.169</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>3.136.207.21</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>3.213.81.240</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>3.23.106.204</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>3.23.199.68</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>34.117.59.81</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>65.8.131.118</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>13.226.244.83</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>104.16.80.73</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>0b4813fa496fa6d0fef7727418c8fe529b89ac2b910aac6e1e59b24130db9447</SHA-256>
              <SHA-1>4bef2d68d3d439f48893a844f69a691e54a3ff56</SHA-1>
              <MD5>9d7aca66a56e4f347cd1fc850234ea75</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>6386980a363b6eb8b5bacb06b4c19a42a53f8606b849dcbc492faaac474650e3</SHA-256>
              <SHA-1>56020171e0f0c4e6a119fa9bc1b45be998d0d6a3</SHA-1>
              <MD5>5801bffdb03438c95be1940ee08987e2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e1ac4849b9d4a498b68f8aca01e6ed99a11d94b35a2cec533b3916b8fb722fd6</SHA-256>
              <SHA-1>d3a523004a99e2bb3b7a6d18163c8eac64cc3ee9</SHA-1>
              <MD5>1de0a6b10518fdda25d674e0044c9a1a</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>hxxps://app.slidebean.com/sbp/1b48a2253d/</name>
        <report_id>39eb7005-0d87-49ca-a181-48dbd2a03b38</report_id>
        <tags>
          <value>html</value>
          <value>javascript</value>
          <value>txt</value>
          <value>fingerprint</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>7544eaa425d6f1e6aeb2e7a6761da54d699ddc10d5ce56ea7b7335a76de67532</id>
    <title>Analysis Report for 7544eaa425d6f1e6aeb2e7a6761da54d699ddc10d5ce56ea7b7335a76de67532</title>
    <updated>2026-07-06T19:56:14Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c089374fb2f5922b6c41c</_id>
        <file_type>application/vnd.openxmlformats-officedocument.wordprocessingml.document</file_type>
        <flow_id>6a4c085b327f9453dea7d181</flow_id>
        <hash>7544eaa425d6f1e6aeb2e7a6761da54d699ddc10d5ce56ea7b7335a76de67532</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>67928445a11344ec4c030d08878c71a0a159d9a81aa8b6faf4971d0afc4e34b1</SHA-256>
              <SHA-1>5b7337e549a6b7aa7a71373fdda4bffa9020752e</SHA-1>
              <MD5>a3c8474475c79898b6623f9ca567c51b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>96367138dc44ce09bf2c8f0f8e49348a1478d2c5c0af69bbc2bbc38b63cdcead</SHA-256>
              <SHA-1>8c0783443eb2c940a65b84ad0ca38d2f4014952a</SHA-1>
              <MD5>90fd87cbb448593802403de5b92f8006</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/jpeg</file_type>
            </value>
          </files>
          <revision_ids>
            <value>
              <revision_id>00034616</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <revision_id>0006063C</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <revision_id>0015074B</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <revision_id>0029639D</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <revision_id>00B47730</revision_id>
              <origin>INPUT_FILE</origin>
            </value>
          </revision_ids>
        </iocs>
        <name>_BRONEX_la_naissance_des_constellations_imaginée_par_Stendhal_versት+.dotx</name>
        <report_id>15b51890-4aae-4508-a48f-bf50a897c0f6</report_id>
        <tags>
          <value>docx</value>
          <value>masquerade</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b1a4882c8186e9f5138fa71908aba71a9a5100623d646bfead3d7eb9219992c6</id>
    <title>Analysis Report for b1a4882c8186e9f5138fa71908aba71a9a5100623d646bfead3d7eb9219992c6</title>
    <updated>2026-07-06T19:55:50Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c086474fb2f5922b6c40b</_id>
        <file_type>application/x-ms-shortcut</file_type>
        <flow_id>6a4c08439a95790273308f53</flow_id>
        <hash>b1a4882c8186e9f5138fa71908aba71a9a5100623d646bfead3d7eb9219992c6</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.dropbox.com/scl/fi/4owe7mxfkk42dmwh7nmwm/P_1783322240_1198.a3x?rlkey=vymehzqbc26nk577cr1cqxgkk</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/ea0yxd3f803ou59wpiob2/a_1783322240_1198.exe?rlkey=5b126k99nwayfr83v0djdcwk2</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/eu8d6l0a3mdi0jhhwfjb8/Pivlex_CRM_API_Documentation.pdf?rlkey=aitw0bel7dmsxnuevqsm3zndo</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/4owe7mxfkk42dmwh7nmwm/P_1783322240_1198.a3x?rlkey=vymehzqbc26nk577cr1cqxgkk&amp;dl=1</url>
              <origin>INTERNAL</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/ea0yxd3f803ou59wpiob2/a_1783322240_1198.exe?rlkey=5b126k99nwayfr83v0djdcwk2&amp;dl=1</url>
              <origin>INTERNAL</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/eu8d6l0a3mdi0jhhwfjb8/Pivlex_CRM_API_Documentation.pdf?rlkey=aitw0bel7dmsxnuevqsm3zndo&amp;dl=1</url>
              <origin>INTERNAL</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/4owe7mxfkk42dmwh7nmwm/P_1783322240_1198.a3x?rlkey=vymehzqbc26nk577cr1cqxgkk</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/ea0yxd3f803ou59wpiob2/a_1783322240_1198.exe?rlkey=5b126k99nwayfr83v0djdcwk2</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/eu8d6l0a3mdi0jhhwfjb8/Pivlex_CRM_API_Documentation.pdf?rlkey=aitw0bel7dmsxnuevqsm3zndo</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/4owe7mxfkk42dmwh7nmwm/P_1783322240_1198.a3x?rlkey=vymehzqbc26nk577cr1cqxgkk</url>
              <origin>LNK_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/ea0yxd3f803ou59wpiob2/a_1783322240_1198.exe?rlkey=5b126k99nwayfr83v0djdcwk2</url>
              <origin>LNK_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/eu8d6l0a3mdi0jhhwfjb8/Pivlex_CRM_API_Documentation.pdf?rlkey=aitw0bel7dmsxnuevqsm3zndo</url>
              <origin>LNK_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>dropbox.com</url>
              <origin>INTERNAL</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>dropbox.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>dropbox.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>dropbox.com</url>
              <origin>LNK_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>162.125.248.18</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>dcb382618a5727b17812cc20a6c77994a4632794869e4f645509ee3a8553b9e1</SHA-256>
              <SHA-1>d3f5e72b55feda5c0abcfe86ccbf3fb9686e7c72</SHA-1>
              <MD5>6898fb38e89ba28dcb696b4c5a7d87d2</MD5>
              <origin>LNK_PARSE</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>f23c9f1b3a9c493577b34fcc62b628db41ae0f643274410c5bce51fffca9cf55</SHA-256>
              <SHA-1>7a8bce268769dee7f05161cfa680880cdaad121b</SHA-1>
              <MD5>c5adeaaedd0852b9d80697c87f7d6b5e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>c76682ba13011a11e0dc9fef24aa6d2145206e0f154901e214b69e6a2a10ddb6</SHA-256>
              <SHA-1>bf487985c16189a58a379401655652e04e8b4954</SHA-1>
              <MD5>f701f4f380c2716c0f9d9c9858e66bae</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>d2e67242daea33f65140e2d14bb7c40c9b8068c630c8af3cfe5870973a9791fa</SHA-256>
              <SHA-1>af0160934c6b8fb0bf8bbc381968a3564d1e5192</SHA-1>
              <MD5>d98276663efe7786ac02906a5eef214b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>58b25a62992dbc5ca2e503e10fc58d34ab8c00974f2c2e7c76f849a19f1cd1de</SHA-256>
              <SHA-1>7b2484d69dd1cfe70f35a37bbe034262dce32382</SHA-1>
              <MD5>cdf41fc3d4ac6e9b39e4b9c61a8a524c</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>cd563db8f71994dd3c7e0b29c45b97141ef316fef6a4e28253ddc2f195139b54</SHA-256>
              <SHA-1>75d3e51cb5936565501e4bf68b8f644c03a09fe6</SHA-1>
              <MD5>29d2b141dc6e58a5640d85c22b2194fb</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>4f1e7f2eefa7a41365741ac2dff14ecd9ac4601c2335f86217f1818281dec756</SHA-256>
              <SHA-1>b72d042b27ad5f1543ecf1df826ad12a88daa4b1</SHA-1>
              <MD5>bd6e46ce7e5ed47cc12973dda0487ea0</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>00021401-0000-0000-C000-000000000046</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>Pivlex_CRM_API_Documentation.pdf.lnk</name>
        <report_id>921afaf5-78de-4e89-bf42-d44dda326c08</report_id>
        <tags>
          <value>lnk</value>
          <value>html</value>
          <value>xml</value>
          <value>conhost</value>
          <value>masquerade</value>
          <value>evasive</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>4bd2f62bda908207429e5aa5675096b886d9841271a4e0750f5b1aba68082ae3</id>
    <title>Analysis Report for 4bd2f62bda908207429e5aa5675096b886d9841271a4e0750f5b1aba68082ae3</title>
    <updated>2026-07-06T19:55:50Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c087474fb2f5922b6c410</_id>
        <file_type>application/x-ms-shortcut</file_type>
        <flow_id>6a4c08439a95790273308f53</flow_id>
        <hash>4bd2f62bda908207429e5aa5675096b886d9841271a4e0750f5b1aba68082ae3</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.dropbox.com/scl/fi/4owe7mxfkk42dmwh7nmwm/P_1783322240_1198.a3x?rlkey=vymehzqbc26nk577cr1cqxgkk</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/cl83jfjisid1h43leegjn/Pivlex_CRM_API_Credentials.pdf?rlkey=6rxeqs4qly14koof9ol8la22e</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/ea0yxd3f803ou59wpiob2/a_1783322240_1198.exe?rlkey=5b126k99nwayfr83v0djdcwk2</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/4owe7mxfkk42dmwh7nmwm/P_1783322240_1198.a3x?rlkey=vymehzqbc26nk577cr1cqxgkk</url>
              <origin>LNK_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/cl83jfjisid1h43leegjn/Pivlex_CRM_API_Credentials.pdf?rlkey=6rxeqs4qly14koof9ol8la22e</url>
              <origin>LNK_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/ea0yxd3f803ou59wpiob2/a_1783322240_1198.exe?rlkey=5b126k99nwayfr83v0djdcwk2</url>
              <origin>LNK_PARSE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/4owe7mxfkk42dmwh7nmwm/P_1783322240_1198.a3x?rlkey=vymehzqbc26nk577cr1cqxgkk</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/cl83jfjisid1h43leegjn/Pivlex_CRM_API_Credentials.pdf?rlkey=6rxeqs4qly14koof9ol8la22e</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/ea0yxd3f803ou59wpiob2/a_1783322240_1198.exe?rlkey=5b126k99nwayfr83v0djdcwk2</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/4owe7mxfkk42dmwh7nmwm/P_1783322240_1198.a3x?rlkey=vymehzqbc26nk577cr1cqxgkk&amp;dl=1</url>
              <origin>INTERNAL</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/cl83jfjisid1h43leegjn/Pivlex_CRM_API_Credentials.pdf?rlkey=6rxeqs4qly14koof9ol8la22e&amp;dl=1</url>
              <origin>INTERNAL</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.dropbox.com/scl/fi/ea0yxd3f803ou59wpiob2/a_1783322240_1198.exe?rlkey=5b126k99nwayfr83v0djdcwk2&amp;dl=1</url>
              <origin>INTERNAL</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>dropbox.com</url>
              <origin>LNK_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>dropbox.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>dropbox.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>dropbox.com</url>
              <origin>INTERNAL</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>162.125.248.18</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>ac53d563b34a037b8690b59a37b08f051aa33fae5f1339a55f5ac171c910845c</SHA-256>
              <SHA-1>ed03324fb4acdf2328c77ae4be7d3ed44d1e9ad0</SHA-1>
              <MD5>21b8b87b5873f40975be24249a535e07</MD5>
              <origin>LNK_PARSE</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>45e7b1d69a14e07e056e41eece12c487f24335739e1e20b70c1e2ad76ab64e7a</SHA-256>
              <SHA-1>b234ac28df0751f36fa3b27fed93dcba566aaef0</SHA-1>
              <MD5>69b12bca9da09be280eab8685aa2be7f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>f5b3ddea07b705a156200793981a3cc78b9f5e80641425438d375aa46377bec1</SHA-256>
              <SHA-1>d5cee1f15920742f2ec731bba73a9fd8f994da1f</SHA-1>
              <MD5>e003e378bad5b9a6c1dc26a308283b0d</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>0054773c73820cf1b7418bbd97edfc84bc29ebad028581e2d39f4813b8ade60e</SHA-256>
              <SHA-1>4c150e4d0e8a3d39c4b230843758c34b5cbed638</SHA-1>
              <MD5>73d6431ee06598516907bb2944ed8f6d</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>958443a347da0f90cac26780eaef330a727669f3004cd0e2047024d8bb86c6ad</SHA-256>
              <SHA-1>0760b2e80af134f4a7e981cad3e5a256567e4f11</SHA-1>
              <MD5>06e158168dd34640352b6e967d7b7437</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>f21f183c4fdb0d8988e36dafd5e4643b1e4e23a3e12a44fec67c40144a6ad2ac</SHA-256>
              <SHA-1>e304d38e15eecd51542d5619b961ffa168f7e2b4</SHA-1>
              <MD5>41a809285d2037610a219d18d16acfc3</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>f223208d41708ea54ab40cc5364fc65779f9366819e4ee226a3d6043e588a625</SHA-256>
              <SHA-1>e1281a47e6e59f25a3a420781eb8fa59c7410b27</SHA-1>
              <MD5>a28cb46332254c28c10cf1b37ce7ab18</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>00021401-0000-0000-C000-000000000046</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>Pivlex_CRM_API_Credentials.pdf.lnk</name>
        <report_id>7365a701-840c-448e-b81d-d1fa00a99a17</report_id>
        <tags>
          <value>lnk</value>
          <value>html</value>
          <value>xml</value>
          <value>conhost</value>
          <value>masquerade</value>
          <value>evasive</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>edee8e8895ab22005b7281949f65079e72d8391a99c40d772bf94eb3a3c9688c</id>
    <title>Analysis Report for edee8e8895ab22005b7281949f65079e72d8391a99c40d772bf94eb3a3c9688c</title>
    <updated>2026-07-06T19:55:07Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c082474fb2f5922b6c3f5</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c0819ddf007573116443b</flow_id>
        <hash>edee8e8895ab22005b7281949f65079e72d8391a99c40d772bf94eb3a3c9688c</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>4fc784db7849eb961ba097b8c06e1f9c848c135ae058556d06dd772590361630</SHA-256>
              <SHA-1>55d4e72a4c2ce87cd3dad77a4d5ed31a37b3f98d</SHA-1>
              <MD5>c1399bb796be6e3f0b8cca2fe1018b71</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>61c97f3ebb21bded2ed50fd0490fbb50eefbeb92e78b1eb15695675d03f3165e</SHA-256>
              <SHA-1>272afbc01ea9cbadcf3c0d9cc24de712e8136340</SHA-1>
              <MD5>72f267e776e912f3357a9e86eb467fff</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>Chrome.exe</name>
        <report_id>1c8ac42f-1123-439f-9ec6-1f755324e6e1</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>cmd</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>6cb6a1933cac6f163939d71155efdb7df907c48559f45aa59a73642d119dbddf</id>
    <title>Analysis Report for 6cb6a1933cac6f163939d71155efdb7df907c48559f45aa59a73642d119dbddf</title>
    <updated>2026-07-06T19:54:33Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c084974fb2f5922b6c400</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c07f6327f9453dea7d15f</flow_id>
        <hash>6cb6a1933cac6f163939d71155efdb7df907c48559f45aa59a73642d119dbddf</hash>
        <iocs>
          <urls>
            <value>
              <url>https://bun.com/docs/project/licensing</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>bun.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.26.9.103</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>1063ad7046f157523cf8df2f3dec18c1237c7d92ac0ac2363569f1826d1b6c18</SHA-256>
              <SHA-1>78dd654b562d417d48c158f13ffe86bdc081b580</SHA-1>
              <MD5>b3c47bec4c05a1faa1ba8f3ff158d545</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>24cb29b7b359b31755b6b67286db4f4c20c2ae12371f6009cce3d0cc656886fb</SHA-256>
              <SHA-1>7cfc690fee069c07e0d6507c67294b28872f3255</SHA-1>
              <MD5>1f798810afb3008df3a4914d15fe5356</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>28aff0cc8760fe2123d1c98baebb4694c32cb54d6535835ba1c2168a0b72f174</SHA-256>
              <SHA-1>9cfb6a093f57aceccc9548432d2396e234359284</SHA-1>
              <MD5>855c8ed01f2a49206b3d49ad8a7340da</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>567756169fc0a523a1baad76083102d0fa3f5ea4488db9c4ef20dc6a003e0bda</SHA-256>
              <SHA-1>1a1929cfda144bd350b455173724b8b0571ce78a</SHA-1>
              <MD5>99b038d813828a76a5539ba99cfd0b6e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>64199fe615ecc9872f0c79a5fe85f7d9f90ee0a5e705589c5e4d6be4dd7cd3ea</SHA-256>
              <SHA-1>20eaa6e44db2f3d4b944cddf205ce67294bcca8d</SHA-1>
              <MD5>bce1690308a73cb6391e923b0cd28fc7</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload; format=pe64</file_type>
            </value>
            <value>
              <SHA-256>72097c9cc802a1340f356d73513419703c0ec0a0b859fd8c67cf785d3a94e5b5</SHA-256>
              <SHA-1>4ed194419deda280bb0ae64f9fe0508d81d28393</SHA-1>
              <MD5>f879d2fe0884351750983a136d6a09cf</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>7932e1faf5c837ae56e1c461a0da151a87ca3eaa126cd21b60014a8711d4767c</SHA-256>
              <SHA-1>1b6a9815fd1850c31318ed9a71ebcfef81d79e9e</SHA-1>
              <MD5>4ff3ba50db9bb15c647a0ed0b7ab6e13</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>96457c1bfbd1eebdea5105835acd1b639e2b2b1018befe8545a81b27a795f98e</SHA-256>
              <SHA-1>1c15995d29cc93af8d3fb3e62e5159e79a31bf62</SHA-1>
              <MD5>cbc15da914e01f63cd818717bf3b1b06</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <SHA-256>c4c7969f75b3e1f78fae7e5b7d8f276b9fb5ad50a6ce9b80014818357224b876</SHA-256>
              <SHA-1>ba60811370c6529e7daf5fe1a28280bc1e8900e5</SHA-1>
              <MD5>6c493adbaf26f027e1d72e3cbb09f61f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>c7332aeff27e4d983baa7dfc2d8ee82aa68c33b824220184b5d58a1142902ed0</SHA-256>
              <SHA-1>c9840ceff5a1d97736dbee5289985eb085460a30</SHA-1>
              <MD5>eb695ee577437c8a937aa7f2b52f29e7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>x5a7d642:$btc: 1TD7Cn1TsNsYqiA94xrcx36m9</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x5a8fb2b:$btc: 12TyUb7mqqta6THuBrxzvxNiC</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x5aa52c6:$btc: 1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQ</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>SupermarketChaos_Trainer.exe</name>
        <report_id>f1b7a8b1-2b98-410a-8390-81256f7909c9</report_id>
        <tags>
          <value>peexe</value>
          <value>html</value>
          <value>packed</value>
          <value>overlay</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>obfuscated</value>
          <value>rust</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b94f04ed23e299dcabcddbf467dfe029f839bda0d5250f7c983d1ade04aa23d3</id>
    <title>Analysis Report for b94f04ed23e299dcabcddbf467dfe029f839bda0d5250f7c983d1ade04aa23d3</title>
    <updated>2026-07-06T19:53:34Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c07d374fb2f5922b6c3dd</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c07bbdef7044af0b844d2</flow_id>
        <hash>b94f04ed23e299dcabcddbf467dfe029f839bda0d5250f7c983d1ade04aa23d3</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.microsoft.com/SMI/2016/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>39f7e0c509e6200dbc671c72c4992a07b768dc62cb6b0bcf500515e14061d27a</SHA-256>
              <SHA-1>77530d15f5462d467d7c6ee5a13f6af174750d32</SHA-1>
              <MD5>0091100369672668b7bfcfedc76d25e4</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/zlib</file_type>
            </value>
            <value>
              <SHA-256>4c8e57a7d8aa690c52cd738825c21f2ba29f019af20947dd9fc98c32096e197e</SHA-256>
              <SHA-1>3ed349dbfc032e641dd6809d6d4f3a983ce325b5</SHA-1>
              <MD5>9c1078ab7dd9207f80e8b3838f137a2b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>72c3f0059b152745c8e188f1e9bda908a37bc5b5c88ecc18b1b71412512113e7</SHA-256>
              <SHA-1>8301ae85cf6cb139e08e9ed52ada97747097efb9</SHA-1>
              <MD5>983059ddd9a14c049d31d5e6084f7ad0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>9c049c46b39b09903724c067a1354a76d59421570f2b53f08aa4db2e26e43b38</SHA-256>
              <SHA-1>69e17d1a0cf2923086ed210b4f81c910865157a7</SHA-1>
              <MD5>e7b988371d9661a21a28a108f2e0eae3</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <SHA-256>a4d27205ec43d56c42459d4c82dc2f270dd7d9970b02aa09c6b728e45b456e43</SHA-256>
              <SHA-1>87240605c2eb4720246a62d8a6c1c029ddf05abe</SHA-1>
