{
  "statistics": {
    "processing": [
      {
        "name": "CAPE",
        "time": 0.494
      },
      {
        "name": "AnalysisInfo",
        "time": 0.01
      },
      {
        "name": "BehaviorAnalysis",
        "time": 0.002
      },
      {
        "name": "Debug",
        "time": 0.001
      },
      {
        "name": "NetworkAnalysis",
        "time": 0.007
      },
      {
        "name": "UrlAnalysis",
        "time": 0.0
      },
      {
        "name": "script_log_processing",
        "time": 0.0
      },
      {
        "name": "ProcessMemory",
        "time": 0.0
      }
    ],
    "signatures": [
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "stealth_network",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_blocklist",
        "time": 0.0
      },
      {
        "name": "disable_driver_via_hvcidisallowedimages",
        "time": 0.0
      },
      {
        "name": "disable_hypervisor_protected_code_integrity",
        "time": 0.0
      },
      {
        "name": "pendingfilerenameoperations_Operations",
        "time": 0.0
      },
      {
        "name": "anomalous_deletefile",
        "time": 0.0
      },
      {
        "name": "antiav_servicestop",
        "time": 0.0
      },
      {
        "name": "antidebug_guardpages",
        "time": 0.0
      },
      {
        "name": "antidebug_outputdebugstring",
        "time": 0.0
      },
      {
        "name": "antidebug_windows",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoocrash",
        "time": 0.0
      },
      {
        "name": "antisandbox_foregroundwindows",
        "time": 0.0
      },
      {
        "name": "mouse_movement_detect",
        "time": 0.0
      },
      {
        "name": "antisandbox_script_timer",
        "time": 0.0
      },
      {
        "name": "antisandbox_sleep",
        "time": 0.0
      },
      {
        "name": "antisandbox_unhook",
        "time": 0.0
      },
      {
        "name": "hardware_id_profiling",
        "time": 0.0
      },
      {
        "name": "antivm_directory_objects",
        "time": 0.0
      },
      {
        "name": "antivm_display",
        "time": 0.0
      },
      {
        "name": "antivm_generic_system",
        "time": 0.0
      },
      {
        "name": "antivm_checks_available_memory",
        "time": 0.0
      },
      {
        "name": "detect_virtualization_via_recent_files",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_events",
        "time": 0.0
      },
      {
        "name": "antivm_wmi",
        "time": 0.0
      },
      {
        "name": "api_spamming",
        "time": 0.0
      },
      {
        "name": "api_uuidfromstringa",
        "time": 0.0
      },
      {
        "name": "bcdedit_command",
        "time": 0.0
      },
      {
        "name": "direct_hdd_access",
        "time": 0.0
      },
      {
        "name": "physical_drive_access",
        "time": 0.0
      },
      {
        "name": "potential_overwrite_mbr",
        "time": 0.0
      },
      {
        "name": "read_file_raw_disk_access",
        "time": 0.0
      },
      {
        "name": "suspicious_iocontrol_codes",
        "time": 0.0
      },
      {
        "name": "browser_needed",
        "time": 0.0
      },
      {
        "name": "amsi_enumeration",
        "time": 0.0
      },
      {
        "name": "suspicious_ntdll_disk_load",
        "time": 0.0
      },
      {
        "name": "direct_syscall_evasion",
        "time": 0.0
      },
      {
        "name": "unbacked_syscall_execution",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstp",
        "time": 0.0
      },
      {
        "name": "uac_bypass_eventvwr",
        "time": 0.0
      },
      {
        "name": "privilege_elevation_check",
        "time": 0.0
      },
      {
        "name": "dotnet_code_compile",
        "time": 0.0
      },
      {
        "name": "queries_computer_name",
        "time": 0.0
      },
      {
        "name": "queries_user_name",
        "time": 0.0
      },
      {
        "name": "creates_largekey",
        "time": 0.0
      },
      {
        "name": "creates_nullvalue",
        "time": 0.0
      },
      {
        "name": "access_windows_passwords_vault",
        "time": 0.0
      },
      {
        "name": "lsass_credential_dumping",
        "time": 0.0
      },
      {
        "name": "critical_process",
        "time": 0.0
      },
      {
        "name": "query_fips_reconnaissance",
        "time": 0.0
      },
      {
        "name": "cryptopool_domains",
        "time": 0.0
      },
      {
        "name": "dead_connect",
        "time": 0.0
      },
      {
        "name": "dead_link",
        "time": 0.0
      },
      {
        "name": "decoy_document",
        "time": 0.0
      },
      {
        "name": "decoy_image",
        "time": 0.0
      },
      {
        "name": "deletes_consolehost_history",
        "time": 0.0
      },
      {
        "name": "dep_bypass",
        "time": 0.0
      },
      {
        "name": "dep_disable",
        "time": 0.0
      },
      {
        "name": "disables_wfp",
        "time": 0.0
      },
      {
        "name": "add_windows_defender_exclusions",
        "time": 0.0
      },
      {
        "name": "mountpoints_volume_discovery",
        "time": 0.0
      },
      {
        "name": "dllload_suspicious_directory",
        "time": 0.0
      },
      {
        "name": "document_script_exe_drop",
        "time": 0.0
      },
      {
        "name": "driver_load",
        "time": 0.0
      },
      {
        "name": "install_kernel_driver_service",
        "time": 0.0
      },
      {
        "name": "malformed_dll_loading",
        "time": 0.0
      },
      {
        "name": "dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "encrypted_ioc",
        "time": 0.0
      },
      {
        "name": "registers_vectored_exception_handler",
        "time": 0.0
      },
      {
        "name": "process_creation_suspicious_location",
        "time": 0.0
      },
      {
        "name": "exploit_getbasekerneladdress",
        "time": 0.0
      },
      {
        "name": "exploit_gethaldispatchtable",
        "time": 0.0
      },
      {
        "name": "exploit_heapspray",
        "time": 0.0
      },
      {
        "name": "downloads_from_filehosting",
        "time": 0.0
      },
      {
        "name": "generic_phish",
        "time": 0.0
      },
      {
        "name": "http_request",
        "time": 0.0
      },
      {
        "name": "infostealer_browser",
        "time": 0.0
      },
      {
        "name": "infostealer_browser_password",
        "time": 0.0
      },
      {
        "name": "infostealer_cookies",
        "time": 0.0
      },
      {
        "name": "captures_screenshot",
        "time": 0.0
      },
      {
        "name": "creates_suspended_process",
        "time": 0.0
      },
      {
        "name": "injection_module_stomping_probing",
        "time": 0.0
      },
      {
        "name": "injection_network_traffic",
        "time": 0.0
      },
      {
        "name": "section_mapping_injection",
        "time": 0.0
      },
      {
        "name": "injection_themeinitapihook",
        "time": 0.0
      },
      {
        "name": "apc_injection",
        "time": 0.0
      },
      {
        "name": "resumethread_remote_process",
        "time": 0.0
      },
      {
        "name": "injection_write_exe_process",
        "time": 0.0
      },
      {
        "name": "injection_write_process",
        "time": 0.0
      },
      {
        "name": "internet_dropper",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_mutex",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_named_pipe",
        "time": 0.0
      },
      {
