What is 1028.exe?
1028.exe is usually located in the 'c:\downloads\' folder.
Some of the anti-virus scanners at VirusTotal detected 1028.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Digital signatures [?]
1028.exe is not signed.
VirusTotal report
60 of the 72 anti-virus programs at VirusTotal detected the 1028.exe file. That's a 83% detection rate.
| Scanner | Detection Name |
|---|---|
| Acronis | suspicious |
| Ad-Aware | Win32.Sality.3 |
| AegisLab | Virus.Win32.Sality.v!c |
| AhnLab-V3 | Win32/Kashu.E |
| Alibaba | Virus:Win32/Sality.20969898 |
| ALYac | Win32.Sality.3 |
| Antiy-AVL | Virus/Win32.Sality.gen |
| Arcabit | Win32.Sality.3 |
| Avast | Win32:SaliCode |
| AVG | Win32:SaliCode |
| Avira | W32/Sality.AT |
| Baidu | Win32.Virus.Sality.gen |
| BitDefender | Win32.Sality.3 |
| Bkav | W32.Sality.PE |
| CAT-QuickHeal | W32.Sality.U |
| CrowdStrike | win/malicious_confidence_90% (W) |
| Cybereason | malicious.2235a0 |
| Cylance | Unsafe |
| Cyren | W32/Sality.gen2 |
| DrWeb | Win32.Sector.30 |
| Emsisoft | Win32.Sality.3 (B) |
| Endgame | malicious (high confidence) |
| ESET-NOD32 | Win32/Sality.NBA |
| F-Prot | W32/Sality.gen2 |
| F-Secure | Malware.W32/Sality.AT |
| FireEye | Generic.mg.989bcd32235a0c6e |
| Fortinet | W32/Sality.BH |
| GData | Win32.Sality.3 |
| Ikarus | Virus.Win32.Sality |
| Invincea | heuristic |
| Jiangmin | Win32/HLLP.Kuku.poly2 |
| K7AntiVirus | Virus ( f10001071 ) |
| K7GW | Virus ( f10001071 ) |
| Kaspersky | Virus.Win32.Sality.gen |
| MAX | malware (ai score=100) |
| MaxSecure | Virus.Sality.BH |
| McAfee | W32/Sality.gen.z |
| McAfee-GW-Edition | BehavesLike.Win32.Sality.tc |
| Microsoft | Virus:Win32/Sality.AT |
| MicroWorld-eScan | Win32.Sality.3 |
| NANO-Antivirus | Virus.Win32.Sality.bzkem |
| Paloalto | generic.ml |
| Panda | W32/Sality.AA |
| Qihoo-360 | Virus.Win32.Sality.I |
| Rising | Virus.Sality!1.A5BD (CLASSIC) |
| Sophos | Mal/Sality-D |
| Symantec | W32.Sality.AE |
| TACHYON | Virus/W32.Sality.D |
| Tencent | Virus.Win32.TuTu.Gen.200004 |
| TotalDefense | Win32/Sality.AA |
| Trapmine | malicious.high.ml.score |
| TrendMicro | PE_SALITY.ER |
| TrendMicro-HouseCall | PE_SALITY.ER |
| VBA32 | Virus.Win32.Sality.bakb |
| ViRobot | Win32.Sality.Gen.A |
| Webroot | W32.Sality |
| Yandex | Win32.Sality.FA.Gen |
| Zillya | Virus.Sality.Win32.25 |
| ZoneAlarm | Virus.Win32.Sality.gen |
| Zoner | Trojan.Win32.Sality.22009 |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-05.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-40.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-20.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-22.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-36.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-05.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-01.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-28.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-63.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-25.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-20.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-34.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-07.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-38.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-11.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-08.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-11.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-25.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-26.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-70.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-03.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-72.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-17.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-36.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-10.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-37.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-02.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-30.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-03.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-68.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-38.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-64.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-67.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-16.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-29.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-41.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-06.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-22.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-54.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-71.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-04.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-32.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-01.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-73.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-60.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-01.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-31.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-04.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-56.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-05.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-65.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-34.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-64.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-08.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-45.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-18.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-07.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-62.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-76.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-04.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-29.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-19.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-12.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-01.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-43.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-59.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-01.