              <MD5>8312f1cff88981ee05eadb66f8aef7ed</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>a80a7a06f7f5f5837736aa5af2c93f80ed4cd3c726d22d4cbc7a1975e833b532</SHA-256>
              <SHA-1>799c3e89d3fd37f980b404cf3bdccb874eac845b</SHA-1>
              <MD5>5c84199ac4df04f115cc80a4ab9e5a86</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>abf8f2022f12f350789d961aceaf9ccfd53e7ec58d8c9934cfce77779b4eac11</SHA-256>
              <SHA-1>5f8991f3e065fd95614859a293f88b9c70e4bb23</SHA-1>
              <MD5>84da8dee6b319ea0b10b6de5489c6aae</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>b5d550678bbe2982b6fa9eeb5916e8f1e924ed989e3aa71aeb1eff1ff0172123</SHA-256>
              <SHA-1>52b141aa77e4b5f8704d352492ccd6ad555aa7ea</SHA-1>
              <MD5>8d402ffe9c5f69f0968a3c9af1b1e380</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>35138b9a-5d96-4fbd-8e2d-a2440225f93a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>e2011457-1546-43c5-a5fe-008deee3d3f0</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>default.dat.exe</name>
        <report_id>4808c276-8d7a-4668-beee-47dccf5cc65e</report_id>
        <tags>
          <value>peexe</value>
          <value>packed</value>
          <value>overlay</value>
          <value>anti-debug</value>
          <value>masquerade</value>
          <value>expand</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>pyinstaller</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>4ace53d02abd7ede7378861bb67851985bc68b13fda52404aec67f3523d68f33</id>
    <title>Analysis Report for 4ace53d02abd7ede7378861bb67851985bc68b13fda52404aec67f3523d68f33</title>
    <updated>2026-07-06T19:52:36Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c07c574fb2f5922b6c3d7</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c0783ddf0075731164347</flow_id>
        <hash>4ace53d02abd7ede7378861bb67851985bc68b13fda52404aec67f3523d68f33</hash>
        <iocs>
          <urls>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.zupimages.net/up/26/19/frxu.png</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.zupimages.net/up/26/19/frxu.png</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>file:///tmp/tmpg1876srj.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>EMAIL_BODY</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>EMAIL_BODY</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.zupimages.net/up/26/19/frxu.png</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zupimages.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zupimages.net</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zupimages.net</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>188.114.96.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>108.138.24.107</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>3e232b00cd3915c3aceb9e00d5cdb582b6229a7e9f29b9899e40fed4f4b6c62f</SHA-256>
              <SHA-1>38e806d049cfede03e3af9babfbd1c16fac2f6ca</SHA-1>
              <MD5>d3b7a7f8fb7665b4d9541f158b06756f</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/html</file_type>
            </value>
            <value>
              <SHA-256>e54bfc2e5dd46160082f52b5d30e4ae027864a17163453c0962a9fbe4e117380</SHA-256>
              <SHA-1>964e5d0274a23ef18b1cc41ee98fa2e07844f12b</SHA-1>
              <MD5>ab2b2eb6cecddc3879683ff40bdc1a88</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>c70d2409bb6edd811ceb9b7973c7c69c8ffcc5576cdc354b059f6e7583264b95</SHA-256>
              <SHA-1>1bc39333b9ac249ac8b164d4bafd20687ca9cede</SHA-1>
              <MD5>dca852450bffc306d95a145b81ac9040</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>3856b68c-bee7-4091-ad22-21717994dd10</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>html</value>
          <value>obfuscated</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>620faaaeba823f6f6cb9ec675e71e505632f7e69f90b358f0f6f3ab59df0dc58</id>
    <title>Analysis Report for 620faaaeba823f6f6cb9ec675e71e505632f7e69f90b358f0f6f3ab59df0dc58</title>
    <updated>2026-07-06T19:52:28Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c07a774fb2f5922b6c3d1</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c077956def43ee480d39b</flow_id>
        <hash>620faaaeba823f6f6cb9ec675e71e505632f7e69f90b358f0f6f3ab59df0dc58</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e</SHA-256>
              <SHA-1>bac45b86a9c48fc3756a46809c101570d349737d</SHA-1>
              <MD5>24d3b502e1846356b0263f945ddd5529</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>text/xml</file_type>
            </value>
            <value>
              <SHA-256>9d6c91fa1797e47f0d0efcdf2ae9ce42a610499dfea789c3438a612a9298b6c0</SHA-256>
              <SHA-1>f233badea539c64f091272f2b75ff766187b55cb</SHA-1>
              <MD5>d4afafabbd8a809cc4bb13b6c54aaf36</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>x6bf5b0:$btc: 1QDynamicPropertyChangeEven</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x6bf8c2:$btc: 1QAbstractTransitionPrivat</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x6eee0e:$btc: 1QAbstractTextDocumentLayou</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x6ef855:$btc: 1QGraphicsDropShadowEffec</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x6efb2f:$btc: 1QGraphicsSceneContextMenuEven</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x6efb59:$btc: 1QGraphicsSceneDragDropEven</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <btc_wallet>x6efc2d:$btc: 1QGraphicsSceneResizeEven</btc_wallet>
              <origin>INPUT_FILE</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>QtGui4.dll</name>
        <report_id>c53d45fa-f5ae-4dc0-a13a-7fa05d68db40</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>crypto</value>
          <value>fingerprint</value>
          <value>reconnaissance</value>
          <value>microsoft_visual_cc</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>evasive</value>
          <value>keylogger</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c45d98ff74ce79277bcb8e298115511b618e0b94bff33dddec56a440afae59b0</id>
    <title>Analysis Report for c45d98ff74ce79277bcb8e298115511b618e0b94bff33dddec56a440afae59b0</title>
    <updated>2026-07-06T19:51:40Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c07530bc678ad76e5c5c2</_id>
        <file_type>application/x-sharedlib</file_type>
        <flow_id>6a4c074a5a5245447d9c2810</flow_id>
        <hash>c45d98ff74ce79277bcb8e298115511b618e0b94bff33dddec56a440afae59b0</hash>
        <iocs>
          <urls>
            <value>
              <url>http://upx.sf.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>upx.sf.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.18.20.237</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.20.237</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>7bc487f1d2f7a6551013c97d313e7822</MD5>
              <SHA-1>6d15e2b427b86c03b77fb764e1fd9d026187bd27</SHA-1>
              <SHA-256>4e489741eed3dd1b423c13ba9992adeaac883e221c8faed8245a9b075a8c59ea</SHA-256>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>dg.mips.elf</name>
        <report_id>1f5563cf-b98d-46f7-bc33-589a1a14c9c2</report_id>
        <tags>
          <value>elf</value>
          <value>html</value>
          <value>elf-shared</value>
          <value>masquerade</value>
          <value>packed</value>
          <value>upx</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>72cdf2c971f2a498a7bc1ea88e248945e8adf6e946273db0c5a533e8f0c0eae9</id>
    <title>Analysis Report for 72cdf2c971f2a498a7bc1ea88e248945e8adf6e946273db0c5a533e8f0c0eae9</title>
    <updated>2026-07-06T19:51:39Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c076cff2e0900e305aa93</_id>
        <file_type>application/x-sharedlib</file_type>
        <flow_id>6a4c0749ddf00757311642e3</flow_id>
        <hash>72cdf2c971f2a498a7bc1ea88e248945e8adf6e946273db0c5a533e8f0c0eae9</hash>
        <iocs>
          <urls>
            <value>
              <url>http://94.154.43.158/ghost.sh;</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>239.255.255.250</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>94.154.43.158</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>dc7d718a36e172026fa190f64424bc2eacf615d589f9fc2ff85e19e4c14cd55d</SHA-256>
              <SHA-1>82888a4092f9ea9e2eb6a5090fa1ce2488d5bcd3</SHA-1>
              <MD5>9d4d04c9038cacd7f400c3d4b72567ae</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>1e9729784561a4471567abe73d1b26c6</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>m68k.ghost.elf</name>
        <report_id>aac6182d-0d00-4492-ad4d-2f6c27b812b6</report_id>
        <tags>
          <value>elf</value>
          <value>elf-shared</value>
          <value>gcc</value>
          <value>base64</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e065ef98932486261dd7fcb412521e987b0884b1e9feddf25daae2ad7a52420c</id>
    <title>Analysis Report for e065ef98932486261dd7fcb412521e987b0884b1e9feddf25daae2ad7a52420c</title>
    <updated>2026-07-06T19:50:44Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c073774fb2f5922b6c3ba</_id>
        <file_type>application/x-sharedlib</file_type>
        <flow_id>6a4c0712ddf007573116427e</flow_id>
        <hash>e065ef98932486261dd7fcb412521e987b0884b1e9feddf25daae2ad7a52420c</hash>
        <iocs>
          <urls>
            <value>
              <url>http://94.154.43.158/ghost.sh;</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>239.255.255.250</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>94.154.43.158</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>7a20e20f78f46618ba8af4e2ac9dc75762ceaca7ec6d0811c5575a629a333f19</SHA-256>
              <SHA-1>8d0142f4fb9701eb74f9078bb92c724bfbe4f5fa</SHA-1>
              <MD5>099a72e03eba5f9b0372851c1d9db455</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>i686.ghost.elf</name>
        <report_id>0bdae551-3ead-4eb8-a8e1-10bb92c8dc30</report_id>
        <tags>
          <value>elf</value>
          <value>elf-shared</value>
          <value>gcc</value>
          <value>rust</value>
          <value>base64</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>1e769314a16cf9df2fc1d6c6507f41ddc2e8b37827c04eafb72b253fc73746ef</id>
    <title>Analysis Report for 1e769314a16cf9df2fc1d6c6507f41ddc2e8b37827c04eafb72b253fc73746ef</title>
    <updated>2026-07-06T19:49:16Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c070a74fb2f5922b6c3b0</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4c06baddf00757311641cb</flow_id>
        <hash>1e769314a16cf9df2fc1d6c6507f41ddc2e8b37827c04eafb72b253fc73746ef</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.cesaschools.org/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.cesaschools.org/&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>http://gmpg.org/xfn/11</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.1.4/swiper-bundle.css?ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.1.4/swiper-bundle.min.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://cesa.mcjobboard.net/jobs</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Sorts+Mill+Goudy:ital@0;1&amp;family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&amp;display=swap</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Roboto:700,500,400&amp;subset=latin&amp;display=swap&amp;ver=4.7.16</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Sorts+Mill+Goudy:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7CMontserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&amp;display=swap&amp;ver=7.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://form.jotform.com/240957484877173</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://kit.fontawesome.com/ba977f76c8.js</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://s.w.org/images/core/emoji/17.0.2/72x72/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://s.w.org/images/core/emoji/17.0.2/svg/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://sailboaterists.net//host/jquery.js?v=7</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.cesaschools.org/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/comments/feed/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/events/?ical=1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/feed/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/events-calendar-pro/build/css/tribe-events-pro-mini-calendar-block.css?ver=7.7.16</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/assets/css/blocks.style.css?ver=2.2.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/assets/js/frontend.blocks.js?ver=2.2.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/vendors/fontawesome-free/css/all.min.css?ver=5.5.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/vendors/mp-fancybox/jquery.fancybox.min.css?ver=3.5.7-mp.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/vendors/slick/slick/slick-theme.min.css?ver=1.9.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/vendors/slick/slick/slick.min.css?ver=1.9.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/memberclicks-professional-authentication/public/css/memberclicks-professional-authentication-public.css?ver=1.0.2</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/nsm-stories-plugin-master/public/css/nsm-stories-plugin-public.css?ver=1.0.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/nsm-stories-plugin-master/public/js/nsm-stories-plugin-public.js?ver=1.0.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/nsm-team-member-directory-plugin-master/public/css/nsm-team-member-directory-public.css?ver=1.0.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/nsm-team-member-directory-plugin-master/public/js/nsm-team-member-directory-public.js?ver=1.0.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_block_carousel.js?ver=3.19.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_block_count_up.js?ver=3.19.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_block_video_popup.js?ver=3.19.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_blocks.css?ver=3.19.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_blocks__premium_only.css?ver=3.19.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_blocks_responsive.css?ver=3.19.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_effects__premium_only.js?ver=3.19.9</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/the-events-calendar/common/build/js/user-agent.js?ver=da75d0bdea6dde3898df</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/the-plus-addons-for-block-editor/assets/css/extra/fontawesome.min.css?ver=4.7.16</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.min.js?ver=4.2.0</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/favicon/apple-touch-icon.png</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/favicon/favicon-96x96.png</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/favicon/favicon.ico</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/favicon/favicon.svg</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/favicon/site.webmanifest</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/js/all.js?ver=1.0.3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/style.css?ver=1.0.3</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/uploads/font-awesome/v6.7.2/css/svg-with-js.css</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/uploads/theplus_gutenberg/plus-global.css?ver=1783367363</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-includes/js/jquery/jquery.min.js?ver=3.7.1</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-json/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-json/oembed/1.0/embed</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cesaschools.org%2F</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cesaschools.org%2F&amp;format=xml</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-json/wp/v2/pages/2934</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/xmlrpc.php?rsd</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.tasselmarketing.com/</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>https://www.youtube.com/watch?v=Zv11L-ZfrSg</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://cesaschools.org</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://assholesatheory.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://authorization-id-code.info/api.php</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://authorization-id-code.info/api.php?k=8402fb1338daab6a166e91aa8c92a20798acfa98fb75c5a2&amp;d=C94wud4AuSWy5TYcxUyJe2misrRIiNnCcfQF7A0OsR0a%2BuRL8rkKjy9h5zcGCtQSRJtQNLuqDdvWapqzHv4Uas%2FMxwZodHlme4B5XL4frraNCdmTRJMQdGj3P0eeQfa%2FVIRfvNs3Rpmmc%2BwEv8yYcGjopMc5cG7V</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://authorization-id-code.info/api.php?s=8402fb1338daab6a166e91aa8c92a20798acfa98fb75c5a2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://bankfwd.org/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://blog.productosflower.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://canipec.org.mx/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.1.4/swiper-bundle.css?ver=7.0</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.1.4/swiper-bundle.min.js</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://central-courses.fr/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cesa.mcjobboard.net/jobs</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://cesaschools.org#main</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://domestia.be/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://e-rv.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fatherprada.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css2?family=Sorts+Mill+Goudy:ital@0;1&amp;family=Montserrat:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&amp;display=swap</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Roboto:700,500,400&amp;subset=latin&amp;display=swap&amp;ver=4.7.16</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.googleapis.com/css?family=Sorts+Mill+Goudy:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7CMontserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&amp;display=swap&amp;ver=7.0</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/montserrat/v31/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/montserrat/v31/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://fonts.gstatic.com/s/sortsmillgoudy/v16/Qw3GZR9MED_6PSuS_50nEaVrfzgEbHoEjw.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://form.jotform.com/240957484877173</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://gblkeras.com/gbldom10.txt</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://gemeinschaftspraxis-borssum.de/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://gzmcfeni.gov.bd/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://idet.tlaxcala.gob.mx/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ilo.pl/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/assets/ba977f76c8/15909964/custom-icons.css?token=ba977f76c8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/css/pro-v4-font-face.min.css?token=ba977f76c8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/css/pro-v4-shims.min.css?token=ba977f76c8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/css/pro-v5-font-face.min.css?token=ba977f76c8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/css/pro.min.css?token=ba977f76c8</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/webfonts/pro-fa-light-300-1.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/webfonts/pro-fa-light-300-13.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ka-p.fontawesome.com/releases/v6.7.2/webfonts/pro-fa-regular-400-12.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://kit.fontawesome.com/ba977f76c8.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://lagattapizza.ru/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://lokerserang.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://mjfspm.org/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://mjfveterinarycollege.org/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://ped.cc/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://pinetapark.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://planetario.malargue.gov.ar/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://polygon-public.nodies.app/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://polygon.rpc.hypersync.xyz/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.google-analytics.com/g/collect</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://region1.google-analytics.com/g/collect?v=2&amp;tid=G-MZ2EFMW28G&amp;gtm=45je6710h1v9231362420z89231339541za20gzb9231339541zd9231339541&amp;_p=1783367378741&amp;gcd=13l3l3l2l1l1&amp;npa=1&amp;dma_cps=a&amp;dma=1&amp;are=1&amp;cid=7534576.1783367379&amp;frm=0&amp;pscdl=noapi&amp;rcb=3&amp;sr=800x600&amp;uaa=&amp;uab=&amp;uafvl=&amp;uam=&amp;uamb=0&amp;uap=Linux&amp;uapv=&amp;uaw=0&amp;ul=en-us&amp;_s=1&amp;tag_exp=115616986~115938466~115938469~119027224~119576881~119576885~119576891~119576895&amp;sid=1783367379&amp;sct=1&amp;seg=0&amp;dl=https%3A%2F%2Fwww.cesaschools.org%2F&amp;dt=Council%20on%20Educational%20Standards%20and%20Accountability%20%7C%20CESA&amp;en=page_view&amp;_fv=1&amp;_nsi=1&amp;_ss=1&amp;tfd=4345</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://tabliczki24.pl/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://tareaonlines.