        "name": "interprocess_comms_shared_memory",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_named_pipe",
        "time": 0.0
      },
      {
        "name": "ipc_namedpipe",
        "time": 0.0
      },
      {
        "name": "js_phish",
        "time": 0.0
      },
      {
        "name": "js_suspicious_redirect",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_internet_explorer_exporter",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_run_exe_helper_utility",
        "time": 0.0
      },
      {
        "name": "execute_ps_via_syncappvpublishingserver",
        "time": 0.0
      },
      {
        "name": "malicious_dynamic_function_loading",
        "time": 0.0
      },
      {
        "name": "reads_memory_remote_process",
        "time": 0.0
      },
      {
        "name": "unbacked_exception_filter",
        "time": 0.0
      },
      {
        "name": "unbacked_process_mitigation_alteration",
        "time": 0.0
      },
      {
        "name": "thread_unbacked_memory",
        "time": 0.0
      },
      {
        "name": "unbacked_api_resolution",
        "time": 0.0
      },
      {
        "name": "unbacked_dotnet_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_library_load",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_apc_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_protection_alteration",
        "time": 0.0
      },
      {
        "name": "unbacked_mutex_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_process_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_veh_registration",
        "time": 0.0
      },
      {
        "name": "unbacked_com_instantiation",
        "time": 0.0
      },
      {
        "name": "unbacked_crypto_operations",
        "time": 0.0
      },
      {
        "name": "unbacked_delay_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_file_dropping",
        "time": 0.0
      },
      {
        "name": "unbacked_process_enumeration",
        "time": 0.0
      },
      {
        "name": "unbacked_registry_modification",
        "time": 0.0
      },
      {
        "name": "unbacked_service_manipulation",
        "time": 0.0
      },
      {
        "name": "unbacked_token_manipulation",
        "time": 0.0
      },
      {
        "name": "unbacked_wmi_execution",
        "time": 0.0
      },
      {
        "name": "unbacked_bind_shell",
        "time": 0.0
      },
      {
        "name": "unbacked_dns_resolution",
        "time": 0.0
      },
      {
        "name": "unbacked_memory_network_connection",
        "time": 0.0
      },
      {
        "name": "unbacked_named_pipe_creation",
        "time": 0.0
      },
      {
        "name": "unbacked_useragent_retrieval",
        "time": 0.0
      },
      {
        "name": "mimics_filetime",
        "time": 0.0
      },
      {
        "name": "amsi_bypass_via_com_registry",
        "time": 0.0
      },
      {
        "name": "access_auto_logons_via_registry",
        "time": 0.0
      },
      {
        "name": "access_boot_key_via_registry",
        "time": 0.0
      },
      {
        "name": "create_suspicious_lnk_files",
        "time": 0.0
      },
      {
        "name": "credential_access_via_windows_credential_history",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_microsoft_exchange",
        "time": 0.0
      },
      {
        "name": "dll_hijacking_via_waas_medic_svc_com_typelib",
        "time": 0.0
      },
      {
        "name": "execute_file_downloaded_via_openssh",
        "time": 0.0
      },
      {
        "name": "execute_safe_mode_from_suspicious_process",
        "time": 0.0
      },
      {
        "name": "execute_scripts_via_microsoft_management_console",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_processes_via_windows_mssql_service",
        "time": 0.0
      },
      {
        "name": "execution_from_self_extracting_archive",
        "time": 0.0
      },
      {
        "name": "ip_address_discovery_via_trusted_program",
        "time": 0.0
      },
      {
        "name": "load_dll_via_control_panel",
        "time": 0.0
      },
      {
        "name": "network_connection_via_suspicious_process",
        "time": 0.0
      },
      {
        "name": "potential_location_discovery_via_unusual_process",
        "time": 0.0
      },
      {
        "name": "store_executable_registry",
        "time": 0.0
      },
      {
        "name": "Suspicious_Execution_Via_MicrosoftExchangeTransportAgent",
        "time": 0.0
      },
      {
        "name": "suspicious_java_execution_via_win_scripts",
        "time": 0.0
      },
      {
        "name": "Suspicious_Scheduled_Task_Creation_Via_Masqueraded_XML_File",
        "time": 0.0
      },
      {
        "name": "uses_restart_manager_for_suspicious_activities",
        "time": 0.0
      },
      {
        "name": "modify_desktop_wallpaper",
        "time": 0.0
      },
      {
        "name": "move_file_on_reboot",
        "time": 0.0
      },
      {
        "name": "multiple_useragents",
        "time": 0.0
      },
      {
        "name": "network_anomaly",
        "time": 0.0
      },
      {
        "name": "network_bind",
        "time": 0.0
      },
      {
        "name": "etherhiding_smart_contract_call",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_archive",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_free_webhosting",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_generic",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_interactsh",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_opensource",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_pastesite",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_payload",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_serviceinterface",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_socialmedia",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_telegram",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_tempstorage",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_urlshortener",
        "time": 0.0
      },
      {
        "name": "network_cnc_https_useragent",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_exfil",
        "time": 0.0
      },
      {
        "name": "network_cnc_smtps_generic",
        "time": 0.0
      },
      {
        "name": "network_dns_idn",
        "time": 0.0
      },
      {
        "name": "network_dns_suspicious_querytype",
        "time": 0.0
      },
      {
        "name": "network_dns_tunneling_request",
        "time": 0.0
      },
      {
        "name": "network_document_http",
        "time": 0.0
      },
      {
        "name": "explorer_http",
        "time": 0.0
      },
      {
        "name": "network_fake_useragent",
        "time": 0.0
      },
      {
        "name": "legitimate_domain_abuse",
        "time": 0.0
      },
      {
        "name": "suspicious_communication_trusted_site",
        "time": 0.0
      },
      {
        "name": "network_tor",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882",
        "time": 0.0
      },
      {
        "name": "office_cve2017_11882_network",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444",
        "time": 0.0
      },
      {
        "name": "office_cve_2021_40444_m2",
        "time": 0.0
      },
      {
        "name": "office_flash_load",
        "time": 0.0
      },
      {
        "name": "office_postscript",
        "time": 0.0
      },
      {
        "name": "office_suspicious_processes",
        "time": 0.0
      },
      {
        "name": "office_write_exe",
        "time": 0.0
      },
      {
        "name": "decompress_exe",
        "time": 0.0
      },
      {
        "name": "persistence_via_autodial_dll_registry",
        "time": 0.0
      },
      {