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-21.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-30.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-13.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-44.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-13.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-18.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-27.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-06.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-35.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-41.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-03.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-35.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-24.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-42.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-26.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-10.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-15.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-16.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-26.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-06.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-38.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-77.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-52.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-58.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-71.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-16.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-58.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-13.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-10.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-03.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-35.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-24.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-46.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-67.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-01.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-53.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-49.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-41.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-37.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-21.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-30.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-18.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-50.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-22.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winjlejgt.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-59.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-15.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-52.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-55.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-57.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-24.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-15.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-29.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-38.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-48.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-63.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-51.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-33.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-51.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-74.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-40.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-02.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-11.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-48.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-12.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-39.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-32.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-01.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-72.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-06.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-62.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-28.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-60.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-42.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-09.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-06.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-14.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-05.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-70.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-68.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-39.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-09.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-09.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-14.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-49.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-40.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-43.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-21.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-11.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-69.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-33.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-57.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-56.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-04.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-37.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-26.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-19.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-19.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-03.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-06.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-24.dds",
"C:\\Windows\\2147c48",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-15.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-02.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-31.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\__tmp_rar_sfx_access_check_34898531",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-23.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-13.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-21.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-41.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-65.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-03.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-09.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-25.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-22.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-23.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-32.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-02.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-77.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-47.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-74.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-08.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-23.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-27.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\version.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-03.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-28.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-17.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-05.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-36.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-04.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-10.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-45.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-12.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-29.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-33.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-39.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-28.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-40.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-35.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-08.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-14.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-02.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-14.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-66.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-46.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-66.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-27.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-17.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-31.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-20.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-12.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-34.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-07.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-36.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-05.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-47.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-25.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-34.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-20.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-61.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-54.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-17.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-44.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-18.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-27.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-23.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-32.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-33.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-19.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-39.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-02.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-02.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-31.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-53.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-61.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-75.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-75.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-30.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-03.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-07.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-69.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-01.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-04.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-37.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-76.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-73.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-55.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-02.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-16.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-50.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\ini\\Shop.dat"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_6",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\AntiVirusOverride",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\-691606842",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_7",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\1801680227",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\UpdatesDisableNotify",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\AntiVirusDisableNotify",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\UacDisableNotify",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:FMTID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\IconSize",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\-1383213684",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\FirewallOverride",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\DoNotAllowExceptions",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\FFlags",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Sort",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_8",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_8",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_8",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ColInfo",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_6",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\418466543",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\-273140299",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_3",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByDirection",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_4",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_5",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_2",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_3",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_0",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_1",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_7",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_6",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_5",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_4",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_3",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_1",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\LastAdvertisement",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\UacDisableNotify",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_5",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_6",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_7",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\AntiVirusDisableNotify",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_2",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_0",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupView",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\DisableNotifications",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\UserStartTime",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\FirewallDisableNotify",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\UpdatesDisableNotify",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_4",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\GlobalUserOffline",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2\\Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:PID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\\CheckSetting",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\LogicalViewMode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Mode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\AntiVirusOverride",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\-2074820526",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\FirewallOverride",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\EnableFirewall",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\FirewallDisableNotify",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\1110073385",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Streams\\Desktop\\TaskbarWinXP",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_3",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_2",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_5",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_4",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_7",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_1"
],
"dll_loaded": [
"ext-ms-win-kernel32-package-current-l1-1-0",
"C:\\Windows\\system32\\riched20.dll",
"kernel32",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"kernel32.dll",
"MSVCRT.dll",
"C:\\Windows\\system32\\rsaenh.dll",
"C:\\Windows\\system32\\ole32.dll",
"C:\\Windows\\system32\\sfc_os.dll",
"dwmapi.dll",
"C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll",
"C:\\Windows\\system32\\DXGIDebug.dll",
"Dropped
[
{
"yara": [],
"sha1": "8aa0cc295e3c8f03f855a5ef9eb6e0ca7e0dbfc7",
"name": "c0a7b6e75f7eeb84_fam06-52.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-52.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "c0a7b6e75f7eeb845f6fe6fdf775fa5f955ae7087ec48c229b0f4482b8a4343d",
"urls": [],
"crc32": "3A82F8C8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c0a7b6e75f7eeb84_fam06-52.dds",
"ssdeep": null,
"size": 65664,
"sha512": "2e5f495dcc7eae1c0edd665160fa9351bdea8a2066bc472da41e61ea447d7a84ce51c98c74dde78893b5a73abff1a74686457ec2b60dba568d4749876c680af0",
"pids": [
2504
],
"md5": "9684aca806aae7a1df6a1820e42d8c68"
},
{
"yara": [],
"sha1": "d3956e47dfd533ca2374a7eb9041d0fc55a7ddfd",
"name": "bed2e33c07dfe8e8_fam06-28.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-28.MSK",
"type": "data",
"sha256": "bed2e33c07dfe8e86a2dd104ce9c2ed5b14c2d57a8534b20624deaf274496194",
"urls": [],
"crc32": "BDCD3604",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/bed2e33c07dfe8e8_fam06-28.msk",
"ssdeep": null,
"size": 8192,
"sha512": "9ee1cb5778668a574751fa1f45715c3adce9230f19cec5057a1ce34c483e23a353d47dc2ee7b7f78fd482e052437c393220d75b833318847bb57ed6e8d43de27",
"pids": [
2504
],
"md5": "c4f3d0b075828d48593fae35d8092394"
},
{
"yara": [],
"sha1": "ca7635bb9bff7fdafc58c73a26ad944330072653",
"name": "e5be1484d4f75382_family-32.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-32.MSK",
"type": "data",
"sha256": "e5be1484d4f7538204b4428c47f48502220aa10cdeff3c54257ee9f689c2f003",
"urls": [],
"crc32": "CEBAABDD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e5be1484d4f75382_family-32.msk",
"ssdeep": null,
"size": 4096,
"sha512": "fe3eccf4543a876fcd00e0b0fa2195188841624ad0803bdc02c8365a1cfd7089991c7550493ae5414b8e3db3a104c570592980bd5638d11554e5c5f53c7d70dd",
"pids": [
2504
],
"md5": "837c80eacdcf1fe4857d527314d977e9"
},
{
"yara": [],
"sha1": "adc64970430caa3e69fec40e15e5a03a7dcc2a37",
"name": "64855a68fb78a86d_family-20.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-20.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "64855a68fb78a86d834f972be9a414fdf86981bc856fec6b5d8869127d120ce4",
"urls": [],
"crc32": "9830C008",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/64855a68fb78a86d_family-20.dds",
"ssdeep": null,
"size": 65664,
"sha512": "aaf14ed3669e7dc3237132a80f0c63839cbd52d454b487a2684ed69e6ef40383881af9a9912b90159783e41149826f8c010fc848a3208f4d15a9a3052fac2780",
"pids": [
2504
],
"md5": "01adf31e30d3ac13a0359a6d5894cc51"
},
{
"yara": [],
"sha1": "8b3b150bd5c11fe56bb9247c7671c59b97e38fac",
"name": "cbf4183f5e05760b_fam06-36.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-36.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "cbf4183f5e05760b3ca6b5339569d22d4e0d36974411edc9644bc345bf365e1d",
"urls": [],
"crc32": "ECC5C0C2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/cbf4183f5e05760b_fam06-36.dds",
"ssdeep": null,
"size": 16512,