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.ags-psicologosmadrid.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.aireproyectos.com.mx/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/apply</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/apply/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/apply/spousal-care/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/cesa-schools-overview/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/cesa-schools-overview/candidate-schools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/cesa-schools-overview/member-schools/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/cesa-standards/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/contact/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/events/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/posts/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/posts/blog-a-memorial-day-reflection/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/posts/flourishing-through/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/posts/the-rest-of-the-story/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/previous-events/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/refund-and-privacy-policy-information/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/resources-overview/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/resources-overview/books/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/resources-overview/posts/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/resources-overview/research/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/upcoming-events/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/why-cesa/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/why-cesa/cesa-history/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/why-cesa/cesa-leadership/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/why-cesa/who-we-are/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/events-calendar-pro/build/css/tribe-events-pro-mini-calendar-block.css?ver=7.7.16</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/assets/css/blocks.style.css?ver=2.2.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/assets/js/frontend.blocks.js?ver=2.2.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/vendors/fontawesome-free/css/all.min.css?ver=5.5.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/vendors/fontawesome-free/webfonts/fa-regular-400.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/vendors/mp-fancybox/jquery.fancybox.min.css?ver=3.5.7-mp.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/vendors/slick/slick/slick-theme.min.css?ver=1.9.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/getwid/vendors/slick/slick/slick.min.css?ver=1.9.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/memberclicks-professional-authentication/public/css/memberclicks-professional-authentication-public.css?ver=1.0.2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/nsm-stories-plugin-master/public/css/nsm-stories-plugin-public.css?ver=1.0.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/nsm-stories-plugin-master/public/js/nsm-stories-plugin-public.js?ver=1.0.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/nsm-team-member-directory-plugin-master/public/css/nsm-team-member-directory-public.css?ver=1.0.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/nsm-team-member-directory-plugin-master/public/js/nsm-team-member-directory-public.js?ver=1.0.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_block_carousel.js?ver=3.19.9</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_block_count_up.js?ver=3.19.9</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_block_video_popup.js?ver=3.19.9</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_blocks.css?ver=3.19.9</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_blocks__premium_only.css?ver=3.19.9</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_blocks_responsive.css?ver=3.19.9</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/stackable-ultimate-gutenberg-blocks-premium/dist/frontend_effects__premium_only.js?ver=3.19.9</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/the-events-calendar/common/build/js/user-agent.js?ver=da75d0bdea6dde3898df</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/the-plus-addons-for-block-editor/assets/css/extra/fontawesome.min.css?ver=4.7.16</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/the-plus-addons-for-block-editor/assets/fonts/fa-regular-400.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load.min.js?ver=4.2.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/css/blocks/events-list/events-list.css?ver=1.0.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/css/blocks/hero/hero.css?ver=1.0.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/css/blocks/news-list/news-list.css?ver=1.0.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/favicon/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/favicon/site.webmanifest</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/js/all.js?ver=1.0.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/themes/cesa/style.css?ver=1.0.3</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/uploads/2025/04/20250407a-cesa-visit-011-b68a9794_54437412680_o.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/uploads/2025/04/CESA-logo-short-version-1.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/uploads/2025/04/CESA-logo.svg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/uploads/2025/06/Brian_L_Morgan_20240822_BMP5081.jpg</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/uploads/font-awesome/v6.7.2/css/svg-with-js.css</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-content/uploads/theplus_gutenberg/plus-global.css?ver=1783367375</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-includes/css/dashicons.min.css?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-includes/js/jquery/jquery.min.js?ver=3.7.1</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/wp-includes/js/wp-emoji-release.min.js?ver=7.0</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtag/js?id=G-MZ2EFMW28G&amp;cx=c&amp;gtm=4e6710h1</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.googletagmanager.com/gtm.js?id=GTM-WQJBBL9F</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.gstatic.com/recaptcha/api2/logo_48.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.hallodog.com/outlet-/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.mtsalawgroup.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.mypt3.co/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.rajemployee.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.saxis.co.uk/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.sustainabilityinstitute.net/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.tasselmarketing.com/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mailto:kwiens@cesaschools.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://www.cesaschools.org/&amp;dt=Council</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>cdnjs.cloudflare.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>cesa.mcjobboard.net</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>cesaschools.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>form.jotform.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>gmpg.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>kit.fontawesome.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>s.w.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>sailboaterists.net</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>schema.org</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>www.cesaschools.org</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.tasselmarketing.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.youtube.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>assholesatheory.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>authorization-id-code.info</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>bankfwd.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>blog.productosflower.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>canipec.org.mx</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cdnjs.cloudflare.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>central-courses.fr</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cesa.mcjobboard.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>cesaschools.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>domestia.be</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>e-rv.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fatherprada.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>fonts.googleapis.com</url>
              <origin>URL_RENDER</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>fonts.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>form.jotform.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>gblkeras.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>gemeinschaftspraxis-borssum.de</url>
              <origin>URL_RENDER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>gzmcfeni.gov.bd</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>idet.tlaxcala.gob.mx</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>ilo.pl</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>ka-p.fontawesome.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>kit.fontawesome.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>lagattapizza.ru</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>lokerserang.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mjfspm.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mjfveterinarycollege.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>ped.cc</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>pinetapark.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>planetario.malargue.gov.ar</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>polygon-public.nodies.app</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>polygon.rpc.hypersync.xyz</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>region1.google-analytics.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>tabliczki24.pl</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>tareaonlines.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.ags-psicologosmadrid.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.aireproyectos.com.mx</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.cesaschools.org</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.googletagmanager.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.gstatic.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.hallodog.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.mtsalawgroup.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.mypt3.co</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.rajemployee.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.saxis.co.uk</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.sustainabilityinstitute.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>www.tasselmarketing.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <emails>
            <value>
              <email>kwiens@cesaschools.org</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>104.17.25.14</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.13.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>34.102.158.113</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>66.155.40.24</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.17.24.14</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.250.154.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>142.251.13.95</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.64.147.188</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>172.67.70.207</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>178.16.52.101</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>188.114.96.3</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>192.178.183.94</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>216.239.32.36</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>66.42.85.179</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>84.32.129.3</ip>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <ip>192.0.77.48</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>66.42.85.179</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.18.40.68</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>88.80.150.25</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.102</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>172.64.155.236</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.97</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.20.190</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>66.42.87.183</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>220bcb1ca2a00dad8195df3f900f82cab60fa423364e9d9aff31559947bf15ce</SHA-256>
              <SHA-1>8d52cf5d7815d3679d1cd8f326471edfe9fd9f34</SHA-1>
              <MD5>4ddcdb6a2d207dd0277856f0549bcf60</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>e8f2ded5d74c0ee5f427a20b6715e65bc79ed5c4fc67fb00d89005515c8efe63</SHA-256>
              <SHA-1>ae56ea57c52d1153cec33cef91cf935d2d3af14d</SHA-1>
              <MD5>fbe36eb2eecf1b90451a3a72701e49d2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>0d037d0ac35111285f00289e1a929e539c278d4d47847b8e8059793d4ba0908a</SHA-256>
              <SHA-1>927331f261aa900ba4de828e75d2f6c3b786bcb2</SHA-1>
              <MD5>f90520ce8a94803be7864ed7ee493c24</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>7f2a91789a0809e373ab39b59e0e687794aad708fb9b6268bdd3694004afd5a8</SHA-256>
              <SHA-1>2c4367988c6b19d28524ea74f36b2fca985317da</SHA-1>
              <MD5>ca388165aea21e2c2c530bb9b3693fd0</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/xhtml+xml</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>ad2e6796d4baad5dbee0f3a34cb0be854f9b518c53daa175063575c136bbb063</SHA-256>
              <SHA-1>59bb55bc1f4269673042717207ebd8d24b926f51</SHA-1>
              <MD5>a5c45625b9f16ec1d298156a3c53cb24</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/css</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>0925b9c97763a7f6d6c566765c9d8ac7d7eba5834c9a9203024540cee931c9f3</SHA-256>
              <SHA-1>d257a6c4874741b5ef180a1a6728b2eb91bd13e7</SHA-1>
              <MD5>c09bd5ee68a88a346594a754c70a83e5</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>67a192cdfd3349d046b90e8fcf60c2b66a492d849f129ca525e4f7f518471f34</SHA-256>
              <SHA-1>65ad80e2aab9fe6b147eb44779c16e2eae6d8d61</SHA-1>
              <MD5>eee4a5ded4778761112f27e1cb2c6c59</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/javascript</file_type>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <SHA-256>5435efeb5dac0ca169e1c93e5c3b22105d4edec2749e1bee11e5304e70ee7f17</SHA-256>
              <SHA-1>7299d80d5e372b256aae9c38730d752991a3199c</SHA-1>
              <MD5>8f618450147665b18400d8c35d7894f2</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>096bedcb15104d110928064db226a4325a2d62b28fee01453ea361dea9de7d12</SHA-256>
              <SHA-1>3bf2683c47f9cdd53568524362c37ff6287a522d</SHA-1>
              <MD5>c2d2f0d7bdf2986b0ad463d1bcdcf6ec</MD5>
              <origin>CONTENT_PARSE</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>018fe446e24a561daf5d9162ca2b64aa4771e6eba85eee35e622999528e95835</SHA-256>
              <SHA-1>9cef6dd65f79d9b4a8c7370205b711e8a50a8e74</SHA-1>
              <MD5>9c63753d3d526b158491827981e6bf5b</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>706b6d9bf9c05fc48fd41f4a074fac3965428074a34f7541114a1237652acaa7</SHA-256>
              <SHA-1>50c17f071facce20c19be5ec2d5af2a05ae0c5f4</SHA-1>
              <MD5>04c4d3ab654bc662b23553a67d0c24f3</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>768ce17420dde219d4ef35ef41bc0aff20058d8b845c4fcae15cc101633604bc</SHA-256>
              <SHA-1>5ffa8d1f443b215367b5169b291f499dc2a766c3</SHA-1>
              <MD5>d74ce8ebe20949c036e00094fc04ebd5</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>a15892ff56245977b1048af701d18599a5486e2f0d12d0fcf795526a1d9344b7</SHA-256>
              <SHA-1>8b1cf0303f636b01533223ac224ecaaeb3e494ad</SHA-1>
              <MD5>39e0bd08882b82a4b0a5ea03627f33f6</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>a81dac3374a6f5469ee90fbc8c721dc255f0aca440a912b347bcf198bbcd1527</SHA-256>
              <SHA-1>c9c1376e20f059e832fccfbc9a9659628a81c434</SHA-1>
              <MD5>b39b698a6313ee071be02a788be829c6</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>b94cc63c4e4fb4cb8cb089bf4382321ef229f195d58988572c3a7b7ca1a233f0</SHA-256>
              <SHA-1>c73a9f4818e10655b87ac2c87bddeab4523a1bf9</SHA-1>
              <MD5>fc412483ca1f4d597054ddf861b8a7bb</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>hxxps://cesaschools.org</name>
        <report_id>79fa6c8d-5a0d-4f0d-8680-e51954706281</report_id>
        <tags>
          <value>html</value>
          <value>txt</value>
          <value>xml</value>
          <value>javascript</value>
          <value>obfuscated</value>
          <value>base64</value>
          <value>captcha</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>cf284583db104e7032876733467e77b25637a8a5d908c7b0d1582bac6c576eb7</id>
    <title>Analysis Report for cf284583db104e7032876733467e77b25637a8a5d908c7b0d1582bac6c576eb7</title>
    <updated>2026-07-06T19:48:31Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c069774fb2f5922b6c399</_id>
        <file_type>text/x-shellscript</file_type>
        <flow_id>6a4c068c327f9453dea7d0eb</flow_id>
        <hash>cf284583db104e7032876733467e77b25637a8a5d908c7b0d1582bac6c576eb7</hash>
        <iocs>
          <ips>
            <value>
              <ip>152.70.4.175</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>_cf284583db104e7032876733467e77b25637a8a5d908c7b0d1582bac6c576eb7.sh</name>
        <report_id>f584f550-c81e-49e7-9891-62d310982406</report_id>
        <tags>
          <value>shell</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>cf284583db104e7032876733467e77b25637a8a5d908c7b0d1582bac6c576eb7</id>
    <title>Analysis Report for cf284583db104e7032876733467e77b25637a8a5d908c7b0d1582bac6c576eb7</title>
    <updated>2026-07-06T19:48:31Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c069874fb2f5922b6c39b</_id>
        <file_type>text/x-shellscript</file_type>
        <flow_id>6a4c068edef7044af0b8439c</flow_id>
        <hash>cf284583db104e7032876733467e77b25637a8a5d908c7b0d1582bac6c576eb7</hash>
        <iocs>
          <ips>
            <value>
              <ip>152.70.4.175</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>cf284583db104e7032876733467e77b25637a8a5d908c7b0d1582bac6c576eb7.sh</name>
        <report_id>d04a39a8-c073-4403-8e72-9e43df993592</report_id>
        <tags>
          <value>shell</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c7f35d4000d0c95ee4366f1a31988d005d9800bc39c9ad5220f751219219ff7c</id>
    <title>Analysis Report for c7f35d4000d0c95ee4366f1a31988d005d9800bc39c9ad5220f751219219ff7c</title>
    <updated>2026-07-06T19:46:49Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c063c74fb2f5922b6c387</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c0627def7044af0b84324</flow_id>
        <hash>c7f35d4000d0c95ee4366f1a31988d005d9800bc39c9ad5220f751219219ff7c</hash>
        <iocs>
          <urls>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.zupimages.net/up/26/19/frxu.png</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>EMAIL_BODY</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>EMAIL_BODY</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.zupimages.net/up/26/19/frxu.png</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.zupimages.net/up/26/19/frxu.png</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>file:///tmp/tmpjzl9d848.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zupimages.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zupimages.net</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zupimages.net</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>108.138.24.15</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>188.114.96.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>3e232b00cd3915c3aceb9e00d5cdb582b6229a7e9f29b9899e40fed4f4b6c62f</SHA-256>