        "name": "persistence_autorun",
        "time": 0.0
      },
      {
        "name": "persistence_autorun_tasks",
        "time": 0.0
      },
      {
        "name": "persistence_bootexecute",
        "time": 0.0
      },
      {
        "name": "persistence_registry_script",
        "time": 0.0
      },
      {
        "name": "powershell_network_connection",
        "time": 0.0
      },
      {
        "name": "powershell_download",
        "time": 0.0
      },
      {
        "name": "powershell_request",
        "time": 0.0
      },
      {
        "name": "createtoolhelp32snapshot_module_enumeration",
        "time": 0.0
      },
      {
        "name": "enumerates_running_processes",
        "time": 0.0
      },
      {
        "name": "process_interest",
        "time": 0.0
      },
      {
        "name": "process_needed",
        "time": 0.0
      },
      {
        "name": "ransomware_iocp_asynchronous_encryption",
        "time": 0.0
      },
      {
        "name": "kernel_crypto_driver_abuse",
        "time": 0.0
      },
      {
        "name": "mass_data_encryption",
        "time": 0.0
      },
      {
        "name": "ransomware_extension_hijack",
        "time": 0.0
      },
      {
        "name": "mass_file_modification_access",
        "time": 0.0
      },
      {
        "name": "ransomware_attribute_stripping",
        "time": 0.0
      },
      {
        "name": "ransomware_file_modifications",
        "time": 0.0
      },
      {
        "name": "mass_ransom_note_drop",
        "time": 0.0
      },
      {
        "name": "ransomware_message",
        "time": 0.0
      },
      {
        "name": "reads_self",
        "time": 0.0
      },
      {
        "name": "recon_beacon",
        "time": 0.0
      },
      {
        "name": "recon_programs",
        "time": 0.0
      },
      {
        "name": "accesses_recyclebin",
        "time": 0.0
      },
      {
        "name": "script_created_process",
        "time": 0.0
      },
      {
        "name": "script_network_activity",
        "time": 0.0
      },
      {
        "name": "suspicious_js_script",
        "time": 0.0
      },
      {
        "name": "javascript_timer",
        "time": 0.0
      },
      {
        "name": "secure_login_phishing",
        "time": 0.0
      },
      {
        "name": "securityxploded_modules",
        "time": 0.0
      },
      {
        "name": "get_clipboard_data",
        "time": 0.0
      },
      {
        "name": "sets_autoconfig_url",
        "time": 0.0
      },
      {
        "name": "spoofs_procname",
        "time": 0.0
      },
      {
        "name": "stack_pivot",
        "time": 0.0
      },
      {
        "name": "stack_pivot_file_created",
        "time": 0.0
      },
      {
        "name": "stack_pivot_process_create",
        "time": 0.0
      },
      {
        "name": "set_clipboard_data",
        "time": 0.0
      },
      {
        "name": "stealth_childproc",
        "time": 0.0
      },
      {
        "name": "stealth_file",
        "time": 0.0
      },
      {
        "name": "stealth_window",
        "time": 0.0
      },
      {
        "name": "queries_keyboard_layout",
        "time": 0.0
      },
      {
        "name": "queries_locale_api",
        "time": 0.0
      },
      {
        "name": "terminates_remote_process",
        "time": 0.0
      },
      {
        "name": "user_enum",
        "time": 0.0
      },
      {
        "name": "virus",
        "time": 0.0
      },
      {
        "name": "webmail_phish",
        "time": 0.0
      },
      {
        "name": "persists_dev_util",
        "time": 0.0
      },
      {
        "name": "spawns_dev_util",
        "time": 0.0
      },
      {
        "name": "alters_windows_utility",
        "time": 0.0
      },
      {
        "name": "overwrites_accessibility_utility",
        "time": 0.0
      },
      {
        "name": "Potential_Lateral_Movement_Via_SMBEXEC",
        "time": 0.0
      },
      {
        "name": "potential_WebShell_Via_ScreenConnectServer",
        "time": 0.0
      },
      {
        "name": "uses_Microsoft_HTML_Help_Executable",
        "time": 0.0
      },
      {
        "name": "wiper_zeroedbytes",
        "time": 0.0
      },
      {
        "name": "wmi_create_process",
        "time": 0.0
      },
      {
        "name": "wmi_script_process",
        "time": 0.0
      },
      {
        "name": "antianalysis_tls_section",
        "time": 0.0
      },
      {
        "name": "antivirus_clamav",
        "time": 0.0
      },
      {
        "name": "antivirus_virustotal",
        "time": 0.0
      },
      {
        "name": "bad_certs",
        "time": 0.0
      },
      {
        "name": "bad_ssl_certs",
        "time": 0.0
      },
      {
        "name": "banker_zeus_p2p",
        "time": 0.0
      },
      {
        "name": "banker_zeus_url",
        "time": 0.0
      },
      {
        "name": "binary_yara",
        "time": 0.0
      },
      {
        "name": "bot_athenahttp",
        "time": 0.0
      },
      {
        "name": "bot_dirtjumper",
        "time": 0.0
      },
      {
        "name": "bot_drive",
        "time": 0.0
      },
      {
        "name": "bot_drive2",
        "time": 0.0
      },
      {
        "name": "bot_madness",
        "time": 0.0
      },
      {
        "name": "byod_loldrivers_match",
        "time": 0.0
      },
      {
        "name": "byod_novel_driver",
        "time": 0.0
      },
      {
        "name": "byod_post_load_exploitation",
        "time": 0.0
      },
      {
        "name": "byod_driver_service_install",
        "time": 0.0
      },
      {
        "name": "com_spawned_process",
        "time": 0.0
      },
      {
        "name": "phishing_kit_detected",
        "time": 0.0
      },
      {
        "name": "family_proxyback",
        "time": 0.0
      },
      {
        "name": "flare_capa_antianalysis",
        "time": 0.0
      },
      {
        "name": "flare_capa_collection",
        "time": 0.0
      },
      {
        "name": "flare_capa_communication",
        "time": 0.0
      },
      {
        "name": "flare_capa_compiler",
        "time": 0.0
      },
      {
        "name": "flare_capa_datamanipulation",
        "time": 0.0
      },
      {
        "name": "flare_capa_executable",
        "time": 0.0
      },
      {
        "name": "flare_capa_hostinteraction",
        "time": 0.0
      },
      {
        "name": "flare_capa_impact",
        "time": 0.0
      },
      {
        "name": "flare_capa_lib",
        "time": 0.0
      },
      {
        "name": "flare_capa_linking",
        "time": 0.0
      },
      {
        "name": "flare_capa_loadcode",
        "time": 0.0
      },
      {
        "name": "flare_capa_malwarefamily",
        "time": 0.0
      },
      {
        "name": "flare_capa_nursery",
        "time": 0.0
      },
      {
        "name": "flare_capa_persistence",
        "time": 0.0
      },
      {
        "name": "flare_capa_runtime",
        "time": 0.0
      },
      {
        "name": "flare_capa_targeting",
        "time": 0.0
      },
      {
        "name": "threatfox",
        "time": 0.0
      },
      {
        "name": "log4shell",
        "time": 0.0
      },
      {
        "name": "mimics_extension",
        "time": 0.0
      },
      {
        "name": "network_country_distribution",
        "time": 0.0
      },
      {
        "name": "network_cnc_http",
        "time": 0.0
      },
      {
        "name": "network_ip_exe",
        "time": 0.0
      },
      {
        "name": "network_dga",
        "time": 0.0
      },
      {
        "name": "network_dga_fraunhofer",
        "time": 0.0
      },
      {
        "name": "network_dyndns",
        "time": 0.0
      },
      {
        "name": "network_excessive_udp",
        "time": 0.0
      },
      {
        "name": "network_http",
        "time": 0.0
      },
      {
        "name": "network_icmp",
        "time": 0.0
      },
      {
        "name": "network_irc",
        "time": 0.0
      },
      {
        "name": "network_open_proxy",
        "time": 0.0
      },
      {
        "name": "network_questionable_http_path",
        "time": 0.0
      },
      {
        "name": "network_questionable_https_path",
        "time": 0.0
      },
      {
        "name": "network_smtp",
        "time": 0.0
      },
      {
        "name": "network_torgateway",
        "time": 0.0
      },
      {
        "name": "origin_langid",
        "time": 0.0
      },
      {
        "name": "origin_resource_langid",
        "time": 0.0
      },
      {
        "name": "overlay",
        "time": 0.0
      },
      {
        "name": "pe_deep_entrypoint",
        "time": 0.0
      },
      {
        "name": "packer_unknown_pe_section_name",
        "time": 0.0
      },
      {
        "name": "packer_aspack",
        "time": 0.0
      },
      {
        "name": "packer_aspirecrypt",
        "time": 0.0
      },
      {
        "name": "packer_bedsprotector",
        "time": 0.0
      },
      {
        "name": "packer_confuser",
        "time": 0.0
      },
      {
        "name": "packer_enigma",
        "time": 0.0
      },
      {
        "name": "packer_entropy",
        "time": 0.0
      },
      {
        "name": "packer_mpress",
        "time": 0.0
      },
      {
        "name": "packer_nate",
        "time": 0.0
      },
      {
        "name": "packer_nspack",
        "time": 0.0
      },
      {
        "name": "packer_smartassembly",
        "time": 0.0
      },
      {
        "name": "packer_spices",
        "time": 0.0
      },
      {
        "name": "packer_themida",
        "time": 0.0
      },
      {
        "name": "packer_titan",
        "time": 0.0
      },
      {
        "name": "packer_upx",
        "time": 0.0
      },
      {
        "name": "packer_vmprotect",
        "time": 0.0
      },
      {
        "name": "packer_yoda",
        "time": 0.0
      },
      {
        "name": "pdf_annot_urls_checker",
        "time": 0.0
      },
      {
        "name": "pe_cert_invalid_signature",
        "time": 0.0
      },
      {
        "name": "pe_cert_self_signed",
        "time": 0.0
      },
      {
        "name": "pe_cert_suspicious_issuer",
        "time": 0.0
      },
      {
        "name": "polymorphic",
        "time": 0.0
      },
      {
        "name": "punch_plus_plus_pcres",
        "time": 0.0
      },
      {
        "name": "procmem_yara",
        "time": 0.0
      },
      {
        "name": "recon_checkip",
        "time": 0.0
      },
      {
        "name": "sigma_events",
        "time": 0.0
      },
      {
        "name": "static_authenticode",
        "time": 0.0
      },
      {
        "name": "invalid_authenticode_signature",
        "time": 0.0
      },
      {
        "name": "static_dotnet_anomaly",
        "time": 0.0
      },
      {
        "name": "static_java",
        "time": 0.0
      },
      {
        "name": "static_pdf",
        "time": 0.0
      },
      {
        "name": "contains_pe_overlay",
        "time": 0.0
      },
      {
        "name": "static_pe_anomaly",
        "time": 0.0
      },
      {
        "name": "pe_compile_timestomping",
        "time": 0.0
      },
      {
        "name": "static_pe_pdbpath",
        "time": 0.0
      },
      {
        "name": "static_rat_config",
        "time": 0.0
      },
      {
        "name": "static_versioninfo_anomaly",
        "time": 0.0
      },
      {
        "name": "browser_credential_theft_headless",
        "time": 0.0
      },
      {
        "name": "suricata_alert",
        "time": 0.0
      },
      {
        "name": "suspicious_html_body",
        "time": 0.0
      },
      {
        "name": "suspicious_html_name",
        "time": 0.0
      },
      {
        "name": "suspicious_html_title",
        "time": 0.0
      },
      {
        "name": "volatility_devicetree_1",
        "time": 0.0
      },
      {
        "name": "volatility_handles_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_1",
        "time": 0.0
      },
      {
        "name": "volatility_ldrmodules_2",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_1",
        "time": 0.0
      },
      {
        "name": "volatility_malfind_2",
        "time": 0.0
      },
      {
        "name": "volatility_modscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_1",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_2",
        "time": 0.0
      },
      {
        "name": "volatility_svcscan_3",
        "time": 0.0
      },
      {
        "name": "whois_create",
        "time": 0.0
      },
      {
        "name": "accesses_mailslot",
        "time": 0.0
      },
      {
        "name": "accesses_netlogon_regkey",
        "time": 0.0
      },
      {
        "name": "accesses_public_folder",
        "time": 0.0
      },
      {
        "name": "accesses_sysvol",
        "time": 0.0
      },
      {
        "name": "writes_sysvol",
        "time": 0.0
      },
      {
        "name": "adds_admin_user",
        "time": 0.0
      },
      {
        "name": "adds_user",
        "time": 0.0
      },
      {
        "name": "overwrites_admin_password",
        "time": 0.0
      },
      {
        "name": "antianalysis_detectfile",
        "time": 0.001
      },
      {
        "name": "antianalysis_detectreg",
        "time": 0.001
      },
      {
        "name": "modify_attachment_manager",
        "time": 0.0
      },
      {
        "name": "antiav_detectfile",
        "time": 0.001
      },
      {
        "name": "antiav_detectreg",
        "time": 0.002
      },
      {
        "name": "antiav_srp",
        "time": 0.0
      },
      {
        "name": "antiav_whitespace",
        "time": 0.0
      },
      {
        "name": "antidebug_devices",
        "time": 0.0
      },
      {
        "name": "antiemu_windefend",
        "time": 0.0
      },
      {
        "name": "antiemu_wine_reg",
        "time": 0.0
      },
      {
        "name": "antisandbox_cuckoo_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_fortinet_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_joe_anubis_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_sboxie_mutex",
        "time": 0.0
      },
      {
        "name": "antisandbox_sunbelt_files",
        "time": 0.0
      },
      {
        "name": "antisandbox_threattrack_files",
        "time": 0.0
      },
      {
        "name": "antivm_bochs_keys",
        "time": 0.0
      },
      {
        "name": "antivm_generic_bios",
        "time": 0.0
      },
      {
        "name": "antivm_generic_diskreg",
        "time": 0.0
      },
      {
        "name": "antivm_hyperv_keys",
        "time": 0.0
      },
      {
        "name": "antivm_parallels_keys",
        "time": 0.0
      },
      {
        "name": "antivm_recentdocs",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vbox_files",
        "time": 0.001
      },
      {
        "name": "antivm_vbox_keys",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_devices",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_files",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_keys",
        "time": 0.0
      },
      {
        "name": "antivm_vmware_mutexes",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_files",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_keys",
        "time": 0.0
      },
      {
        "name": "antivm_vpc_mutex",
        "time": 0.0
      },
      {
        "name": "antivm_xen_keys",
        "time": 0.0