              <SHA-1>38e806d049cfede03e3af9babfbd1c16fac2f6ca</SHA-1>
              <MD5>d3b7a7f8fb7665b4d9541f158b06756f</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/html</file_type>
            </value>
            <value>
              <SHA-256>9f9eac05fa921e42c3778ccfcfdce19d3b2ee151c369f62267168354bde09202</SHA-256>
              <SHA-1>a1e5a5ce2180924142df9e2df954bc1fd8b8b9f4</SHA-1>
              <MD5>df46b4767facb358b216af7358b9ac8d</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>c70d2409bb6edd811ceb9b7973c7c69c8ffcc5576cdc354b059f6e7583264b95</SHA-256>
              <SHA-1>1bc39333b9ac249ac8b164d4bafd20687ca9cede</SHA-1>
              <MD5>dca852450bffc306d95a145b81ac9040</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>98e406ed-7144-42e5-bd1b-0ef1bad2f6af</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>html</value>
          <value>obfuscated</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>3b378a961cc48e222c7274d3a6b01df94c8d325a12802f4c1df813035223de01</id>
    <title>Analysis Report for 3b378a961cc48e222c7274d3a6b01df94c8d325a12802f4c1df813035223de01</title>
    <updated>2026-07-06T19:44:55Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c05d80bc678ad76e5c57f</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4c05b35a5245447d9c264e</flow_id>
        <hash>3b378a961cc48e222c7274d3a6b01df94c8d325a12802f4c1df813035223de01</hash>
        <iocs>
          <btc_wallets>
            <value>
              <btc_wallet>12f1ef129b86863fc615926cbe1c59df</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>frost-tui</name>
        <report_id>e3a6ea2a-f60f-4ede-8bbf-160fb08c99ff</report_id>
        <tags>
          <value>elf</value>
          <value>golang</value>
          <value>base64</value>
        </tags>
        <verdict>UNKNOWN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>636d0c853f0e46a7bfe24cc6acb247badfb261b87a3adf7ac8c843b34def9d20</id>
    <title>Analysis Report for 636d0c853f0e46a7bfe24cc6acb247badfb261b87a3adf7ac8c843b34def9d20</title>
    <updated>2026-07-06T19:44:51Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c05fe74fb2f5922b6c37a</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c05b2ddf0075731163fa6</flow_id>
        <hash>636d0c853f0e46a7bfe24cc6acb247badfb261b87a3adf7ac8c843b34def9d20</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>6421a0667cab1c290867d3e59a02f600ba5c2cca8db4afc97caa230d86aaa1b9</SHA-256>
              <SHA-1>2d2a6c6291baa9968137f4dbcc6d5771d206613b</SHA-1>
              <MD5>53cf51ac6bc90793d966be8efc8595ac</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>cfdd11c2522923cea7dad2622ee1a6e79e50a5058e6f43b91246870db00c4086</SHA-256>
              <SHA-1>6b7c4dbe5d4fd7e8ac96dde4f775ff768d3b2d3a</SHA-1>
              <MD5>74a03fe199cb9711fe4d00561672eebe</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>f9a5b26d0075cbbbfadb191916a91ee2f71e8e1b2d3431d41e3b274e8067dc4b</SHA-256>
              <SHA-1>44d0486fd08391ba124a9ce19cf59b7465a9683b</SHA-1>
              <MD5>1ac063be369d01ab6d18bb645645abed</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <registry>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Themes\Personalize</registry>
              <origin>INPUT_FILE</origin>
            </value>
          </registry>
          <btc_wallets>
            <value>
              <btc_wallet>348ed7f2b85a964579c41d97c6621139</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>636d0c853f0e46a7bfe24cc6acb247badfb261b87a3adf7ac8c843b34def9d20.dll</name>
        <report_id>cb6b3097-c79b-43d9-a947-f789fc1fda85</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>crypto</value>
          <value>finger</value>
          <value>lolbin</value>
          <value>microsoft_visual_cc</value>
          <value>evasive</value>
          <value>overlay</value>
          <value>packed</value>
          <value>rundll32</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>60b455e866d9f0b71964595e0d252cd3312646e14d64ce3a38d99374e046960e</id>
    <title>Analysis Report for 60b455e866d9f0b71964595e0d252cd3312646e14d64ce3a38d99374e046960e</title>
    <updated>2026-07-06T19:44:00Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c058d74fb2f5922b6c365</_id>
        <file_type>application/x-msdownload; format=pe32</file_type>
        <flow_id>6a4c057e5a5245447d9c2622</flow_id>
        <hash>60b455e866d9f0b71964595e0d252cd3312646e14d64ce3a38d99374e046960e</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>4fc784db7849eb961ba097b8c06e1f9c848c135ae058556d06dd772590361630</SHA-256>
              <SHA-1>55d4e72a4c2ce87cd3dad77a4d5ed31a37b3f98d</SHA-1>
              <MD5>c1399bb796be6e3f0b8cca2fe1018b71</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>61c97f3ebb21bded2ed50fd0490fbb50eefbeb92e78b1eb15695675d03f3165e</SHA-256>
              <SHA-1>272afbc01ea9cbadcf3c0d9cc24de712e8136340</SHA-1>
              <MD5>72f267e776e912f3357a9e86eb467fff</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>Chrome.exe</name>
        <report_id>eaf72aec-9d48-4f37-aea1-f5b171e72bf4</report_id>
        <tags>
          <value>peexe</value>
          <value>dotnet_pe</value>
          <value>cmd</value>
          <value>lolbin</value>
          <value>reconnaissance</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>fc1d7947146c64220ccb75da2d4418b1a8afa677af64d373a778e8c89fa65a0e</id>
    <title>Analysis Report for fc1d7947146c64220ccb75da2d4418b1a8afa677af64d373a778e8c89fa65a0e</title>
    <updated>2026-07-06T19:41:26Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c04ff74fb2f5922b6c34a</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c04e556def43ee480d263</flow_id>
        <hash>fc1d7947146c64220ccb75da2d4418b1a8afa677af64d373a778e8c89fa65a0e</hash>
        <iocs>
          <urls>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.zupimages.net/up/26/19/frxu.png</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>file:///tmp/tmpjl28y9je.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.zupimages.net/up/26/19/frxu.png</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/9hGn</url>
              <origin>EMAIL_BODY</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://d1hw8t6nw1anwr.cloudfront.net/yFod</url>
              <origin>EMAIL_BODY</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://www.zupimages.net/up/26/19/frxu.png</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zupimages.net</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zupimages.net</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>zupimages.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>d1hw8t6nw1anwr.cloudfront.net</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>108.138.24.206</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>188.114.96.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>3e232b00cd3915c3aceb9e00d5cdb582b6229a7e9f29b9899e40fed4f4b6c62f</SHA-256>
              <SHA-1>38e806d049cfede03e3af9babfbd1c16fac2f6ca</SHA-1>
              <MD5>d3b7a7f8fb7665b4d9541f158b06756f</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/html</file_type>
            </value>
            <value>
              <SHA-256>14f65eb57f2d70dc18a71f0eb3465fa86bc3e6a61c23d92d3cad4aeb369cc7b3</SHA-256>
              <SHA-1>35ce29ab45c58ff6ae97c3fa4c18129ff11e8ec4</SHA-1>
              <MD5>b5feb9e39c5ba3f3e67a50f601ef700e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>c70d2409bb6edd811ceb9b7973c7c69c8ffcc5576cdc354b059f6e7583264b95</SHA-256>
              <SHA-1>1bc39333b9ac249ac8b164d4bafd20687ca9cede</SHA-1>
              <MD5>dca852450bffc306d95a145b81ac9040</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>e6906a10-b27a-4a47-96f7-6f279c2c1f16</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>html</value>
          <value>obfuscated</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>41ec92bc311daf40b22b2497d044b12d9ba0266da84d8581255d7cc9e059135f</id>
    <title>Analysis Report for 41ec92bc311daf40b22b2497d044b12d9ba0266da84d8581255d7cc9e059135f</title>
    <updated>2026-07-06T19:37:55Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c04400bc678ad76e5c537</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0410ddf0075731163cd5</flow_id>
        <hash>41ec92bc311daf40b22b2497d044b12d9ba0266da84d8581255d7cc9e059135f</hash>
        <iocs>
          <urls>
            <value>
              <url>http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/sha2-assured-cs-g1.crl05</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/sha2-assured-ts.crl02</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl4.digicert.com/sha2-assured-cs-g1.crl0L</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl4.digicert.com/sha2-assured-ts.crl0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>https://www.digicert.com/CPS0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl.globalsign.com/codesigningrootr45.crl0U</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://crl.globalsign.com/root-r3.crl0G</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>http://crl.globalsign.com/root.crl0G</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedRootG4.crl0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://ocsp.globalsign.com/codesigningrootr450F</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>http://ocsp.globalsign.com/gsgccr45evcodesignca20200U</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>http://ocsp.globalsign.com/rootr103</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ocsp.globalsign.com/rootr30;</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://secure.globalsign.com/cacert/codesigningrootr45.crt0A</url>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <url>http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://secure.globalsign.com/cacert/root-r3.crt06</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://update.steamcdn.com/version</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://update.wudrm.com/version</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://curl.haxx.se/docs/http-cookies.html</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://update.tnkjmec.com/version</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.globalsign.com/repository/0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/sha2-assured-cs-g1.crl05</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/sha2-assured-ts.crl02</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl4.digicert.com/sha2-assured-cs-g1.crl0L</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl4.digicert.com/sha2-assured-ts.crl0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>https://www.digicert.com/CPS0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.globalsign.com/codesigningrootr45.crl0U</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://crl.globalsign.com/root-r3.crl0G</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>http://crl.globalsign.com/root.crl0G</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedRootG4.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://nsis.sf.net/NSIS_Error</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>http://ocsp.globalsign.com/codesigningrootr450F</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>http://ocsp.globalsign.com/gsgccr45evcodesignca20200U</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>http://ocsp.globalsign.com/rootr103</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://ocsp.globalsign.com/rootr30;</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://secure.globalsign.com/cacert/codesigningrootr45.crt0A</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://secure.globalsign.com/cacert/root-r3.crt06</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.globalsign.com/repository/0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/PKI/docs/CPS/default.htm0@</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pkiops/docs/primarycps.htm0@</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/PKI/docs/CPS/default.htm0@</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>http://www.microsoft.com/pkiops/docs/primarycps.htm0@</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>cacerts.digicert.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>crl.globalsign.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crl3.digicert.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>curl.haxx.se</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>globalsign.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>ocsp.globalsign.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>secure.globalsign.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>update.steamcdn.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>update.tnkjmec.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>update.wudrm.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crl4.digicert.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>digicert.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>crl.microsoft.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>microsoft.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>crl.microsoft.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>microsoft.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>cacerts.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>crl.globalsign.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crl3.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>globalsign.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>nsis.sf.net</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ocsp.globalsign.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>secure.globalsign.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>crl4.digicert.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <url>digicert.com</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>BENIGN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>ftp@example.com</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>045.3.0.1</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>1.3.14.3</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>40.1.101.3</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.1</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.10</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.11</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.12</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.13</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.14</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.2</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.4</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.1.5</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>49.1.9.1</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>23.11.40.157</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>104.26.14.53</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>104.26.4.65</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>45.60.131.229</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>104.18.21.226</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>146.75.122.133</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>104.18.20.226</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>104.18.20.237</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>95.101.9.215</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>5.15.2.0</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>43.174.246.23</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>146.75.122.49</ip>
              <origin>DOMAIN_RESOLVE</origin>
            </value>
            <value>
              <ip>23.11.40.157</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>146.75.122.133</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>104.18.21.226</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>104.18.20.237</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>104.18.20.226</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>146.75.122.49</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>104.26.4.65</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>104.26.14.53</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>43.174.246.23</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>23.11.40.157</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>45.60.131.229</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>95.101.9.215</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>EXTRACTED_FILE</origin>
            </value>
          </ips>
          <files>
            <value>
              <MD5>a0f3f5d8aedd622aaebc9251e10c15ed</MD5>
              <SHA-1>271d2c2362f979d47b79acee65cc4ef7b152343e</SHA-1>
              <SHA-256>0efd139f4201aea356b6baddb159534badfeb388bb7dd54ee9d614f166cc64a2</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <MD5>a9abd4329ca364d4f430eddcb471be59</MD5>
              <SHA-1>c00a629419509929507a05aebb706562c837e337</SHA-1>
              <SHA-256>1982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload</file_type>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <MD5>34d8ed4e2c990270878fd72c786f46bf</MD5>
              <SHA-1>e3364ff6e564413281df127b17e64da53e3132b8</SHA-1>
              <SHA-256>3cc9bacd294a0b33116a00c72d129fcebeda131e86698e4000c8a2076267531b</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>924bf4024b17a30ce8a0824c118e32b4</MD5>
              <SHA-1>06a6871dca779a2790930562043c8d977837e922</SHA-1>
              <SHA-256>3f9eb09f577eb29d75bef37554a615ad0f4f9f765c0b81661fc284aa3b36e369</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>1e4a89b11eae0fcf8bb5fdd5ec3b6f61</MD5>
              <SHA-1>4260284ce14278c397aaf6f389c1609b0ab0ce51</SHA-1>
              <SHA-256>4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>03761f923e52a7269a6e3a7452f6be93</MD5>
              <SHA-1>2ce53c424336bcc8047e10fa79ce9bce14059c50</SHA-1>
              <SHA-256>7348cfc6444438b8845fb3f59381227325d40ca2187d463e82fc7b8e93e38db5</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload</file_type>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <MD5>344f8b428c739cf9c4006ca9a1c369c4</MD5>
              <SHA-1>86e412a7e9dc721b508a0bd5943b42d8d67aacc2</SHA-1>
              <SHA-256>737090ff3b48dd708110ce08c4a1ea29fc682e3ea0b67d48683057a1ba94d9bc</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-nsis-decompiled</file_type>
            </value>
            <value>
              <MD5>4590f92f42fdf3b147016a1c4253d461</MD5>
              <SHA-1>884611079375f2dd93fb9113d4b39eea1466f77c</SHA-1>
              <SHA-256>76d32a2edbf1bfded9321410ad3907143d43d68a4b6c2d66cf2fe712a2e0d451</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>ba72c2f6f465926980adc2fb7f8b3490</MD5>
              <SHA-1>63de0e3c14d0f45c1edab1c3ecd4adfb78ee8cdd</SHA-1>
              <SHA-256>86881a7054532019291c162f0a8177980c1c2b45490f7e88543f22915d08d9ff</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload</file_type>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <MD5>7773dceffc3b2600ad71246aebc69faf</MD5>
              <SHA-1>71f9279219d91c0eef3d72a06a2c594fa859a65e</SHA-1>
              <SHA-256>933a2a582392387c561e0217832d2a16b9338ca2bc06b4a1e2b8fed8827bf586</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>18a6c1a3d630dfcbc227082d5b06681a</MD5>
              <SHA-1>6634a25660e5843cf7fba6dc09b9dfcb698432a5</SHA-1>
              <SHA-256>af589d441cd97638b1a0b9192a4014c52b64b35ecf5437caa65f27b3583e07aa</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/x-msdownload</file_type>
              <verdict>BENIGN</verdict>
            </value>
            <value>
              <MD5>f7ad1eab748bc07570a57ec87787cf90</MD5>
              <SHA-1>0b1608da9fef218386e825db575c65616826d9f4</SHA-1>
              <SHA-256>d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <MD5>f47503cd83fd9abc25c0a86aeef94370</MD5>
              <SHA-1>70f0d2b49c32077322c0c603bee1ff090e3dbc4f</SHA-1>
              <SHA-256>debb8ca90c06f64b76e86792150595593467a232c89f3681fd688df732396f56</SHA-256>
              <origin>INSTALLER_EXTRACTION</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>1f676c76-80e1-4239-95bb-83d0f6d0da78</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Uninstall\SteamTools', 'DisplayName', 'SteamTools', 1, 1</registry>
              <origin>EXTRACTED_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Uninstall\SteamTools', 'UninstallString',</registry>
              <origin>EXTRACTED_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </registry>