      },
      {
        "name": "ketrican_regkeys",
        "time": 0.0
      },
      {
        "name": "bitcoin_opencl",
        "time": 0.0
      },
      {
        "name": "enumerates_physical_drives",
        "time": 0.0
      },
      {
        "name": "bot_russkill",
        "time": 0.0
      },
      {
        "name": "browser_addon",
        "time": 0.0
      },
      {
        "name": "chromium_browser_extension_directory",
        "time": 0.0
      },
      {
        "name": "browser_helper_object",
        "time": 0.0
      },
      {
        "name": "browser_security",
        "time": 0.001
      },
      {
        "name": "browser_startpage",
        "time": 0.0
      },
      {
        "name": "executes_headless_browser",
        "time": 0.0
      },
      {
        "name": "suspicious_browser_arguments",
        "time": 0.0
      },
      {
        "name": "ie_disables_process_tab",
        "time": 0.0
      },
      {
        "name": "odbcconf_bypass",
        "time": 0.0
      },
      {
        "name": "squiblydoo_bypass",
        "time": 0.0
      },
      {
        "name": "squiblytwo_bypass",
        "time": 0.0
      },
      {
        "name": "bypass_chromium_protection",
        "time": 0.0
      },
      {
        "name": "bypass_firewall",
        "time": 0.0
      },
      {
        "name": "checks_uac_status",
        "time": 0.0
      },
      {
        "name": "uac_bypass_cmstpcom",
        "time": 0.0
      },
      {
        "name": "uac_bypass_delegateexecute_sdclt",
        "time": 0.0
      },
      {
        "name": "uac_bypass_fodhelper",
        "time": 0.0
      },
      {
        "name": "cape_extracted_content",
        "time": 0.0
      },
      {
        "name": "clears_logs",
        "time": 0.0
      },
      {
        "name": "cmdline_obfuscation",
        "time": 0.0
      },
      {
        "name": "cmdline_switches",
        "time": 0.0
      },
      {
        "name": "cmdline_terminate",
        "time": 0.0
      },
      {
        "name": "cmdline_forfiles_wildcard",
        "time": 0.0
      },
      {
        "name": "cmdline_http_link",
        "time": 0.0
      },
      {
        "name": "cmdline_long_string",
        "time": 0.0
      },
      {
        "name": "cmdline_reversed_http_link",
        "time": 0.0
      },
      {
        "name": "long_commandline",
        "time": 0.0
      },
      {
        "name": "powershell_renamed_commandline",
        "time": 0.0
      },
      {
        "name": "copies_self",
        "time": 0.0
      },
      {
        "name": "credwiz_credentialaccess",
        "time": 0.0
      },
      {
        "name": "enables_wdigest",
        "time": 0.0
      },
      {
        "name": "vaultcmd_credentialaccess",
        "time": 0.0
      },
      {
        "name": "file_credential_store_access",
        "time": 0.0
      },
      {
        "name": "file_credential_store_write",
        "time": 0.0
      },
      {
        "name": "kerberos_credential_access_via_rubeus",
        "time": 0.0
      },
      {
        "name": "registry_credential_dumping",
        "time": 0.0
      },
      {
        "name": "registry_credential_store_access",
        "time": 0.0
      },
      {
        "name": "registry_lsa_secrets_access",
        "time": 0.0
      },
      {
        "name": "comsvcs_credentialdump",
        "time": 0.0
      },
      {
        "name": "cryptomining_stratum_command",
        "time": 0.0
      },
      {
        "name": "deepfreeze_mutex",
        "time": 0.0
      },
      {
        "name": "deletes_executed_files",
        "time": 0.0
      },
      {
        "name": "disables_app_launch",
        "time": 0.0
      },
      {
        "name": "disables_auto_app_termination",
        "time": 0.0
      },
      {
        "name": "disables_appv_virtualization",
        "time": 0.0
      },
      {
        "name": "disables_backups",
        "time": 0.001
      },
      {
        "name": "disables_browser_warn",
        "time": 0.001
      },
      {
        "name": "disables_context_menus",
        "time": 0.0
      },
      {
        "name": "disables_cpl_disable",
        "time": 0.0
      },
      {
        "name": "disables_crashdumps",
        "time": 0.0
      },
      {
        "name": "disables_event_logging",
        "time": 0.0
      },
      {
        "name": "disables_folder_options",
        "time": 0.0
      },
      {
        "name": "disables_notificationcenter",
        "time": 0.0
      },
      {
        "name": "disables_power_options",
        "time": 0.0
      },
      {
        "name": "disables_restore_default_state",
        "time": 0.0
      },
      {
        "name": "disables_run_command",
        "time": 0.0
      },
      {
        "name": "disables_smartscreen",
        "time": 0.0
      },
      {
        "name": "disables_startmenu_search",
        "time": 0.0
      },
      {
        "name": "disables_system_restore",
        "time": 0.0
      },
      {
        "name": "disables_uac",
        "time": 0.0
      },
      {
        "name": "disables_wer",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender",
        "time": 0.0
      },
      {
        "name": "disables_windows_defender_logging",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_contextmenu",
        "time": 0.0
      },
      {
        "name": "removes_windows_defender_updates",
        "time": 0.0
      },
      {
        "name": "windows_defender_powershell",
        "time": 0.0
      },
      {
        "name": "disables_windows_file_protection",
        "time": 0.0
      },
      {
        "name": "disables_windowsupdate",
        "time": 0.0
      },
      {
        "name": "disables_winfirewall",
        "time": 0.0
      },
      {
        "name": "folder_enumeration",
        "time": 0.0
      },
      {
        "name": "discover_registry_mount_points",
        "time": 0.0
      },
      {
        "name": "adfind_domain_enumeration",
        "time": 0.0
      },
      {
        "name": "domain_enumeration_commands",
        "time": 0.0
      },
      {
        "name": "driver_filtermanager",
        "time": 0.0
      },
      {
        "name": "dropper",
        "time": 0.0
      },
      {
        "name": "dll_archive_execution",
        "time": 0.0
      },
      {
        "name": "lnk_archive_execution",
        "time": 0.0
      },
      {
        "name": "script_archive_execution",
        "time": 0.0
      },
      {
        "name": "excel4_macro_urls",
        "time": 0.0
      },
      {
        "name": "escalate_privilege_via_ntlm_relay",
        "time": 0.0
      },
      {
        "name": "spooler_access",
        "time": 0.0
      },
      {
        "name": "spooler_svc_start",
        "time": 0.0
      },
      {
        "name": "mapped_drives_uac",
        "time": 0.0
      },
      {
        "name": "hides_recycle_bin_icon",
        "time": 0.0
      },
      {
        "name": "infostealer_bitcoin",
        "time": 0.001
      },
      {
        "name": "infostealer_ftp",
        "time": 0.001
      },
      {
        "name": "infostealer_im",
        "time": 0.001
      },
      {
        "name": "infostealer_mail",
        "time": 0.001
      },
      {
        "name": "Evade_Execution_Via_ASPNet_Compiler",
        "time": 0.0
      },
      {
        "name": "Evade_Execute_Via_DeviceCredentialDeployment",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Filter_Manager_Control",
        "time": 0.0
      },
      {
        "name": "Evade_Execution_Via_Intel_GFXDownloadWrapper",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_appvlp",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_OpenSSH",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_pcalua",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_PesterPSModule",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_ScriptRunner",
        "time": 0.0
      },
      {
        "name": "execute_binary_via_ttdinject",
        "time": 0.0
      },
      {
        "name": "Execute_Binary_Via_VisualStudioLiveShare",
        "time": 0.0
      },
      {
        "name": "Execute_Msiexec_Via_Explorer",
        "time": 0.0
      },
      {
        "name": "execute_remote_msi",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_runscripthelper",
        "time": 0.0
      },
      {
        "name": "execute_suspicious_powershell_via_sqlps",
        "time": 0.0
      },
      {
        "name": "Indirect_Command_Execution_Via_ConsoleWindowHost",
        "time": 0.0
      },
      {
        "name": "Perform_Malicious_Activities_Via_Headless_Browser",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_CertOC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_MSIEXEC",
        "time": 0.0
      },
      {
        "name": "Register_DLL_Via_Odbcconf",
        "time": 0.0
      },
      {
        "name": "Scriptlet_Proxy_Execution_Via_Pubprn",
        "time": 0.0
      },
      {
        "name": "ie_martian_children",
        "time": 0.0
      },
      {
        "name": "office_martian_children",
        "time": 0.0
      },
      {
        "name": "mimics_icon",
        "time": 0.0
      },
      {
        "name": "masquerade_process_name",
        "time": 0.001
      },
      {
        "name": "mimikatz_modules",
        "time": 0.0
      },
      {
        "name": "ms_office_cmd_rce",
        "time": 0.0
      },
      {
        "name": "mount_copy_to_webdav_share",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_legit_utilities",
        "time": 0.0
      },
      {
        "name": "potential_protocol_tunneling_via_qemu",
        "time": 0.0
      },
      {
        "name": "suspicious_execution_via_dotnet_remoting",
        "time": 0.0
      },
      {
        "name": "modify_certs",
        "time": 0.0
      },
      {
        "name": "dotnet_clr_usagelog_regkeys",
        "time": 0.0
      },
      {
        "name": "modify_hostfile",
        "time": 0.0
      },
      {
        "name": "modify_oem_information",
        "time": 0.0
      },
      {
        "name": "modify_security_center_warnings",
        "time": 0.0
      },
      {
        "name": "modify_uac_prompt",
        "time": 0.0
      },
      {
        "name": "network_dns_blockchain",
        "time": 0.0
      },
      {
        "name": "network_dns_opennic",
        "time": 0.0
      },
      {
        "name": "network_dns_paste_site",
        "time": 0.0
      },
      {
        "name": "network_dns_reverse_proxy",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_file_storage",
        "time": 0.0
      },
      {
        "name": "network_dns_temp_urldns",
        "time": 0.0
      },
      {
        "name": "network_dns_url_shortener",
        "time": 0.0
      },
      {
        "name": "network_dns_doh_tls",
        "time": 0.0
      },
      {
        "name": "suspicious_tld",
        "time": 0.0
      },
      {
        "name": "network_tor_service",
        "time": 0.0
      },
      {
        "name": "office_code_page",
        "time": 0.0
      },
      {
        "name": "office_addinloading",
        "time": 0.0
      },
      {
        "name": "office_perfkey",
        "time": 0.0
      },
      {
        "name": "office_macro",
        "time": 0.0
      },
      {
        "name": "changes_trust_center_settings",
        "time": 0.0
      },
      {
        "name": "disables_vba_trust_access",
        "time": 0.0
      },
      {
        "name": "office_macro_autoexecution",
        "time": 0.0
      },
      {
        "name": "office_macro_ioc",
        "time": 0.0
      },
      {
        "name": "office_macro_malicious_prediction",
        "time": 0.0
      },
      {
        "name": "office_macro_suspicious",
        "time": 0.0
      },
      {
        "name": "rtf_aslr_bypass",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_characterset",
        "time": 0.0
      },
      {
        "name": "rtf_anomaly_version",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_content",
        "time": 0.0
      },
      {
        "name": "rtf_embedded_office_file",
        "time": 0.0
      },
      {
        "name": "rtf_exploit_static",
        "time": 0.0
      },
      {
        "name": "office_security",
        "time": 0.0
      },
      {
        "name": "accesses_office_username",
        "time": 0.0
      },
      {
        "name": "office_anomalous_feature",
        "time": 0.0
      },
      {
        "name": "office_dde_command",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_mutex",
        "time": 0.0
      },
      {
        "name": "packer_armadillo_regkey",
        "time": 0.0
      },
      {
        "name": "persistence_safeboot",
        "time": 0.0
      },
      {
        "name": "persistence_ifeo",
        "time": 0.0
      },
      {
        "name": "persistence_silent_process_exit",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_registry",
        "time": 0.0
      },
      {
        "name": "persistence_rdp_shadowing",
        "time": 0.0
      },
      {
        "name": "persistence_shim_database",
        "time": 0.0
      },
      {
        "name": "powershell_scriptblock_logging",
        "time": 0.0
      },
      {
        "name": "powershell_command_suspicious",
        "time": 0.0
      },
      {
        "name": "powershell_history_save_mod",
        "time": 0.0
      },
      {
        "name": "powershell_renamed",
        "time": 0.0
      },
      {
        "name": "powershell_reversed",
        "time": 0.0
      },
      {
        "name": "powershell_variable_obfuscation",
        "time": 0.0
      },
      {
        "name": "prevents_safeboot",
        "time": 0.0
      },
      {
        "name": "cmdline_process_discovery",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_generic",
        "time": 0.0
      },
      {
        "name": "ransomware_extensions_known",
        "time": 0.004
      },
      {
        "name": "ransomware_files",
        "time": 0.006
      },
      {
        "name": "ransomware_recyclebin",
        "time": 0.0
      },
      {
        "name": "ransomware_revil_regkey",
        "time": 0.0
      },
      {
        "name": "reads_password_database",
        "time": 0.0
      },
      {
        "name": "recon_fingerprint",
        "time": 0.0
      },
      {
        "name": "rdptcp_key",
        "time": 0.0
      },
      {
        "name": "uses_rdp_clip",
        "time": 0.0
      },
      {
        "name": "uses_remote_desktop_session",
        "time": 0.0
      },
      {
        "name": "removes_networking_icon",
        "time": 0.0
      },
      {
        "name": "removes_pinned_programs",
        "time": 0.0
      },
      {
        "name": "removes_security_maintenance_icon",
        "time": 0.0
      },
      {
        "name": "removes_startmenu_defaults",
        "time": 0.0
      },
      {
        "name": "removes_username_startmenu",
        "time": 0.0
      },
      {
        "name": "sniffer_winpcap",
        "time": 0.0
      },
      {
        "name": "spreading_autoruninf",
        "time": 0.0
      },
      {
        "name": "stealth_hidden_extension",
        "time": 0.0
      },
      {
        "name": "stealth_hiddenreg",
        "time": 0.0
      },
      {
        "name": "stealth_hide_notifications",
        "time": 0.0
      },
      {
        "name": "stealth_webhistory",
        "time": 0.0
      },
      {
        "name": "sysinternals_psexec",
        "time": 0.0
      },
      {
        "name": "sysinternals_tools",