        </iocs>
        <name>st-setup-1.8.30.exe</name>
        <report_id>0546a453-a3cc-4539-a31c-a49dbee8d2f6</report_id>
        <tags>
          <value>peexe</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>fingerprint</value>
          <value>crypto</value>
          <value>reconnaissance</value>
          <value>installer</value>
          <value>expired-cert</value>
          <value>nsis</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>base64</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>ed65e29968fef84f7054633ba74d9a389f29cac27231b1d699a0dc8cf9fc9a95</id>
    <title>Analysis Report for ed65e29968fef84f7054633ba74d9a389f29cac27231b1d699a0dc8cf9fc9a95</title>
    <updated>2026-07-06T19:37:39Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c041b0bc678ad76e5c52e</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c0402def7044af0b840c0</flow_id>
        <hash>ed65e29968fef84f7054633ba74d9a389f29cac27231b1d699a0dc8cf9fc9a95</hash>
        <iocs>
          <urls>
            <value>
              <url>http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt0_</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl3.digicert.com/DigiCertTrustedRootG4.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>http://www.digicert.com/CPS0</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>cacerts.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>crl3.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>crl4.digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
            <value>
              <url>digicert.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>whitelisted</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>23.11.40.157</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>45.60.121.229</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.142.9</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>162.159.142.9</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>23.11.40.157</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>45.60.121.229</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>a8396a3e61ef2eeb7d1722cae421d578</MD5>
              <SHA-1>3df4a91cd34ee03316afa5334ce4260307f8500f</SHA-1>
              <SHA-256>48352f652c8a9243b1f2640e3605079cb6a317e9ae4f1607b9b3d288d9ebe660</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>53cf51ac6bc90793d966be8efc8595ac</MD5>
              <SHA-1>2d2a6c6291baa9968137f4dbcc6d5771d206613b</SHA-1>
              <SHA-256>6421a0667cab1c290867d3e59a02f600ba5c2cca8db4afc97caa230d86aaa1b9</SHA-256>
              <origin>PE_UNPACKING</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>1ac063be369d01ab6d18bb645645abed</MD5>
              <SHA-1>44d0486fd08391ba124a9ce19cf59b7465a9683b</SHA-1>
              <SHA-256>f9a5b26d0075cbbbfadb191916a91ee2f71e8e1b2d3431d41e3b274e8067dc4b</SHA-256>
              <origin>PE_UNPACKING</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>8c15ace3ca990b9f9e357b63b64fd675</MD5>
              <SHA-1>029e0aa3727a52f3f55c7f5c13dc869ecb965c32</SHA-1>
              <SHA-256>bc68e20cfe18c8dc3d20eb72c6ce1bc22688f261c96ae7bcc74cd10038519db1</SHA-256>
              <origin>PE_UNPACKING</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <MD5>27a005f7927e60263cc7637b084decd7</MD5>
              <SHA-1>f8f1064ec2f54046186f0b127c077bac45c7e81e</SHA-1>
              <SHA-256>bc6970d346a557b23936df4b06837f70bdbbb143421c9e068adb60a0233674f2</SHA-256>
              <origin>PE_UNPACKING</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
          </files>
        </iocs>
        <name>steam_api.dll</name>
        <report_id>0435801e-9096-41e5-af1b-c9258217dec0</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>overlay</value>
          <value>packed</value>
          <value>microsoft_visual_cc</value>
          <value>invalid-signature</value>
          <value>signed</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b812a84b646189fbec4a0fa2944dead3726a0967b64898d9d0070c0ba9dd991b</id>
    <title>Analysis Report for b812a84b646189fbec4a0fa2944dead3726a0967b64898d9d0070c0ba9dd991b</title>
    <updated>2026-07-06T19:37:24Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c04010bc678ad76e5c526</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c03f35a5245447d9c24d0</flow_id>
        <hash>b812a84b646189fbec4a0fa2944dead3726a0967b64898d9d0070c0ba9dd991b</hash>
        <iocs>
          <urls>
            <value>
              <url>http://schemas.microsoft.com/SMI/2005/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>http://schemas.microsoft.com/SMI/2016/WindowsSettings</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>schemas.microsoft.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.101</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <MD5>5b37d342d00754825852ee96ea075a28</MD5>
              <SHA-1>c48f63680436ac3bfe658bd03952f7f51ec6285d</SHA-1>
              <SHA-256>1118dc2db1db5f81048f0d23847c2bfd764684d87e3c5aaa78e2844d9c19db2c</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>27bd8f490efcdc1c954f5a66f0319cb0</MD5>
              <SHA-1>537fdb4781c290b10707fcbb5db46ddcacbe3461</SHA-1>
              <SHA-256>11279eba28b41dcf24e23ff731bd699f9a592b5502242f71cdedc4b3b987f764</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>65734b3b1dff9e88fe67e071d3b0d72d</MD5>
              <SHA-1>1fdbae9924187684068617cd3faf2a6b4531f4e0</SHA-1>
              <SHA-256>22ca8885120ff002547d1a673367e31611fbd1f6e380343ee409b402f58c3a83</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>3bf2dac037ce87794e66ff7f054e913f</MD5>
              <SHA-1>52ca961fd37ad960905a681d1db5157508ef1602</SHA-1>
              <SHA-256>2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>80e8215a87ebb5e2b38b074c1880344d</MD5>
              <SHA-1>bbb6779a0bbb48ee653cc84f0e172ec92bf4eda1</SHA-1>
              <SHA-256>4aa40a1f420cdfa8a35cca0b20a358af6f6c5dba6a462521bf951b9657bc6326</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>95def12ba8f379344d23597bea8ab5dc</MD5>
              <SHA-1>b7c9c0a349408887310253f9bfa276ec3ea8aab9</SHA-1>
              <SHA-256>4e9e8b2db6a3a27edb3fc32912f25d61900f0a0165631f764898f755864da09c</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>bbdaf84824e9d2367807a56ddce71fa9</MD5>
              <SHA-1>4e9bcee22a4e144ba20c3ac0d813d953e93245db</SHA-1>
              <SHA-256>506e2447a5c5a1e60ba40eb7eec905b169ec9baaf68cfa205436b31cfad22d63</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>e0f7e8030c9a055072119d130a4b16b3</MD5>
              <SHA-1>26409a9e6b1bbf0e362c0934de885f72d03abfcf</SHA-1>
              <SHA-256>7a80402ecd11687ff5810f97e6475bc3fa603210f5504a6cdcc0fc7b78738344</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>dcd434a12a42c9628524ef54abf55dfc</MD5>
              <SHA-1>f4f146868bb50ca21b0a1f5bcc06aba9caf08394</SHA-1>
              <SHA-256>7b26a46a9abe66286620a2d58b91caca596f80062657177f2d61788ccabd17b7</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>e6276c0d837191e2622e818e2941ba07</MD5>
              <SHA-1>91527f72713e7abb9268effc592a528e47df0100</SHA-1>
              <SHA-256>7fc29911551f0c3267c7089fed95a6a8ccbe79f1ffbad4d3f1544d257bfff1f2</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>df8fd8211ad86f7956f101695f5ee19b</MD5>
              <SHA-1>1693cc1be0fbe260c7c73486303dd510a043ff5d</SHA-1>
              <SHA-256>8ae32e789cfea7d5154dc8576d3d1fff6b21b5f37d6770a4a49e95ff4163c08a</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>0861b39e31a7e04ec540e1ba7d003261</MD5>
              <SHA-1>5cc1c381f56a597aa07e25b8620763ce159ead13</SHA-1>
              <SHA-256>b8c98e8e3365e02c5734108bb1465f5cb27eeffe27e196bfb464d27bb9c84d08</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>a4107e407a0f54a04c403ff5068c97ec</MD5>
              <SHA-1>c254f7277e335977c6f164bfcfd7c476cb301220</SHA-1>
              <SHA-256>cc954465b37393f4df8c031a40f680c48f14fe579f94ffbbe5881d2ba50c10d5</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>bc96acd294daf254bd1e9492a28b66b8</MD5>
              <SHA-1>4b6dede554c7f1a41e29228fe67f7beaf339f794</SHA-1>
              <SHA-256>d007673f3ed6631108892220dbd94cdb875e92049c82ab707dac952dda181d77</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>73e05057ca73e0978f445f3b69d5a54d</MD5>
              <SHA-1>2611449c7fcc31e6b5cf7f2773579d9a41b0dd11</SHA-1>
              <SHA-256>d5671d0053a052859dbc2f7aeecfa16354d5b5f31bd83fbe1acbedca8f937ccd</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>9d931844eedb2c020b883fc8c103ff26</MD5>
              <SHA-1>a2f5a317d698cb3fe841fb6627b56faf47d5a7cc</SHA-1>
              <SHA-256>e9761063fec3e962995bbacd4eb4a0bf9e54f4b9dfe78eeb902d6ec24caca2e1</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
            <value>
              <MD5>ebaa692fd31b254e3cbb0c12df6c7f1f</MD5>
              <SHA-1>2faf654b7a95f2b4f79113c1c0c65a13da68b75c</SHA-1>
              <SHA-256>f5219fbeafe8108668cf95eb0a97b81acc418513d3dbe11f4472bbf9e928f567</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>908d8c828d04145fd6a33429eae9ea77</MD5>
              <SHA-1>f0197a7a4b860421bac5f0e78ebe384c129b0830</SHA-1>
              <SHA-256>f9acdd2676cdbe8b7691d21ef2513839d13ddb6b6c85ce86d2534dbabac7cc7e</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/dib</file_type>
            </value>
            <value>
              <MD5>e93f9e3ea7c5abc7179e5eb50b0299ca</MD5>
              <SHA-1>27d3a5b8bb160d70dad7f2136d02654a4448a92b</SHA-1>
              <SHA-256>fb14ad580c30edc392e438d352135f3f8ef814cde50b7a7ffaa122fa83464afc</SHA-256>
              <origin>INPUT_FILE</origin>
              <file_type>image/vnd.microsoft.icon</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>EsportsManager.exe</name>
        <report_id>dcce2fa7-97a6-49f2-9596-6e1983fa5785</report_id>
        <tags>
          <value>peexe</value>
          <value>microsoft_visual_cc</value>
          <value>anti-debug</value>
          <value>anti-vm</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>225f04eed1dffadac252514d1643b97486906029dae82601109a29018b79d2f0</id>
    <title>Analysis Report for 225f04eed1dffadac252514d1643b97486906029dae82601109a29018b79d2f0</title>
    <updated>2026-07-06T19:37:13Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c044b74fb2f5922b6c323</_id>
        <file_type>text/x-ini</file_type>
        <flow_id>6a4c03e756def43ee480d1db</flow_id>
        <hash>225f04eed1dffadac252514d1643b97486906029dae82601109a29018b79d2f0</hash>
        <iocs>
          <urls>
            <value>
              <url>http://libertycity.ru</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>http://libertycity.ru/</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>http://libertycity.ru/</url>
              <origin>CONTENT_PARSE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>libertycity.ru</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>libertycity.ru</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>libertycity.ru</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>45.14.135.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>8e939a9b74f04cb0d9facc2a81a9f544fbe3c9bb19fc66007a913c53a2132d16</SHA-256>
              <SHA-1>d662175fa07dd8cb2531af557e5adfa20e02fe59</SHA-1>
              <MD5>b56bf42dcca4fba4617dc78f34ef0ed6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>af9fe67875816c43f0cdf83b4a3ada36331b1abbd854ff03469bd50802dd482c</SHA-256>
              <SHA-1>18e3f2edc8bc7f60c1b132ec9a3e933090c82b2e</SHA-1>
              <MD5>8acb90f2f686b634e8cb89001474d96e</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>000214A0-0000-0000-C000-000000000046</uuid>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <uuid>000214A0-0000-0000-C000-000000000046</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>LibertyCity.Ru.url</name>
        <report_id>02b610a9-8537-4c46-89ec-9669515e2bc3</report_id>
        <tags>
          <value>txt</value>
          <value>html</value>
          <value>ini</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>693b06dd9448db0710d4336590e4e1f617dc09936841a2c975afbdeeee10f50f</id>
    <title>Analysis Report for 693b06dd9448db0710d4336590e4e1f617dc09936841a2c975afbdeeee10f50f</title>
    <updated>2026-07-06T19:37:13Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c045874fb2f5922b6c327</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c03e756def43ee480d1db</flow_id>
        <hash>693b06dd9448db0710d4336590e4e1f617dc09936841a2c975afbdeeee10f50f</hash>
        <iocs>
          <urls>
            <value>
              <url>https://blast.hk/threads/19292/</url>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <url>https://blast.hk/threads/19292/</url>
              <origin>INPUT_FILE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>blast.hk</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>blast.hk</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>185.178.208.180</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>06b78869d7c75a9df70e343bdafab98d2b2f4921cc9b01e008d0a2be894e0910</SHA-256>
              <SHA-1>f100499826882838c30833fdd08af4f917c184f3</SHA-1>
              <MD5>4641e06ea7c071570cfc7bab5c7ec434</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>Moon ImGui.txt</name>
        <report_id>5327fedf-809a-4474-9ba6-bd964c03beb7</report_id>
        <tags>
          <value>txt</value>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>5b0aa49c72ad115cd405390ce20018216d4a526f013f8fe21b82834a9137a66e</id>
    <title>Analysis Report for 5b0aa49c72ad115cd405390ce20018216d4a526f013f8fe21b82834a9137a66e</title>
    <updated>2026-07-06T19:37:13Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c047674fb2f5922b6c330</_id>
        <file_type>text/x-lua</file_type>
        <flow_id>6a4c03e756def43ee480d1db</flow_id>
        <hash>5b0aa49c72ad115cd405390ce20018216d4a526f013f8fe21b82834a9137a66e</hash>
        <iocs>
          <urls>
            <value>
              <url>https://github.com/ocornut/imgui</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://github.com/ocornut/imgui</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>github.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>github.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>140.82.121.3</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>480d009c9bd333eec05d052ce04336595e3e79472c5a3ea0eb9ef1bc91bdad06</SHA-256>
              <SHA-1>8dfcaf67376761c1d1a5687706ef462b4078fe02</SHA-1>
              <MD5>c748c798d5a8cd712b54dac56dc8770f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <SHA-256>059f64a2e0b31a5713a7422de70169cda57eb8819e104cf8634766ecc2949e4e</SHA-256>
              <SHA-1>ca9865458deeff1f0d919fe72d74eced01e6ddae</SHA-1>
              <MD5>36244fed3a3a228ad249805618c9a78f</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>3e00e20248d59beb2d145c40d8a62861b2d18ceacc4dcbb47ec4168c7676fdd7</SHA-256>
              <SHA-1>16680f2443d574ac4e903db5af7e57a3c3363658</SHA-1>
              <MD5>319a0a226d1c19ea7c463573aa63ac4f</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>594999b9a2483f1c2a43dd3f0d1f00f4e70e50b0269d9c2ac5d3205d0954a533</SHA-256>
              <SHA-1>778b3f5664708d811f98335888fa7476a163d3e8</SHA-1>
              <MD5>f526e17fccdab6dbf1d9562deac0d499</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>dad0793f5b738e52695dde4b18fbb2079a7c289849a3bcf31832c6961b6931db</SHA-256>
              <SHA-1>42e364a17147f943ee201017c53f3a285d4f3c0f</SHA-1>
              <MD5>3e1d8a44de351975cc6f84d25c6c5937</MD5>
              <origin>EXTRACTED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>0478e1b4804e6184d62f0f50453e7754f0b68e14356939c6ed9d6d94a53d5c87</SHA-256>
              <SHA-1>a379504a1451c46b65eeab18d68a4eb6e57927ef</SHA-1>
              <MD5>4ce45d14c14d571cfbd81f88676fec01</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>624c7a0246e707274c97e96671e6560281becb7d970cb70bb117bc9419b6c072</SHA-256>
              <SHA-1>045f9b33c8c28e5da0615265f65f182e0654f662</SHA-1>
              <MD5>f59691a9878fd579a15ab14dfcec8bda</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>67aa6433121ff902b9d5958cebdda0d1e3beb586d78bd29d36b553d593642a94</SHA-256>
              <SHA-1>619244a8f44b1084cdaa40b32083599497b6a513</SHA-1>
              <MD5>f8fcc1a315f866dccdac33c27a23b07c</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>930dfb4b1cabdb7e5ee60ada7427e7a4ac167f5134feaf80974287d93bcd9cb1</SHA-256>
              <SHA-1>1c9cddc4fdfeded001a7a9b4188432300c08f45d</SHA-1>
              <MD5>33fc6956f85d4639c2d8e787115369ad</MD5>
              <origin>EXTERNAL_PARSER</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>imgui.lua</name>
        <report_id>ea8d6d30-ff91-4de9-b26d-265f6d236863</report_id>
        <tags>
          <value>txt</value>
          <value>html</value>
          <value>json</value>
          <value>base64</value>
          <value>obfuscated</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>fa7d32f0f88d212f30a131686a08a0d2a3d480c04d4666200571d87e304ca31d</id>
    <title>Analysis Report for fa7d32f0f88d212f30a131686a08a0d2a3d480c04d4666200571d87e304ca31d</title>
    <updated>2026-07-06T19:37:13Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c046a74fb2f5922b6c32c</_id>
        <file_type>application/x-msdownload</file_type>
        <flow_id>6a4c03e756def43ee480d1db</flow_id>
        <hash>fa7d32f0f88d212f30a131686a08a0d2a3d480c04d4666200571d87e304ca31d</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df</SHA-256>
              <SHA-1>4260284ce14278c397aaf6f389c1609b0ab0ce51</SHA-1>
              <MD5>1e4a89b11eae0fcf8bb5fdd5ec3b6f61</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
          </files>
        </iocs>
        <name>MoonImGui.dll</name>
        <report_id>0ac25581-6fcc-44e9-b55e-2c613c2d1e93</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>microsoft_visual_cc</value>
          <value>anti-debug</value>
          <value>evasive</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>47575a1410088886820cff310c133c2501874381ea30174cc05077b3c208ad4d</id>
    <title>Analysis Report for 47575a1410088886820cff310c133c2501874381ea30174cc05077b3c208ad4d</title>
    <updated>2026-07-06T19:36:01Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c04170bc678ad76e5c52b</_id>
        <file_type>application/x-powershell</file_type>
        <flow_id>6a4c03a156def43ee480d1b6</flow_id>
        <hash>47575a1410088886820cff310c133c2501874381ea30174cc05077b3c208ad4d</hash>
        <iocs>
          <urls>
            <value>
              <url>https://api.adviceslip.com/advice</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.quotable.io/random</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://booking.customerhotelinfo.com/archbkngrequir.zip</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://catfact.ninja/fact</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://httpbin.org/json</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.boredapi.com/api/activity</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.adviceslip.com/advice</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.quotable.io/random</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://booking.customerhotelinfo.com/archbkngrequir.zip</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://catfact.ninja/fact</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=autorun_registry_ok&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=download_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=init&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=run_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=unzip_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://httpbin.org/json</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://official-joke-api.appspot.com/random_joke</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.boredapi.com/api/activity</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ptlAS.zip</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>api.adviceslip.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.quotable.io</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>booking.customerhotelinfo.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>boredapi.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>catfact.ninja</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>customerhotelinfo.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>httpbin.org</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>official-joke-api.appspot.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.adviceslip.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.quotable.io</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>booking.customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>boredapi.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>catfact.ninja</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>httpbin.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>185.53.57.80</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>35.71.131.46</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.21.65.30</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.153</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>198.185.159.145</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>100.59.144.143</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>5219e4162cf0726e375f53d8aca4eecffad887505d7909fa29774bee0bd71beb</SHA-256>