        "time": 0.0
      },
      {
        "name": "language_check_registry",
        "time": 0.0
      },
      {
        "name": "tampers_etw",
        "time": 0.0
      },
      {
        "name": "lsa_tampering",
        "time": 0.0
      },
      {
        "name": "tampers_powershell_logging",
        "time": 0.0
      },
      {
        "name": "territorial_disputes_sigs",
        "time": 0.002
      },
      {
        "name": "uses_adfind",
        "time": 0.0
      },
      {
        "name": "uses_ms_protocol",
        "time": 0.0
      },
      {
        "name": "owa_web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_files",
        "time": 0.0
      },
      {
        "name": "web_shell_processes",
        "time": 0.0
      },
      {
        "name": "dotnet_csc_build",
        "time": 0.0
      },
      {
        "name": "mavinject_lolbin",
        "time": 0.0
      },
      {
        "name": "multiple_explorer_instances",
        "time": 0.0
      },
      {
        "name": "script_tool_executed",
        "time": 0.0
      },
      {
        "name": "suspicious_certutil_use",
        "time": 0.0
      },
      {
        "name": "suspicious_command_tools",
        "time": 0.0
      },
      {
        "name": "suspicious_mpcmdrun_use",
        "time": 0.0
      },
      {
        "name": "suspicious_ping_use",
        "time": 0.0
      },
      {
        "name": "uses_powershell_copyitem",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_appcmd",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_csvde_ldifde",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_cipher",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_clickonce",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_curl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_dsquery",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_esentutl",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_finger",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_mode",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_ntdsutil",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_nltest",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_setx",
        "time": 0.0
      },
      {
        "name": "uses_windows_utilities_xcopy",
        "time": 0.0
      },
      {
        "name": "wmic_command_suspicious",
        "time": 0.0
      },
      {
        "name": "scrcons_wmi_script_consumer",
        "time": 0.0
      }
    ],
    "reporting": [
      {
        "name": "BinGraph",
        "time": 0.0
      }
    ]
  },
  "target": {
    "category": "file",
    "file": {
      "name": "philip website fixed.html",
      "path": "/opt/CAPEv2/storage/binaries/076775d4cc29dcc6bfb09ffcfe5d423ebf13310c4aa17c9bf3ed8bd4f9eab0d2",
      "guest_paths": "",
      "size": 771,
      "crc32": "FD52D484",
      "md5": "0332a12a029770f3118f9f346bf46dfe",
      "sha1": "c7efd61451c78ffd91b317cd325ccfb972675e5d",
      "sha256": "076775d4cc29dcc6bfb09ffcfe5d423ebf13310c4aa17c9bf3ed8bd4f9eab0d2",
      "sha512": "adce70f7de8b261b5cc4728e19d2a8c77bf568729b29974bd0eaec2fee2d3e0050489db9b93f9cc44aed4d6c4783268d1fb835fc1b548427b17c5575bbe1754e",
      "rh_hash": null,
      "ssdeep": "24:ZoEaGW3TgGeiVGnM8cBRdNQ8eAW9mCm8L:Zl9IWioM8AeAH8L",
      "type": "HTML document, ASCII text",
      "yara": [],
      "cape_yara": [],
      "clamav": [],
      "tlsh": "T12F0120B7F094A5BB9E17F49EA807BAADC3817021A06655AC318C98C3F6C9F66C2420D1",
      "sha3_384": "26749ffc9c66975cea7ab1994253035ca475698534ecdac0ca8a49b4042fe024fec7fbb200deb4073b97249375f09beb",
      "yara_hash": "68e243d1d9aeb1f1e94057af9823c58e140832514ed3e7b46b181bf94e4e12ce",
      "options_hash": "b7818797508282994ea72592ded64b364725c9400a38d418189579c94a89385e",
      "data": "<center><h1><u>The Philip Adams Website</u></h1>\n<p>Click the word <a href='https://www.youtube.com/osfirsttimer'>YouTube</a> to visit the best thing on the YouTube website</p>\n<h2><p>Check out this google logo</p></h2>\n<a href='https://www.google.com.au/'><img src='https://www.google.com.au/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png'alt='Google'/>\n</a><p><i>Click on the google logo to visit google website</i></p>\n\n<table border=\"9>\n\n<td bgcolor=\"red\">Windows 95</td><td bgcolor=\"rainbow\">Windows 98</td><td bgcolor=\"lightblue\">Windows 2000<td bgcolor=\"yellow\">Windows XP</td><td bgcolor=\"pink\">Windows 8</td>\n</table>\n\n<MARQUEE WIDTH=460 HEIGHT=50>\nPhilip's silly website!!!\n</MARQUEE>\n\n<p><font size=9 face=\"Impact\">Copyright Diana 2017</font></p>\n",
      "strings": [],
      "virustotal": {
        "error": true,
        "msg": "Unable to complete connection to VirusTotal. Status code: 429"
      },
      "executed_tools": [
        "msi_extract",
        "overlay",
        "kixtart_extract",
        "vbe_extract",
        "batch_extract",
        "UnAutoIt_extract",
        "UPX_unpack",
        "RarSFX_extract",
        "Inno_extract",
        "SevenZip_unpack",
        "de4dot_deobfuscate",
        "eziriz_deobfuscate",
        "office_one"
      ],
      "cape_type_code": 0,
      "cape_type": ""
    }
  },
  "CAPE": {
    "payloads": [],
    "configs": []
  },
  "info": {
    "version": "2.5",
    "started": "2026-06-29 16:59:18",
    "ended": "2026-06-29 16:59:36",
    "duration": 18,
    "id": 99,
    "category": "file",
    "custom": "",
    "machine": {
      "id": 99,
      "status": "stopping",
      "name": "win10",
      "label": "win10",
      "platform": "windows",
      "manager": "KVM",
      "started_on": "2026-06-29 16:59:18",
      "shutdown_on": "2026-06-29 16:59:35"
    },
    "package": "edge",
    "timeout": false,
    "tlp": null,
    "parent_sample": null,
    "options": {
      "vnc_port": "5900"
    },
    "source_url": null,
    "route": "internet",
    "user_id": 0,
    "CAPE_current_commit": "394455c2cd85889fb0782bfcf1f8c5c2f7f77b46"
  },
  "behavior": {
    "processes": []
  },
  "debug": {
    "log": "2026-06-29 14:58:58,588 [root] INFO: Date set to: 20260629T16:59:22, timeout set to: 200\n2026-06-29 16:59:22,387 [root] DEBUG: Starting analyzer from: C:\\7d7wfxi0\n2026-06-29 16:59:22,388 [root] DEBUG: Storing results at: C:\\xUytmwVfoP\n2026-06-29 16:59:22,389 [root] DEBUG: Pipe server name: \\\\.\\PIPE\\EcXQecBoz\n2026-06-29 16:59:22,389 [root] DEBUG: Python path: C:\\Users\\Rajesh\\AppData\\Local\\Programs\\Python\\Python314\n2026-06-29 16:59:22,390 [root] INFO: analysis running as an admin\n2026-06-29 16:59:22,390 [root] INFO: analysis package specified: \"edge\"\n2026-06-29 16:59:22,391 [root] DEBUG: importing analysis package module: \"modules.packages.edge\"...\n2026-06-29 16:59:22,396 [root] DEBUG: imported analysis package \"edge\"\n2026-06-29 16:59:22,396 [root] DEBUG: initializing analysis package \"edge\"...\n2026-06-29 16:59:22,413 [lib.common.common] INFO: no wrapping\n2026-06-29 16:59:22,423 [lib.core.compound] INFO: C:\\Users\\Rajesh\\AppData\\Local\\Temp already exists, skipping creation\n2026-06-29 16:59:22,451 [root] DEBUG: New location of moved file: C:\\Users\\Rajesh\\AppData\\Local\\Temp\\philip website fixed.html\n2026-06-29 16:59:22,452 [root] INFO: Analyzer: Package modules.packages.edge does not specify a dll option\n2026-06-29 16:59:22,452 [root] INFO: Analyzer: Package modules.packages.edge does not specify a dll_64 option\n2026-06-29 16:59:22,452 [root] INFO: Analyzer: Package modules.packages.edge does not specify a loader option\n2026-06-29 16:59:22,452 [root] INFO: Analyzer: Package modules.packages.edge does not specify a loader_64 option\n2026-06-29 16:59:22,470 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.browser\"\n2026-06-29 16:59:22,476 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.digisig\"\n2026-06-29 16:59:22,509 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.disguise\"\n2026-06-29 16:59:22,802 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.human\"\n2026-06-29 16:59:22,810 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'\n2026-06-29 16:59:22,811 [lib.api.screenshot] ERROR: No module named 'PIL'\n2026-06-29 16:59:22,812 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.screenshots\"\n2026-06-29 16:59:22,815 [root] DEBUG: Imported auxiliary module \"modules.auxiliary.tlsdump\"\n2026-06-29 16:59:22,815 [root] DEBUG: Initialized auxiliary module \"Browser\"\n2026-06-29 16:59:22,816 [root] DEBUG: attempting to configure 'Browser' from data\n2026-06-29 16:59:22,817 [root] DEBUG: module Browser does not support data configuration, ignoring\n2026-06-29 16:59:22,817 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.browser\"...\n2026-06-29 16:59:22,828 [root] DEBUG: Started auxiliary module modules.auxiliary.browser\n2026-06-29 16:59:22,829 [root] DEBUG: Initialized auxiliary module \"DigiSig\"\n2026-06-29 16:59:22,829 [root] DEBUG: attempting to configure 'DigiSig' from data\n2026-06-29 16:59:22,829 [root] DEBUG: module DigiSig does not support data configuration, ignoring\n2026-06-29 16:59:22,829 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.digisig\"...\n2026-06-29 16:59:22,830 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature\n2026-06-29 16:59:23,273 [modules.auxiliary.digisig] DEBUG: File has an invalid signature\n2026-06-29 16:59:23,273 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json\n2026-06-29 16:59:23,276 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig\n2026-06-29 16:59:23,276 [root] DEBUG: Initialized auxiliary module \"Disguise\"\n2026-06-29 16:59:23,277 [root] DEBUG: attempting to configure 'Disguise' from data\n2026-06-29 16:59:23,277 [root] DEBUG: module Disguise does not support data configuration, ignoring\n2026-06-29 16:59:23,277 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.disguise\"...\n2026-06-29 16:59:23,283 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 2264)\n2026-06-29 16:59:23,288 [modules.auxiliary.disguise] INFO: Disguising GUID to 66c92be0-096a-4693-b2f4-39ea0ebbe16e\n2026-06-29 16:59:23,288 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise\n2026-06-29 16:59:23,289 [root] DEBUG: Initialized auxiliary module \"Human\"\n2026-06-29 16:59:23,289 [root] DEBUG: attempting to configure 'Human' from data\n2026-06-29 16:59:23,290 [root] DEBUG: module Human does not support data configuration, ignoring\n2026-06-29 16:59:23,290 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.human\"...\n2026-06-29 16:59:23,347 [root] DEBUG: Started auxiliary module modules.auxiliary.human\n2026-06-29 16:59:23,347 [root] DEBUG: Initialized auxiliary module \"Screenshots\"\n2026-06-29 16:59:23,347 [root] DEBUG: attempting to configure 'Screenshots' from data\n2026-06-29 16:59:23,348 [root] DEBUG: module Screenshots does not support data configuration, ignoring\n2026-06-29 16:59:23,348 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.screenshots\"...\n2026-06-29 16:59:23,355 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled\n2026-06-29 16:59:23,356 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots\n2026-06-29 16:59:23,356 [root] DEBUG: Initialized auxiliary module \"TLSDumpMasterSecrets\"\n2026-06-29 16:59:23,356 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data\n2026-06-29 16:59:23,356 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring\n2026-06-29 16:59:23,357 [root] DEBUG: Trying to start auxiliary module \"modules.auxiliary.tlsdump\"...\n2026-06-29 16:59:23,358 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process\n2026-06-29 16:59:23,359 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump\n2026-06-29 16:59:29,271 [root] INFO: Restarting WMI Service\n2026-06-29 16:59:31,401 [root] DEBUG: package modules.packages.edge does not support configure, ignoring\n2026-06-29 16:59:31,403 [root] WARNING: configuration error for package modules.packages.edge: error importing data.packages.edge: No module named 'data.packages'\n2026-06-29 16:59:31,404 [root] ERROR: You probably submitted the job with wrong package\nTraceback (most recent call last):\n  File \"C:\\7d7wfxi0/analyzer.py\", line 688, in run\n    pids = self.package.start(self.target)\n  File \"C:\\7d7wfxi0\\modules\\packages\\edge.py\", line 14, in start\n    edge = self.get_path(\"msedge.exe\")\n  File \"C:\\7d7wfxi0\\lib\\common\\abstracts.py\", line 142, in get_path\n    raise CuckooPackageError(f\"Unable to find any {application} executable\")\nlib.common.exceptions.CuckooPackageError: Unable to find any msedge.exe executable\n\nThe above exception was the direct cause of the following exception:\n\nTraceback (most recent call last):\n  File \"C:\\7d7wfxi0/analyzer.py\", line 1598, in <module>\n    success = analyzer.run()\n  File \"C:\\7d7wfxi0/analyzer.py\", line 692, in run\n    raise CuckooError(f'The package \"{self.package_name}\" start function raised an error: {e}') from e\nlib.common.exceptions.CuckooError: The package \"modules.packages.edge\" start function raised an error: Unable to find any msedge.exe executable\n2026-06-29 16:59:31,513 [root] WARNING: Folder at path \"C:\\xUytmwVfoP\\debugger\" does not exist, skipping\n2026-06-29 16:59:31,514 [root] WARNING: Folder at path \"C:\\xUytmwVfoP\\tlsdump\" does not exist, skipping\n2026-06-29 16:59:31,514 [root] INFO: Analysis completed\n",
    "errors": []
  },
  "network": {
    "pcap_sha256": "b8bdd979717c173e3d80bc905ae8591c2f74e83419fcda0eab5e107e68d36981",
    "hosts": [
      {
        "ip": "151.101.206.172",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          80
        ]
      },
      {
        "ip": "20.190.159.23",
        "country_name": "unknown",
        "asn": "",
        "asn_name": "",
        "hostname": "",
        "inaddrarpa": "",
        "ports": [
          443
        ]
      }
    ],
    "domains": [],
    "tcp": [
      {
        "src": "192.168.122.139",
        "sport": 49769,
        "dst": "20.190.159.23",
        "dport": 443,
        "offset": 24,
        "time": 0.0
      },
      {
        "src": "192.168.122.139",
        "sport": 49780,
        "dst": "20.190.159.23",
        "dport": 443,
        "offset": 10514,
        "time": 1.47605299949646
      },
      {
        "src": "192.168.122.139",
        "sport": 49781,
        "dst": "151.101.206.172",
        "dport": 80,
        "offset": 34412,
        "time": 2.5609350204467773
      },
      {
        "src": "192.168.122.139",
        "sport": 49782,
        "dst": "151.101.206.172",
        "dport": 80,
        "offset": 37918,
        "time": 3.621706008911133
      }
    ],
    "udp": [],
    "icmp": [],
    "http": [],
    "dns": [],
    "smtp": [],
    "irc": [],
    "dead_hosts": []
  },
  "url_analysis": {},
  "procmemory": [],
  "signatures": [
    {
      "name": "suspicious_html_title",
      "description": "Sample contains empty HTML title",
      "categories": [
        "phishing",
        "static"
      ],
      "severity": 1,
      "weight": 1,
      "confidence": 100,
      "references": [
        "https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/",
        "https://socradar.io/what-is-a-phishing-kit/https://github.com/SteveD3/kit_hunter/tree/master/tag_files"
      ],
      "data": [],
      "new_data": [
        {
          "process": null,
          "signs": [
            {
              "type": "string",
              "value": "Empty HTML title"
            }
          ]
        }
      ],
      "alert": false,
      "families": []
    }
  ],
  "malscore": 0.5,
  "ttps": [],
  "malstatus": null
}