              <SHA-1>38fd8559f3eb5fab2ee57d66e1c0798e99ea8171</SHA-1>
              <MD5>742926024890012159ad0ee3c0739d92</MD5>
              <origin>POWERSHELL_EMULATION</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>01046efd1a37d618f7c10cc714d9a24f0d600e959285d6e5092ce351fc64e92d</SHA-256>
              <SHA-1>a93106d0d118607ef3eb3f829a5272837aa342ca</SHA-1>
              <MD5>fd008335b16886273753981a2386acc7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/plain</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>71e0580ab4e2b92bdc67333d3b4e37849e6fd464c7bd3751a267a6363d69de4e</SHA-256>
              <SHA-1>c02b624c9afb7792b2986e20421de67ce4c79222</SHA-1>
              <MD5>1f0ab39a96f95a15f85b0846531b3fdc</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>bab3dfd2a6c992e4bf589eee05fc9650cc9d6988660b947a7a87b99420d108f9</SHA-256>
              <SHA-1>9274ffd9cf273d4a008750f44540c4c5d4c8227c</SHA-1>
              <MD5>b5f26f6050c0e000dd0ecc4d55eb36e6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>26cfc49c914217cef7614530d782af4e08ac80916050b97f21a731b6fccd11cb</SHA-256>
              <SHA-1>2a9478d0ac1102ad1a929fdee45186a5b502943a</SHA-1>
              <MD5>212c601210bba573211fd6be468c907b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>d18c40f5-dc15-4fe5-b486-b7260aee9042</uuid>
              <origin>POWERSHELL_EMULATION</origin>
            </value>
            <value>
              <uuid>d18c40f5-dc15-4fe5-b486-b7260aee9042</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>_47575a1410088886820cff310c133c2501874381ea30174cc05077b3c208ad4d.txt</name>
        <report_id>9ce9697d-6fc9-4f9b-941e-0330ea88ac2b</report_id>
        <tags>
          <value>powershell</value>
          <value>txt</value>
          <value>json</value>
          <value>anti-vm</value>
          <value>evasive</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>downloader</value>
          <value>persistence</value>
          <value>crypto</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>863454d9d304f37003a7d301e543fb08a7fe6ac7853f1405ded6f3f64ba1532e</id>
    <title>Analysis Report for 863454d9d304f37003a7d301e543fb08a7fe6ac7853f1405ded6f3f64ba1532e</title>
    <updated>2026-07-06T19:35:58Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c04310bc678ad76e5c533</_id>
        <file_type>application/x-powershell</file_type>
        <flow_id>6a4c039c5a5245447d9c2477</flow_id>
        <hash>863454d9d304f37003a7d301e543fb08a7fe6ac7853f1405ded6f3f64ba1532e</hash>
        <iocs>
          <urls>
            <value>
              <url>https://api.adviceslip.com/advice</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.quotable.io/random</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://booking.customerhotelinfo.com/archbkngrequir.zip</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://catfact.ninja/fact</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=autorun_registry_ok&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=download_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=init&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=run_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=unzip_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://httpbin.org/json</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://official-joke-api.appspot.com/random_joke</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.boredapi.com/api/activity</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ptd78l.zip</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.adviceslip.com/advice</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.quotable.io/random</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://booking.customerhotelinfo.com/archbkngrequir.zip</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://catfact.ninja/fact</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://httpbin.org/json</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.boredapi.com/api/activity</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>api.adviceslip.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.quotable.io</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>booking.customerhotelinfo.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>boredapi.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>catfact.ninja</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>customerhotelinfo.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>httpbin.org</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>official-joke-api.appspot.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.adviceslip.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.quotable.io</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>booking.customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>boredapi.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>catfact.ninja</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>httpbin.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>104.21.65.30</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.153</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>100.59.144.143</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>198.185.159.145</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>185.53.57.80</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>35.71.131.46</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>5219e4162cf0726e375f53d8aca4eecffad887505d7909fa29774bee0bd71beb</SHA-256>
              <SHA-1>38fd8559f3eb5fab2ee57d66e1c0798e99ea8171</SHA-1>
              <MD5>742926024890012159ad0ee3c0739d92</MD5>
              <origin>POWERSHELL_EMULATION</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>26793dceb38fe55c65467049923275958178541b3352b920890823d16462390d</SHA-256>
              <SHA-1>7dd5380d3a6116663fe82fb659a766687fd3860d</SHA-1>
              <MD5>e47661f4ba1e7d1f74beb5bad6f9a913</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>2b2ec20cd163bd392e01dd43f6eec141b9820ad9eb9a3d69670678af4e765b15</SHA-256>
              <SHA-1>19531bac2ec89b8f50b86fc078d0844f42eb7478</SHA-1>
              <MD5>e0eea45cfdba335f672f25e61d8016e6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>bab3dfd2a6c992e4bf589eee05fc9650cc9d6988660b947a7a87b99420d108f9</SHA-256>
              <SHA-1>9274ffd9cf273d4a008750f44540c4c5d4c8227c</SHA-1>
              <MD5>b5f26f6050c0e000dd0ecc4d55eb36e6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>ddeda1d82b7abf12af388480ffa8a92749d7b4a86f4efbb47df3259fc2f72153</SHA-256>
              <SHA-1>b15aa20425805cc9b5d4ae8063d36a06331f9abd</SHA-1>
              <MD5>145563721fb0e19c40b09f939c0c9310</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>f4b9bccd-3468-4b55-8961-177ce8f1dfc3</uuid>
              <origin>POWERSHELL_EMULATION</origin>
            </value>
            <value>
              <uuid>f4b9bccd-3468-4b55-8961-177ce8f1dfc3</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>_863454d9d304f37003a7d301e543fb08a7fe6ac7853f1405ded6f3f64ba1532e.txt</name>
        <report_id>6106a9d7-807d-4ccb-ad11-c71e1d23f7e2</report_id>
        <tags>
          <value>powershell</value>
          <value>json</value>
          <value>anti-vm</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>downloader</value>
          <value>evasive</value>
          <value>persistence</value>
          <value>crypto</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>981cc9005fb224a31130f9b8185976f51a0c705cde4e3d5818bda3a726f80826</id>
    <title>Analysis Report for 981cc9005fb224a31130f9b8185976f51a0c705cde4e3d5818bda3a726f80826</title>
    <updated>2026-07-06T19:35:51Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c03db74fb2f5922b6c30e</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c0396ddf0075731163c1b</flow_id>
        <hash>981cc9005fb224a31130f9b8185976f51a0c705cde4e3d5818bda3a726f80826</hash>
        <iocs>
          <files>
            <value>
              <SHA-256>5a388556885a8983a31726d29cf15c1ef8584a314b018c8b93308f96f3fe926a</SHA-256>
              <SHA-1>b13b215cc8e8f51de7b15eb22046a546219cc3e7</SHA-1>
              <MD5>4985b8a3d4e64c719ec7146e067f75ff</MD5>
              <origin>PE_UNPACKING</origin>
              <file_type>application/x-msdownload; format=pe64</file_type>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>17cbe73534bee6737f7db8e4998162df</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>_981cc9005fb224a31130f9b8185976f51a0c705cde4e3d5818bda3a726f80826.dll</name>
        <report_id>f66608c7-e8a2-4500-8bb1-bd9e5e63f8fe</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>anti-debug</value>
          <value>packed</value>
          <value>explorer</value>
          <value>lolbin</value>
          <value>mingw</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>29054e35459ee1a9e150d5f43432032095dde90291e9aca52f57b908ea2bef05</id>
    <title>Analysis Report for 29054e35459ee1a9e150d5f43432032095dde90291e9aca52f57b908ea2bef05</title>
    <updated>2026-07-06T19:35:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c03caff2e0900e305a9ee</_id>
        <file_type>image/png</file_type>
        <flow_id>6a4c0366def7044af0b84012</flow_id>
        <hash>29054e35459ee1a9e150d5f43432032095dde90291e9aca52f57b908ea2bef05</hash>
        <iocs/>
        <name>deepslate_top.png</name>
        <report_id>c6d42f87-a7c1-499f-b7c8-0f0657e40212</report_id>
        <tags>
          <value>png</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>70e4fe25ccf7f47a110edd87b24e877159c163a204ccf9fa0e85f4aec2fba816</id>
    <title>Analysis Report for 70e4fe25ccf7f47a110edd87b24e877159c163a204ccf9fa0e85f4aec2fba816</title>
    <updated>2026-07-06T19:35:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c03a6ff2e0900e305a9e4</_id>
        <file_type>application/json</file_type>
        <flow_id>6a4c0366def7044af0b84012</flow_id>
        <hash>70e4fe25ccf7f47a110edd87b24e877159c163a204ccf9fa0e85f4aec2fba816</hash>
        <iocs/>
        <name>en_us.json</name>
        <report_id>a137ff40-6003-4ad5-8e4e-01e6a15d2977</report_id>
        <tags>
          <value>json</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>99c0c525547f9b7e5e06ed7c2b7bf535a414706abd6e291392c5de00d020cc90</id>
    <title>Analysis Report for 99c0c525547f9b7e5e06ed7c2b7bf535a414706abd6e291392c5de00d020cc90</title>
    <updated>2026-07-06T19:35:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c03c7ff2e0900e305a9eb</_id>
        <file_type>application/json</file_type>
        <flow_id>6a4c0366def7044af0b84012</flow_id>
        <hash>99c0c525547f9b7e5e06ed7c2b7bf535a414706abd6e291392c5de00d020cc90</hash>
        <iocs/>
        <name>pack.mcmeta</name>
        <report_id>7e415ad7-7db5-460f-a29a-57293efa516f</report_id>
        <tags>
          <value>json</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>d192fce017d850d0adfc1f6bd1f9586244923e1cdb81b70d59ae8a6d2c104ae1</id>
    <title>Analysis Report for d192fce017d850d0adfc1f6bd1f9586244923e1cdb81b70d59ae8a6d2c104ae1</title>
    <updated>2026-07-06T19:35:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c03c8ff2e0900e305a9ec</_id>
        <file_type>image/png</file_type>
        <flow_id>6a4c0366def7044af0b84012</flow_id>
        <hash>d192fce017d850d0adfc1f6bd1f9586244923e1cdb81b70d59ae8a6d2c104ae1</hash>
        <iocs/>
        <name>purpur_block.png</name>
        <report_id>360f3342-7a7f-408e-8edc-a12665dab3d4</report_id>
        <tags>
          <value>png</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c81facfc543287e7b33c09a66eccc380e68e76ccfd518925ed989c13c61c1ad5</id>
    <title>Analysis Report for c81facfc543287e7b33c09a66eccc380e68e76ccfd518925ed989c13c61c1ad5</title>
    <updated>2026-07-06T19:35:03Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c03c6ff2e0900e305a9e9</_id>
        <file_type>image/png</file_type>
        <flow_id>6a4c0366def7044af0b84012</flow_id>
        <hash>c81facfc543287e7b33c09a66eccc380e68e76ccfd518925ed989c13c61c1ad5</hash>
        <iocs/>
        <name>pack.png</name>
        <report_id>fd4aa905-594f-474c-a0c4-ce6f6ca38202</report_id>
        <tags>
          <value>png</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>981cc9005fb224a31130f9b8185976f51a0c705cde4e3d5818bda3a726f80826</id>
    <title>Analysis Report for 981cc9005fb224a31130f9b8185976f51a0c705cde4e3d5818bda3a726f80826</title>
    <updated>2026-07-06T19:34:34Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c03580bc678ad76e5c508</_id>
        <file_type>application/x-msdownload; format=pe64</file_type>
        <flow_id>6a4c034856def43ee480d189</flow_id>
        <hash>981cc9005fb224a31130f9b8185976f51a0c705cde4e3d5818bda3a726f80826</hash>
        <iocs>
          <files>
            <value>
              <MD5>4985b8a3d4e64c719ec7146e067f75ff</MD5>
              <SHA-1>b13b215cc8e8f51de7b15eb22046a546219cc3e7</SHA-1>
              <SHA-256>5a388556885a8983a31726d29cf15c1ef8584a314b018c8b93308f96f3fe926a</SHA-256>
              <origin>PE_UNPACKING</origin>
              <file_type>application/x-msdownload; format=pe64</file_type>
            </value>
          </files>
          <btc_wallets>
            <value>
              <btc_wallet>17cbe73534bee6737f7db8e4998162df</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>981cc9005fb224a31130f9b8185976f51a0c705cde4e3d5818bda3a726f80826.exe</name>
        <report_id>7995dc2a-76f9-4c46-a166-f1e605869edb</report_id>
        <tags>
          <value>peexe</value>
          <value>pedll</value>
          <value>crypt</value>
          <value>anti-debug</value>
          <value>packed</value>
          <value>explorer</value>
          <value>lolbin</value>
          <value>mingw</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>863454d9d304f37003a7d301e543fb08a7fe6ac7853f1405ded6f3f64ba1532e</id>
    <title>Analysis Report for 863454d9d304f37003a7d301e543fb08a7fe6ac7853f1405ded6f3f64ba1532e</title>
    <updated>2026-07-06T19:34:33Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c03d2ff2e0900e305a9f0</_id>
        <file_type>application/x-powershell</file_type>
        <flow_id>6a4c034756def43ee480d183</flow_id>
        <hash>863454d9d304f37003a7d301e543fb08a7fe6ac7853f1405ded6f3f64ba1532e</hash>
        <iocs>
          <urls>
            <value>
              <url>https://api.adviceslip.com/advice</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.quotable.io/random</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://booking.customerhotelinfo.com/archbkngrequir.zip</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://catfact.ninja/fact</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://httpbin.org/json</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.boredapi.com/api/activity</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.adviceslip.com/advice</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.quotable.io/random</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://booking.customerhotelinfo.com/archbkngrequir.zip</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://catfact.ninja/fact</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=autorun_registry_ok&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=download_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=init&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=run_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=f4b9bccd-3468-4b55-8961-177ce8f1dfc3&amp;s=unzip_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://httpbin.org/json</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://official-joke-api.appspot.com/random_joke</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.boredapi.com/api/activity</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ptd78l.zip</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>api.adviceslip.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.quotable.io</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>booking.customerhotelinfo.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>boredapi.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>catfact.ninja</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>customerhotelinfo.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>httpbin.org</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>official-joke-api.appspot.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.adviceslip.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.quotable.io</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>booking.customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>boredapi.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>catfact.ninja</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>httpbin.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>185.53.57.80</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.153</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.21.65.30</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>3.33.148.61</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>198.185.159.145</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>52.206.154.42</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>5219e4162cf0726e375f53d8aca4eecffad887505d7909fa29774bee0bd71beb</SHA-256>
              <SHA-1>38fd8559f3eb5fab2ee57d66e1c0798e99ea8171</SHA-1>
              <MD5>742926024890012159ad0ee3c0739d92</MD5>
              <origin>POWERSHELL_EMULATION</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>162f433bcb27859193a3cee32f209c68bb0120d64451fae333d3853f1eee611f</SHA-256>
              <SHA-1>f04bdb8c69f67d07137c0f0bf6bb94f2cde94a13</SHA-1>
              <MD5>b8f3dc8e3b5e1e374b681070f7c00ad7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>fb2ed557fbe23464885aeabee6707377a865adb1bac1f592e65ae2833bf4ab34</SHA-256>
              <SHA-1>95212615f9f73917de54a8e1854a72a076169b00</SHA-1>
              <MD5>4ebe0c6109abc76ecade1ba9653cfcb7</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>bab3dfd2a6c992e4bf589eee05fc9650cc9d6988660b947a7a87b99420d108f9</SHA-256>
              <SHA-1>9274ffd9cf273d4a008750f44540c4c5d4c8227c</SHA-1>
              <MD5>b5f26f6050c0e000dd0ecc4d55eb36e6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>2f20b8d873789da076ef432d8ab86ba0c0b7c98a2cc951f6197f39242a990427</SHA-256>
              <SHA-1>091cc3c4734713b0d9a20bc6ac98c4a67924c298</SHA-1>
              <MD5>3dc8e214ac9f01a0bf74829685893c1b</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>f4b9bccd-3468-4b55-8961-177ce8f1dfc3</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>f4b9bccd-3468-4b55-8961-177ce8f1dfc3</uuid>
              <origin>POWERSHELL_EMULATION</origin>
            </value>
          </uuids>
        </iocs>
        <name>863454d9d304f37003a7d301e543fb08a7fe6ac7853f1405ded6f3f64ba1532e.ps1</name>
        <report_id>7a9cbbd3-c24a-462e-b12f-897fe870c1ff</report_id>
        <tags>
          <value>powershell</value>
          <value>json</value>
          <value>anti-vm</value>
          <value>evasive</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>downloader</value>
          <value>persistence</value>
          <value>crypto</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>29054e35459ee1a9e150d5f43432032095dde90291e9aca52f57b908ea2bef05</id>
    <title>Analysis Report for 29054e35459ee1a9e150d5f43432032095dde90291e9aca52f57b908ea2bef05</title>
    <updated>2026-07-06T19:34:17Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c039b74fb2f5922b6c301</_id>
        <file_type>image/png</file_type>
        <flow_id>6a4c0338327f9453dea7cfd8</flow_id>
        <hash>29054e35459ee1a9e150d5f43432032095dde90291e9aca52f57b908ea2bef05</hash>
        <iocs/>
        <name>deepslate_top.png</name>
        <report_id>30cd447a-e49f-4d1e-81e0-5b38f5c05ac7</report_id>
        <tags>
          <value>png</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>70e4fe25ccf7f47a110edd87b24e877159c163a204ccf9fa0e85f4aec2fba816</id>
    <title>Analysis Report for 70e4fe25ccf7f47a110edd87b24e877159c163a204ccf9fa0e85f4aec2fba816</title>
    <updated>2026-07-06T19:34:17Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c036774fb2f5922b6c2f2</_id>
        <file_type>application/json</file_type>
        <flow_id>6a4c0338327f9453dea7cfd8</flow_id>
        <hash>70e4fe25ccf7f47a110edd87b24e877159c163a204ccf9fa0e85f4aec2fba816</hash>
        <iocs/>
        <name>en_us.json</name>
        <report_id>531c9f1a-08aa-45eb-aca6-1a852c87e1c5</report_id>
        <tags>
          <value>json</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>99c0c525547f9b7e5e06ed7c2b7bf535a414706abd6e291392c5de00d020cc90</id>
    <title>Analysis Report for 99c0c525547f9b7e5e06ed7c2b7bf535a414706abd6e291392c5de00d020cc90</title>
    <updated>2026-07-06T19:34:17Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c037d74fb2f5922b6c2f8</_id>
        <file_type>application/json</file_type>
        <flow_id>6a4c0338327f9453dea7cfd8</flow_id>
        <hash>99c0c525547f9b7e5e06ed7c2b7bf535a414706abd6e291392c5de00d020cc90</hash>
        <iocs/>
        <name>pack.mcmeta</name>
        <report_id>18d7057e-545e-4b62-ae62-2a4e7b02ffc1</report_id>
        <tags>
          <value>json</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>d192fce017d850d0adfc1f6bd1f9586244923e1cdb81b70d59ae8a6d2c104ae1</id>
    <title>Analysis Report for d192fce017d850d0adfc1f6bd1f9586244923e1cdb81b70d59ae8a6d2c104ae1</title>
    <updated>2026-07-06T19:34:17Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c037f74fb2f5922b6c2fa</_id>
        <file_type>image/png</file_type>
        <flow_id>6a4c0338327f9453dea7cfd8</flow_id>
        <hash>d192fce017d850d0adfc1f6bd1f9586244923e1cdb81b70d59ae8a6d2c104ae1</hash>
        <iocs/>
        <name>purpur_block.png</name>
        <report_id>f7951f6e-3d8b-4232-9214-64527f68b5d2</report_id>
        <tags>
          <value>png</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>c81facfc543287e7b33c09a66eccc380e68e76ccfd518925ed989c13c61c1ad5</id>
    <title>Analysis Report for c81facfc543287e7b33c09a66eccc380e68e76ccfd518925ed989c13c61c1ad5</title>
    <updated>2026-07-06T19:34:17Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c036574fb2f5922b6c2f0</_id>
        <file_type>image/png</file_type>
        <flow_id>6a4c0338327f9453dea7cfd8</flow_id>
        <hash>c81facfc543287e7b33c09a66eccc380e68e76ccfd518925ed989c13c61c1ad5</hash>
        <iocs/>
        <name>pack.png</name>
        <report_id>36163287-0d70-4e48-ab30-f3f62571df6d</report_id>
        <tags>
          <value>png</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>47575a1410088886820cff310c133c2501874381ea30174cc05077b3c208ad4d</id>
    <title>Analysis Report for 47575a1410088886820cff310c133c2501874381ea30174cc05077b3c208ad4d</title>
    <updated>2026-07-06T19:33:41Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c035c74fb2f5922b6c2ec</_id>
        <file_type>application/x-powershell</file_type>
        <flow_id>6a4c0314def7044af0b83faa</flow_id>
        <hash>47575a1410088886820cff310c133c2501874381ea30174cc05077b3c208ad4d</hash>
        <iocs>
          <urls>
            <value>
              <url>https://api.adviceslip.com/advice</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.quotable.io/random</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://booking.customerhotelinfo.com/archbkngrequir.zip</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://catfact.ninja/fact</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=autorun_registry_ok&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=download_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=init&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=run_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com/soyqus?id=d18c40f5-dc15-4fe5-b486-b7260aee9042&amp;s=unzip_fail&amp;user=StevenIfnt</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>LIKELY_MALICIOUS</verdict>
            </value>
            <value>
              <url>https://httpbin.org/json</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://official-joke-api.appspot.com/random_joke</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.boredapi.com/api/activity</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>ptlAS.zip</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://api.adviceslip.com/advice</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://api.quotable.io/random</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://booking.customerhotelinfo.com/archbkngrequir.zip</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://catfact.ninja/fact</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <url>https://httpbin.org/json</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.boredapi.com/api/activity</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>api.adviceslip.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.quotable.io</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>booking.customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>boredapi.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>catfact.ninja</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>customerhotelinfo.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>httpbin.org</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.adviceslip.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>api.quotable.io</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>booking.customerhotelinfo.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>boredapi.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>catfact.ninja</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>customerhotelinfo.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>httpbin.org</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>official-joke-api.appspot.com</url>
              <origin>POWERSHELL_EMULATION</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <ips>
            <value>
              <ip>185.53.57.80</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>34.202.177.95</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>198.185.159.145</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>104.21.65.30</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>142.251.110.153</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>13.248.241.119</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>5219e4162cf0726e375f53d8aca4eecffad887505d7909fa29774bee0bd71beb</SHA-256>
              <SHA-1>38fd8559f3eb5fab2ee57d66e1c0798e99ea8171</SHA-1>
              <MD5>742926024890012159ad0ee3c0739d92</MD5>
              <origin>POWERSHELL_EMULATION</origin>
              <file_type>text/x-msdos-batch</file_type>
            </value>
            <value>
              <SHA-256>50304bbc1177c0b516a9ddd382d4bb66bb500655c6a03a22eb659f21cef08c9c</SHA-256>
              <SHA-1>c36c191565647d7f69d309fab79f9b5cea93fc0a</SHA-1>
              <MD5>8fd9586f970b184c5610207e11313437</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>16d93a650f6ed8c2c231cd93f2808aaaad2f0ac205f340c647430f3c812eb62d</SHA-256>
              <SHA-1>4416be81f03065f16e3d84b195bbf12f263b7658</SHA-1>
              <MD5>a1af091912cc542617c90ebed5966574</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>bab3dfd2a6c992e4bf589eee05fc9650cc9d6988660b947a7a87b99420d108f9</SHA-256>
              <SHA-1>9274ffd9cf273d4a008750f44540c4c5d4c8227c</SHA-1>
              <MD5>b5f26f6050c0e000dd0ecc4d55eb36e6</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <SHA-256>18ead770c7986249a0afc4a9b9006bb6989a1a35970331f558e249252ce9f643</SHA-256>
              <SHA-1>24043ababfb366bbb48b0d37ff458399c5505628</SHA-1>
              <MD5>b831fab317774c6af4557b50b13ea54f</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>application/json</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>d18c40f5-dc15-4fe5-b486-b7260aee9042</uuid>
              <origin>POWERSHELL_EMULATION</origin>
            </value>
            <value>
              <uuid>d18c40f5-dc15-4fe5-b486-b7260aee9042</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>47575a1410088886820cff310c133c2501874381ea30174cc05077b3c208ad4d.ps1</name>
        <report_id>4acc1727-f9f7-4a93-abb5-ed519dfa28a5</report_id>
        <tags>
          <value>powershell</value>
          <value>json</value>
          <value>anti-vm</value>
          <value>evasive</value>
          <value>fingerprint</value>
          <value>obfuscated</value>
          <value>downloader</value>
          <value>persistence</value>
          <value>crypto</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>dba5167419f9416e9277f41ddd8812b81765f7ebf260a6e0617ee9e640f6b94e</id>
    <title>Analysis Report for dba5167419f9416e9277f41ddd8812b81765f7ebf260a6e0617ee9e640f6b94e</title>
    <updated>2026-07-06T19:32:38Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c032774fb2f5922b6c2e1</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4c02d3b4cc16a49fa27cdf</flow_id>
        <hash>dba5167419f9416e9277f41ddd8812b81765f7ebf260a6e0617ee9e640f6b94e</hash>
        <iocs>
          <urls>
            <value>
              <url>https://tdrdwhxxgjzhztwxtxsf-dp9ctcz1v8gi.edgeone.dev/english.html#hkn-machines@wagenfelder.de</url>
              <origin>EMAIL_BODY</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>https://tdrdwhxxgjzhztwxtxsf-dp9ctcz1v8gi.edgeone.dev/english.html#hkn-machines@wagenfelder.de</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>file:///tmp/tmpqg8ihgqw.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://tdrdwhxxgjzhztwxtxsf-dp9ctcz1v8gi.edgeone.dev/english.html#hkn-machines@wagenfelder.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mailto:hkn-machines%40wagenfelder.de</url>
              <origin>URL_RENDER</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>tdrdwhxxgjzhztwxtxsf-dp9ctcz1v8gi.edgeone.dev</url>
              <origin>EMAIL_BODY</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>tdrdwhxxgjzhztwxtxsf-dp9ctcz1v8gi.edgeone.dev</url>
              <origin>URL_RENDER</origin>
              <verdict>MALICIOUS</verdict>
            </value>
            <value>
              <url>tdrdwhxxgjzhztwxtxsf-dp9ctcz1v8gi.edgeone.dev</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>hkn-machines@wagenfelder.de</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <email>hkn-machines@wagenfelder.de</email>
              <origin>EMAIL_BODY</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>43.174.246.29</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>01bf486e74ddb754e4facecb24ca2fe8cff245e2bcd8dbc6fe5389618c4012d3</SHA-256>
              <SHA-1>2c8909548f62ea5bcb1b1406644a126baa9ac38e</SHA-1>
              <MD5>0848a674c39e24fe23c4577ccfea55aa</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/html</file_type>
            </value>
            <value>
              <SHA-256>f55beafdba52fa75ebabf8e262cfa8083d8008ff40d0e7a0d66a649be9fc72f8</SHA-256>
              <SHA-1>39b1b02930edec35eec8a64a76dce6f5e5f965a7</SHA-1>
              <MD5>2649576bb41468cb2360218481170e74</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>62c2f6e9-e7a8-4625-98f8-4d2e2ad828d1</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>html</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>88f6f73629cbdfa2c2f45fa18481a559edc30aa12fee7592bf2a27199b61d8a7</id>
    <title>Analysis Report for 88f6f73629cbdfa2c2f45fa18481a559edc30aa12fee7592bf2a27199b61d8a7</title>
    <updated>2026-07-06T19:31:38Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c02f3ff2e0900e305a9c3</_id>
        <file_type>text/x-msdos-batch</file_type>
        <flow_id>6a4c02985a5245447d9c2389</flow_id>
        <hash>88f6f73629cbdfa2c2f45fa18481a559edc30aa12fee7592bf2a27199b61d8a7</hash>
        <iocs>
          <registry>
            <value>
              <registry>HKLM\HARDWARE\ACPI\FADT\VBOX__</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\SYSTEM\CurrentControlSet\Services\VBoxGuest</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\SYSTEM\CurrentControlSet\Services\VMware Tools</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\HARDWARE\ACPI\FADT\VBOX__</registry>
              <origin>BATCH_SCRIPT_EMULATION</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\SYSTEM\CurrentControlSet\Services\VBoxGuest</registry>
              <origin>BATCH_SCRIPT_EMULATION</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\SYSTEM\CurrentControlSet\Services\VMware Tools</registry>
              <origin>BATCH_SCRIPT_EMULATION</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </registry>
        </iocs>
        <name>checker.bat</name>
        <report_id>f8287cef-bbd7-48ff-878b-4b9787483dc9</report_id>
        <tags>
          <value>bat</value>
          <value>anti-vm</value>
          <value>cmd</value>
          <value>evasive</value>
          <value>fingerprint</value>
          <value>lolbin</value>
          <value>findstr</value>
          <value>wmic</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>8bdde0989119869ac227227c177adf9d53e1cb4d49734f3167aaf3a92ca74564</id>
    <title>Analysis Report for 8bdde0989119869ac227227c177adf9d53e1cb4d49734f3167aaf3a92ca74564</title>
    <updated>2026-07-06T19:31:31Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c02f274fb2f5922b6c2d4</_id>
        <file_type>text/javascript</file_type>
        <flow_id>6a4c0292ddf0075731163a2d</flow_id>
        <hash>8bdde0989119869ac227227c177adf9d53e1cb4d49734f3167aaf3a92ca74564</hash>
        <iocs/>
        <name>attempt2.js</name>
        <report_id>16b0ba91-0c68-48b7-ae94-af154efb1b6a</report_id>
        <tags>
          <value>javascript</value>
          <value>evasive</value>
          <value>repaired</value>
        </tags>
        <verdict>SUSPICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>e68674ecaaad7eb85c9c0f4d745405d581248bd334c789beafd4f296c620e559</id>
    <title>Analysis Report for e68674ecaaad7eb85c9c0f4d745405d581248bd334c789beafd4f296c620e559</title>
    <updated>2026-07-06T19:31:19Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c029874fb2f5922b6c2c1</_id>
        <file_type>application/pdf</file_type>
        <flow_id>6a4c0283327f9453dea7cf7e</flow_id>
        <hash>e68674ecaaad7eb85c9c0f4d745405d581248bd334c789beafd4f296c620e559</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.assistmyteam.com/downloads/manuals/pdf-converter-for-windows.pdf</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>https://www.assistmyteam.com/downloads/manuals/pdf-converter-for-windows.pdf</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>assistmyteam.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>assistmyteam.com</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>www.assistmyteam.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>160.153.76.233</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>0b8112cec017a2f97868e3692f47c9ca7429a458847509442a75bf7a1af8043a</SHA-256>
              <SHA-1>fa8bf1e3c677d00171f678e514ebb611ee833332</SHA-1>
              <MD5>ab6393541fffa961571aa4e3823aeb4f</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>37ee083f8616390fefce4e0de24d3785187ff15e4828c9571f8545c2bbe01bc8</SHA-256>
              <SHA-1>4e05e9b97da21f5d036f02a998863ef7cff9a190</SHA-1>
              <MD5>4be0f705b301a23242318881b151d04e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>45405534192731c95aa8281ff09b1f4a70662335aa973801b57f2cd12f33f52c</SHA-256>
              <SHA-1>3c3730ddcba981f476c9fc4b2aba8e8eebc756be</SHA-1>
              <MD5>76a2810be9da71a03194a6e78943d767</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>631fdb7182ecab450dea2dfa071a46f3cda54fe74eb236835620377abf39d5ef</SHA-256>
              <SHA-1>7096aa82757a52a58b542c357372e450171b5cfb</SHA-1>
              <MD5>fa03670352ef8dda63713f539dcac3aa</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>aaa017638289a31dbc2252d5661e9dbbda1c3e09b4dd15bd1550ddb1c482c62a</SHA-256>
              <SHA-1>5cf99c67e545e8a37d0595170e5784140e8936ac</SHA-1>
              <MD5>420e4c905318ca1eb3664f7feebcc888</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>ab39732f742c47be8e8927f74c6bbafe6ad4ba6c7f3c04f7735118795398912b</SHA-256>
              <SHA-1>c236403d0c5a1af6b582bdad3581b763b4ccc32c</SHA-1>
              <MD5>3ca470bd6c0e6a7184c792c5975d6fd7</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>d68045b43caa31f58b4fbbd6d61e3af3e84c7f32cb5a9dcf2af8b5329aa8d423</SHA-256>
              <SHA-1>8f6b463b0a3af9d3075fb388dbacb7ca76dd4dd8</SHA-1>
              <MD5>b89330d24837f7465be771e6210d8305</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
            <value>
              <SHA-256>fc3980bfb5909296127dc3f3fcc4a61a6f6b7632bd00c4e7269910144dac94f4</SHA-256>
              <SHA-1>d73ca86db8ebf4766fbc9305379b6623f2cdcbe8</SHA-1>
              <MD5>04a9fb2f04e6e3e975860256aaeb2bf0</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>image/png</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>70CFB1DA-4144-4FFB-B3AC-1AB9455E5471</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
        </iocs>
        <name>Install Guide.pdf</name>
        <report_id>387ecfd6-8e01-43bb-9d2e-c813031ef5b7</report_id>
        <tags>
          <value>pdf</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>d45d3a3bfd8c42e757232533eb3cea6c1914b0ad0dada33fc0af050bb838e57f</id>
    <title>Analysis Report for d45d3a3bfd8c42e757232533eb3cea6c1914b0ad0dada33fc0af050bb838e57f</title>
    <updated>2026-07-06T19:31:19Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c02e774fb2f5922b6c2d0</_id>
        <file_type>text/plain</file_type>
        <flow_id>6a4c0283327f9453dea7cf7e</flow_id>
        <hash>d45d3a3bfd8c42e757232533eb3cea6c1914b0ad0dada33fc0af050bb838e57f</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.assistmyteam.com/pdf-converter-for-windows/</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://www.assistmyteam.com/pdf-converter-for-windows/</url>
              <origin>CONTENT_PARSE</origin>
            </value>
          </urls>
          <domains>
            <value>
              <url>assistmyteam.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>assistmyteam.com</url>
              <origin>CONTENT_PARSE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>demo@assistmyteam.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>support@assistmyteam.com</email>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <email>demo@assistmyteam.com</email>
              <origin>CONTENT_PARSE</origin>
            </value>
            <value>
              <email>support@assistmyteam.com</email>
              <origin>CONTENT_PARSE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>160.153.76.233</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>41f6f25ec5b0b2618bb77e709310c00bbee8ff32c0cf1451f47bc4f11e1fadc9</SHA-256>
              <SHA-1>58d502633af934f7d042fb17ac37fb3e132c74b7</SHA-1>
              <MD5>0f98473afecbc3306c4dd2d4c9a24fad</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>Trial Key.txt</name>
        <report_id>f540f600-cdb1-4cc8-9ffd-39e061342fb7</report_id>
        <tags>
          <value>txt</value>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>644b5ed06ac72fca90bcddb239d11b4de8b5a5acc8593ff2fa4dcf8627a0b41a</id>
    <title>Analysis Report for 644b5ed06ac72fca90bcddb239d11b4de8b5a5acc8593ff2fa4dcf8627a0b41a</title>
    <updated>2026-07-06T19:31:19Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c030974fb2f5922b6c2da</_id>
        <file_type>application/x-dosexec</file_type>
        <flow_id>6a4c0283327f9453dea7cf7e</flow_id>
        <hash>644b5ed06ac72fca90bcddb239d11b4de8b5a5acc8593ff2fa4dcf8627a0b41a</hash>
        <iocs>
          <urls>
            <value>
              <url>https://www.assistmyteam.com/kb/category/pdf-converter-for-windows/InternetShortcutAssist~1.url</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.assistmyteam.com/pdf-converter/ARPURLINFOABOUTchangesCtrlEvtchangesWindows</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.assistmyteam.com/pdf-converter/download-setup/ARPURLUPDATEINFORepairingCtrlEvtRepairingremovesCtrlEvtremovesPPROMPTROLLBACKCOSTButtonText_CancelEnableUserControlProductVersionALLUSERSSelect</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://www.assistmyteam.com/support/ARPHELPLINKButtonText_OKErrorDialogTypical&amp;NoButtonText_NoexclamicExclamationIcon&amp;ReturnButtonText_Return&amp;FinishButtonText_Finish&amp;RepairButtonText_RepairChangingCtrlEvtChanging&amp;IgnoreButtonText_Ignore</url>
              <origin>INPUT_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>assistmyteam.com</url>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </domains>
          <emails>
            <value>
              <email>Windows.ARPCOMMENTSRemovingCtrlEvtRemovingrepairicRepairIconstyle21_dialog.jpgDialogBitmapsupport@assistmyteam.comARPCONTACTOLDPRODUCTS</email>
              <origin>INPUT_FILE</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>1.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>6.0.0.0</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>160.153.76.233</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>1a7e68a23374425a29c164b6b334fe760ecd1a71feddadad21ecc61aad29c19b</SHA-256>
              <SHA-1>57c95749150b05ba293c7a7d52ae4e862d8977ad</SHA-1>
              <MD5>66210287fd7f2a7c9747a3784bb8b25e</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
            <value>
              <SHA-256>256a284d14119d938e512299afd1d027bceea5b7b5284c4c5584473b7084fe15</SHA-256>
              <SHA-1>be26e9a80ab102e64215f5a9fa3694583f91b1ba</SHA-1>
              <MD5>f9fd66cd67e5f065669d239f99cc408b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>c4243368d9dbfc35c94434d9c7219efa3d630438c5cc0ad4a5405263a74284c3</SHA-256>
              <SHA-1>2d3e389e331addd5b9121dec94003e05b621c775</SHA-1>
              <MD5>00f22e628392dff2e197e148a69adbb9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/x-msdownload</file_type>
            </value>
            <value>
              <SHA-256>cf36fb42e9985a30f7d9a859e2db1086bba95431ee6906ce7587a754098d060c</SHA-256>
              <SHA-1>28259c2bb7f73d01c168a6584dcd93011d825424</SHA-1>
              <MD5>aa0f7dc6851605d177b922967795b7a1</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/xml</file_type>
            </value>
            <value>
              <SHA-256>f09c886bab6cd1dd9821d7789ffb5f836d4261078348dab8b65be8043db7c4b1</SHA-256>
              <SHA-1>fabf3a4d50117e9204fab106d03585b7a457bbc9</SHA-1>
              <MD5>3bc734bde84ad6f2332a25fc853505a9</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
          <uuids>
            <value>
              <uuid>0554D80E-5055-4789-B0F8-A75EB727D44E</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>228779EA-2415-4534-B514-E42E6AFF7987</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>2DD35456-3B59-468A-B452-A08B8011020A</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>30FB21D9-4696-4A8D-88A0-A40996074122</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>3152AA15-007C-455A-8CD1-30E705C8D5FF</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>317AAF70-D816-458C-BAF1-C82AD4131DEE</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>36E7AB33-B15C-4B06-B0B7-6D1FD82177F7</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>3F7FFA30-A242-41E3-86F8-C2D59A461FBF</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>4351BCD3-5B67-4AE1-9797-6DCE290E3900</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>44E0202D-CB7D-4343-859C-4551F8FBFBF3</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>46BF4B54-63FA-461C-9B5F-364F31CF5079</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>47F241AE-E39A-4054-8B71-DF86F8B52A46</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>549FAB9B-1449-43EC-BD49-9D8FBA8C13DC</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>64A7733F-FB0C-4DBF-BDDE-8F801C8A0787</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>6EC6B25E-2363-4933-9BCC-F7EA545C8D84</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>725700CF-E00D-4725-A288-F6CAA0C17B2D</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>7A57B071-827E-42D4-A654-77D6BE90A63C</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>806C843F-8EBA-44EA-85E5-8CDDD355C64F</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>86873DF3-6462-4B9B-83BD-E40E8EB614B6</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>86ca1aa0-34aa-4e8b-a509-50c905bae2a2</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>8D5043EC-03FA-4BFD-8000-43F47BCD4658</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>93B89DED-3C61-465B-8599-0488E93CE73E</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>9495CF9F-0066-4456-ACEC-AC1BB59ED84E</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>955B4DA2-081B-4398-92E7-F5664CF5DB98</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>9B55828F-2FC1-4F0B-914A-26C6C66792AF</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>A32FA861-324E-4CC3-9C27-9F7FA741CF06</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>A3F1B167-F7B5-4A8A-BD99-D404DC7BA0D7</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>AC3FD4AE-0385-4A3C-A24B-DBA4959EC1DD</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>ACDE77C7-08A0-4A4D-A2F5-785920D6D7AD</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>B64C2C8A-D6AF-4C47-B816-70EB5E912A44</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>B6EE7CF4-8000-4533-8305-701827E9E779</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>C41ABF0F-5C06-434E-A823-55B8C746A0EF</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>C45357BA-5FF4-4399-AAFD-5608E9BD6683</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>C9A97DE7-7DF0-45E3-99EE-BB04D85F0C44</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>D880C16E-0A74-4F6F-A98E-86A7C4E7EB1D</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E6CB88B1-1CCA-418D-B367-1B3BBD9CCB48</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>E98BE732-37C8-4872-84D9-115814BA88FE</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>EF1FE29E-14F5-4683-B625-D27216C2944E</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>F02FAAA2-A115-4256-8A34-700EBBCA224D</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>F75E8D1F-1C91-4DC3-B697-F94E5C34331B</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>F9F84956-E5AB-46FB-9BEA-D41283818984</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>FA7A7228-DF92-43AE-AEF5-2EC4389CD551</uuid>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <uuid>FFEF82C9-6DFC-49D8-B730-9A0CAF2D5ADA</uuid>
              <origin>INPUT_FILE</origin>
            </value>
          </uuids>
          <registry>
            <value>
              <registry>HKLM\SOFTWARE\JavaSoft\Java Runtime Environment</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>HKLM\SOFTWARE\Microsoft\.NETFramework\policy\v1.0\3705</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\SOFTWARE\Microsoft\DirectX\Version</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v1.1.4322\Install</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727\Install</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\InstallSuccess</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5\Install</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\Software\Adobe\Acrobat Reader\5.0\InstallPath\</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\Software\Adobe\Acrobat Reader\6.0\InstallPath\</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\Software\Adobe\Acrobat Reader\7.0\InstallPath\</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\Software\Adobe\Acrobat Reader\8.0\InstallPath\</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>HKLM\Software\Adobe\Acrobat Reader\9.0\InstallPath\</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
            <value>
              <registry>Software\JavaSoft\Java Development Kit\</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\JavaSoft\Java Runtime Environment\</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Internet Explorer</registry>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <registry>Software\Microsoft\Windows\CurrentVersion\Run</registry>
              <origin>INPUT_FILE</origin>
              <verdict>SUSPICIOUS</verdict>
            </value>
          </registry>
        </iocs>
        <name>PdfConverterPluginSetup.exe</name>
        <report_id>244a001e-4c25-46a1-ba98-097d8a7e829d</report_id>
        <tags>
          <value>peexe</value>
          <value>explorer</value>
          <value>fingerprint</value>
          <value>installer</value>
          <value>reconnaissance</value>
          <value>evasive</value>
          <value>advanced_installer</value>
          <value>microsoft_visual_cc</value>
          <value>signed</value>
          <value>overlay</value>
          <value>adaptive-context</value>
          <value>anti-debug</value>
          <value>lolbin</value>
          <value>msiexec</value>
          <value>installer-heuristic</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>99345364163a07d42f811f770aae83ea8cd9768d1cce394f31ed6dd8e581a89f</id>
    <title>Analysis Report for 99345364163a07d42f811f770aae83ea8cd9768d1cce394f31ed6dd8e581a89f</title>
    <updated>2026-07-06T19:30:55Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c028c74fb2f5922b6c2bd</_id>
        <file_type>text/x-python</file_type>
        <flow_id>6a4c026cdef7044af0b83eb5</flow_id>
        <hash>99345364163a07d42f811f770aae83ea8cd9768d1cce394f31ed6dd8e581a89f</hash>
        <iocs/>
        <name>vsscanner.py</name>
        <report_id>11dadd5a-ff23-49d8-82a5-579fe53a059f</report_id>
        <tags>
          <value>python</value>
          <value>lolbin</value>
          <value>msbuild</value>
        </tags>
        <verdict>LIKELY_MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>576d30ad74e1b571446c130d5e2fc440f422432cd8b2df8f1a1de9eaaf1b580a</id>
    <title>Analysis Report for 576d30ad74e1b571446c130d5e2fc440f422432cd8b2df8f1a1de9eaaf1b580a</title>
    <updated>2026-07-06T19:22:41Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c00a274fb2f5922b6c265</_id>
        <file_type>application/x-sharedlib</file_type>
        <flow_id>6a4c007fddf0075731163644</flow_id>
        <hash>576d30ad74e1b571446c130d5e2fc440f422432cd8b2df8f1a1de9eaaf1b580a</hash>
        <iocs>
          <urls>
            <value>
              <url>http://94.154.43.158/ghost.sh;</url>
              <origin>INPUT_FILE</origin>
              <verdict>MALICIOUS</verdict>
            </value>
          </urls>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>239.255.255.250</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>94.154.43.158</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>0aac774e9ccd5038ef1784e0bf9b0583f87d4b3565b77a89cb7288f84e5dd977</SHA-256>
              <SHA-1>56bfebe5d047eef52f983078bd01f798a6dfde80</SHA-1>
              <MD5>14bfa7d0fd8b6bfa479448d070d9dc1b</MD5>
              <origin>INPUT_FILE</origin>
              <file_type>application/octet-stream</file_type>
            </value>
          </files>
        </iocs>
        <name>armv7l.ghost.elf</name>
        <report_id>d1aff438-58f4-431c-8317-3b5ec8a491a5</report_id>
        <tags>
          <value>elf</value>
          <value>elf-shared</value>
          <value>gcc</value>
          <value>rust</value>
          <value>base64</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>b7985c1dea8baa3105529ad9e411292ab0b60d15060341848360820c4b910dc7</id>
    <title>Analysis Report for b7985c1dea8baa3105529ad9e411292ab0b60d15060341848360820c4b910dc7</title>
    <updated>2026-07-06T19:20:22Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4c003174fb2f5922b6c250</_id>
        <file_type>text/html</file_type>
        <flow_id>6a4bfff4ddf007573116351c</flow_id>
        <hash>b7985c1dea8baa3105529ad9e411292ab0b60d15060341848360820c4b910dc7</hash>
        <iocs>
          <urls>
            <value>
              <url>https://url.us.m.mimecastprotect.com/s/dH3DCYEBPvUn9MpWs0f5cxuguy/</url>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/api/ttp/url/get-page-data</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/resources/images/favicon.ico</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/resources/images/mimecast-logo.png</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/resources/languages/en.json</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/resources/main.fc1f0319c3e7a0a355ef.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/resources/polyfills.fc1f0319c3e7a0a355ef.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/resources/runtime.fc1f0319c3e7a0a355ef.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://security-us.m.mimecastprotect.com/ttpwp/resources/styles.fc1f0319c3e7a0a355ef.js</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://url.us.m.mimecastprotect.com/s/dH3DCYEBPvUn9MpWs0f5cxuguy/#</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>http://www.mimecast.com/</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://community.mimecast.com/docs/DOC-241</url>
              <origin>EXTERNAL_PARSER</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>community.mimecast.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>www.mimecast.com</url>
              <origin>EXTERNAL_PARSER</origin>
            </value>
            <value>
              <url>security-us.m.mimecastprotect.com</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>url.us.m.mimecastprotect.com</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <ips>
            <value>
              <ip>162.159.128.79</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>150.171.109.100</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>170.10.128.89</ip>
              <origin>URL_RENDER</origin>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>aea872296d73481000f4a7681b0ebcc4a9ca68d66e225998de1ccb881d98d84c</SHA-256>
              <SHA-1>2ebfb04563204dc9a35615a398e646c1e7beea34</SHA-1>
              <MD5>b2a4f5d119c8d9e3237268841cfd0e27</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>NO_THREAT</verdict>
            </value>
          </files>
        </iocs>
        <name>hxxps://url.us.m.mimecastprotect.com/s/dH3DCYEBPvUn9MpWs0f5cxuguy/</name>
        <report_id>aaa90cda-c673-47b7-b6f2-f24f22bd9990</report_id>
        <tags>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>277e1e7a41cdc47542136aee56cf6850cb940baf9f4d9d7250a1672b1771f204</id>
    <title>Analysis Report for 277e1e7a41cdc47542136aee56cf6850cb940baf9f4d9d7250a1672b1771f204</title>
    <updated>2026-07-06T19:18:52Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4bffa30bc678ad76e5c461</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4bff98327f9453dea7ce9d</flow_id>
        <hash>277e1e7a41cdc47542136aee56cf6850cb940baf9f4d9d7250a1672b1771f204</hash>
        <iocs>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>255.255.255.255</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
        </iocs>
        <name>mpsl.elf</name>
        <report_id>3aed3656-11cd-4f1c-94ce-866a1166d75b</report_id>
        <tags>
          <value>elf</value>
        </tags>
        <verdict>UNKNOWN</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>2b9fa53f8372c4413775650e9383d4f552aab63ffe298c21186674c3a4527f7e</id>
    <title>Analysis Report for 2b9fa53f8372c4413775650e9383d4f552aab63ffe298c21186674c3a4527f7e</title>
    <updated>2026-07-06T19:18:49Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4bffa50bc678ad76e5c463</_id>
        <file_type>application/x-executable</file_type>
        <flow_id>6a4bff95ddf0075731163473</flow_id>
        <hash>2b9fa53f8372c4413775650e9383d4f552aab63ffe298c21186674c3a4527f7e</hash>
        <iocs>
          <ips>
            <value>
              <ip>127.0.0.1</ip>
              <origin>INPUT_FILE</origin>
            </value>
            <value>
              <ip>255.255.255.255</ip>
              <origin>INPUT_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <btc_wallets>
            <value>
              <btc_wallet>3377b4f8e917ec8da3a51c81b9acf744</btc_wallet>
              <origin>EXTERNAL_PARSER</origin>
            </value>
          </btc_wallets>
        </iocs>
        <name>arm7.elf</name>
        <report_id>5af556ab-1d6f-4d36-9383-c198927f1408</report_id>
        <tags>
          <value>elf</value>
          <value>mirai</value>
          <value>gcc</value>
          <value>rust</value>
        </tags>
        <verdict>MALICIOUS</verdict>
      </details>
    </content>
  </entry>
  <entry>
    <id>a0e7a71df9d25b687d8698664811053278327c17264d327ceaad99e8731b0c48</id>
    <title>Analysis Report for a0e7a71df9d25b687d8698664811053278327c17264d327ceaad99e8731b0c48</title>
    <updated>2026-07-06T19:18:48Z</updated>
    <content type="application/xml">
      <details>
        <_id>6a4bffab74fb2f5922b6c237</_id>
        <file_type>message/rfc822</file_type>
        <flow_id>6a4bff965a5245447d9c20bc</flow_id>
        <hash>a0e7a71df9d25b687d8698664811053278327c17264d327ceaad99e8731b0c48</hash>
        <iocs>
          <urls>
            <value>
              <url>https://mail-auth-oauth20.github.io/client_id-access-redirect_oauth-response_type-cod-state-service-auth/#hkn-machines@wagenfelder.de</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://mail-gate20.github.io/authid-5ddd-41e7-8bef-3a7f9k2b-EIPcu3qRmMqx4lhYbwdN-scope-service-3a/#hkn-machines@wagenfelder.de</url>
              <origin>EMAIL_BODY</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>file:///tmp/tmpaqeu79r8.html</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://mail-auth-oauth20.github.io/client_id-access-redirect_oauth-response_type-cod-state-service-auth/#hkn-machines@wagenfelder.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://mail-gate20.github.io/authid-5ddd-41e7-8bef-3a7f9k2b-EIPcu3qRmMqx4lhYbwdN-scope-service-3a/#hkn-machines@wagenfelder.de</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>https://mail-auth-oauth20.github.io/client_id-access-redirect_oauth-response_type-cod-state-service-auth/#hkn-machines@wagenfelder.de</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
            <value>
              <url>https://mail-gate20.github.io/authid-5ddd-41e7-8bef-3a7f9k2b-EIPcu3qRmMqx4lhYbwdN-scope-service-3a/#hkn-machines@wagenfelder.de</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>NO_THREAT</verdict>
            </value>
          </urls>
          <domains>
            <value>
              <url>mail-auth-oauth20.github.io</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>mail-gate20.github.io</url>
              <origin>EXTRACTED_FILE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>mail-auth-oauth20.github.io</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>mail-gate20.github.io</url>
              <origin>EMAIL_BODY</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <url>mail-auth-oauth20.github.io</url>
              <origin>URL_RENDER</origin>
            </value>
            <value>
              <url>mail-gate20.github.io</url>
              <origin>URL_RENDER</origin>
            </value>
          </domains>
          <emails>
            <value>
              <email>hkn-machines@wagenfelder.de</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <email>info@pavaragroup.com</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <email>irteam@airliquide.com</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <email>sales@evercrossbridge.com</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <email>sgcs@gulf-marine.com</email>
              <origin>EXTRACTED_FILE</origin>
            </value>
            <value>
              <email>hkn-machines@wagenfelder.de</email>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <email>info@pavaragroup.com</email>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <email>irteam@airliquide.com</email>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <email>sales@evercrossbridge.com</email>
              <origin>EMAIL_BODY</origin>
            </value>
            <value>
              <email>sgcs@gulf-marine.com</email>
              <origin>EMAIL_BODY</origin>
            </value>
          </emails>
          <ips>
            <value>
              <ip>185.199.108.153</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
            <value>
              <ip>185.199.110.153</ip>
              <origin>DOMAIN_RESOLVE</origin>
              <verdict>UNKNOWN</verdict>
            </value>
          </ips>
          <files>
            <value>
              <SHA-256>f41e2f7c2ba0fae9a8d03957be4f5228ba8604e14be580a32cd4e4dd4b9ad228</SHA-256>
              <SHA-1>9e18782696b67861cd886b8f80621346916e9ef1</SHA-1>
              <MD5>a9158c986b224af51376f1418c2b61dc</MD5>
              <origin>EMAIL_BODY</origin>
              <file_type>text/html</file_type>
            </value>
            <value>
              <SHA-256>d3a4ddb0f7efa87f600d3ad8af83366dd7437bf2dabcfdc9637a27c32ee1d956</SHA-256>
              <SHA-1>57fb663d27d4405a8f3388757ed1e737d2117030</SHA-1>
              <MD5>27b64764ce349b4379085c19383ecf54</MD5>
              <origin>DOWNLOADED_FILE</origin>
              <file_type>text/html</file_type>
              <verdict>UNKNOWN</verdict>
            </value>
          </files>
        </iocs>
        <name>submission.eml</name>
        <report_id>1d964c8b-bc58-4862-aabd-6dd56047fa12</report_id>
        <tags>
          <value>eml</value>
          <value>rfc822</value>
          <value>html</value>
        </tags>
        <verdict>NO_THREAT</verdict>
      </details>
    </content>
  </entry>
</feed>