"sha512": "747e88c9b562225c8daaffa7dfd48080d22d5685f4f96ec6880e0b2ed4d3645d0f719ba11b6945b32fc25eedca6abc2b309e6304f1cc755f88e0b739dd6395e2",
"pids": [
2504
],
"md5": "9d02d5f155e10fb1cfed5084ffc0b4a9"
},
{
"yara": [],
"sha1": "d33aa3b1504e28a06cd8b26020b49bedabc13dda",
"name": "f0b5c8d2e44cc407_family-26.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-26.MSK",
"type": "data",
"sha256": "f0b5c8d2e44cc40760f226d66d276b91c96d6437d4d0f8218a497bd94f4693ce",
"urls": [],
"crc32": "FF318B9B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/f0b5c8d2e44cc407_family-26.msk",
"ssdeep": null,
"size": 8192,
"sha512": "ce8e16c74562df2852bfc9c04144e492201b39534239e4c20904a17e11ee45dd22c942f6abe7daa47e05658c620a004b7bac8fda45abeec627b0e29b50dbe82b",
"pids": [
2504
],
"md5": "d65a9074616af364c20fddfee5f7b90a"
},
{
"yara": [],
"sha1": "6f5886f8f77e6eda09ff9c91b78ca75027130d31",
"name": "980572bcb766fc86_nh03-03.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-03.MSK",
"type": "data",
"sha256": "980572bcb766fc86b577b8112fcfc8feb8b877ff9d0f5051d30d80a5a76f8512",
"urls": [],
"crc32": "382C2526",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/980572bcb766fc86_nh03-03.msk",
"ssdeep": null,
"size": 32768,
"sha512": "c04e5c636274b07ede800fc7b99c950e1d69f1dea41a83ef5822272f6436c4f3342f7e9f9e20071c578e2fdd9c10df3a8769af399b4ca97de1529c61cbfd9dfb",
"pids": [
2504
],
"md5": "a98f2c47d7eb561e8f44a2a36e8973c8"
},
{
"yara": [],
"sha1": "7b9421b605ca35876201430a65cb301c110537e9",
"name": "64897610eefda553_fam06-76.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-76.MSK",
"type": "data",
"sha256": "64897610eefda5537e1be9501b6e8b3f6eef4aceb6acc3ae0bcdc7f99a059214",
"urls": [],
"crc32": "E09517FE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/64897610eefda553_fam06-76.msk",
"ssdeep": null,
"size": 2048,
"sha512": "b780f220090362f638f4049634d880c6089c181b789efce605f8fb547c5f6d2343dfb7c2d08816eec41f91837c8b18da1f73c5b450b566f6b52a10831f5d9aa2",
"pids": [
2504
],
"md5": "36857f36bbac6a2be8fb19164bdb58bc"
},
{
"yara": [],
"sha1": "1be6d3a9fb1c1e0240183d85855b0c4c02ec7a97",
"name": "b9260397114df6d1_fam06-74.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-74.MSK",
"type": "data",
"sha256": "b9260397114df6d141959c90548ee08fd3d4b19164114198751cc1ec357b38a3",
"urls": [],
"crc32": "A5F5499B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b9260397114df6d1_fam06-74.msk",
"ssdeep": null,
"size": 512,
"sha512": "6f9eff17ddfe7f8fcfeb3026d6171be145c5744a9c846413077fe251ea85ba2c6f25e9653c05fb417d7b0b36627d476423e5fcefbd9b5f39f3240082bfb5c9fd",
"pids": [
2504
],
"md5": "dd08ebc811bfc49cee0e36f2f24e074c"
},
{
"yara": [],
"sha1": "7715181898b9589eb15e66b10dcfaab04d3f8682",
"name": "98e3e6289208dc4c_fam06-73.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-73.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 64, DXT3",
"sha256": "98e3e6289208dc4cb7345d4550a37f442fb38cec8e2b733b77d0bf94ec16afd1",
"urls": [],
"crc32": "02331FDF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/98e3e6289208dc4c_fam06-73.dds",
"ssdeep": null,
"size": 4224,
"sha512": "e56868a3ddeafdd2443a2dde5d76135afa1d734378b78297b70a7f86355996fc512fbed06452f3abe57703da83d9c3ca95393bfe36a03ed82562319e76e376c4",
"pids": [
2504
],
"md5": "b335f47a421d447426c063a38def5455"
},
{
"yara": [],
"sha1": "05394b13d6c4170e356211ed3c1b309604e00335",
"name": "2c716909b3fc2f8e_fam06-72.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-72.MSK",
"type": "data",
"sha256": "2c716909b3fc2f8e443af8bcace1f7a8590703c83faeb13256d27aaa60950f30",
"urls": [],
"crc32": "2922788E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/2c716909b3fc2f8e_fam06-72.msk",
"ssdeep": null,
"size": 2048,
"sha512": "0459d4a087c0e365e5ca542fd481217f36ae7506720bc8a2e6c54310adcbed0ae6c1aee0485f8294bc792b715a558594c7824e006a8d86d80e172affd6100eef",
"pids": [
2504
],
"md5": "71bd9eafc84980f6260fadcdbbb47fe7"
},
{
"yara": [],
"sha1": "87443f814b59129ec0b821acce310be84963e06e",
"name": "68e9362c8703d63c_nh04-04.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-04.MSK",
"type": "data",
"sha256": "68e9362c8703d63ca887b98ae88bc9b804a18f7d277108fff099f75cecca7253",
"urls": [],
"crc32": "E5003629",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/68e9362c8703d63c_nh04-04.msk",
"ssdeep": null,
"size": 32768,
"sha512": "22536ab0fc720f15eec45cf4355ad6a9be4411f767bbfb9de5ab8c4a438c51e9f51cfafc908412f98f7fe6dddcfdf206c48adac3751a20cfc595aa1c8568b7ab",
"pids": [
2504
],
"md5": "b0015e474d016e72aaafc7efb835bac4"
},
{
"yara": [],
"sha1": "d2d0d5a416a71ced30b7835afbc1f6b755aaa3b8",
"name": "e880525ab73ba12b_family-34.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-34.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "e880525ab73ba12b428bef98765f6f089fcd82738951775849f0f138f7f013eb",
"urls": [],
"crc32": "DE7C3389",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e880525ab73ba12b_family-34.dds",
"ssdeep": null,
"size": 32896,
"sha512": "97f70e84955dec1e59677c02d70a57212711a99310b865479df4106f11f0247d5b3b848cc947415e72b8689ffbf840230c8a6a69e2ef23ec5af9ec2dbde514fd",
"pids": [
2504
],
"md5": "49707c15cbc9c069a68f204e874841e6"
},
{
"yara": [],
"sha1": "d52c096afe6d020a9c11777e1f3731eabcafc04c",
"name": "399be638c576d957_family-02.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-02.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 256, DXT3",
"sha256": "399be638c576d9579b34ac8821661daeea0aae9d191e6e0a1ada5d78bc5c5788",
"urls": [],
"crc32": "D794C74F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/399be638c576d957_family-02.dds",
"ssdeep": null,
"size": 131200,
"sha512": "bc99e055226acee38dc01559144f01a938b173b5ea6855310abc75f8531528f162f3c4b180bb71861e3a609945cd9188bf266320dd6c8dcc40bfd94b368a4d06",
"pids": [
2504
],
"md5": "465023fd620711dcd1abf1446957c0d9"
},
{
"yara": [],
"sha1": "8e10167a2a18c19b1270ff95cf6ad48035e63406",
"name": "d93076e9a5d96024_fam06-18.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-18.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 512, DXT3",
"sha256": "d93076e9a5d96024fcbab67e8639b19ffd99fd001ea730c8bd3352ace39078cc",
"urls": [],
"crc32": "EE627627",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d93076e9a5d96024_fam06-18.dds",
"ssdeep": null,
"size": 131200,
"sha512": "ad72f73c1bfcdb96e4402f7674539e4deb5c7521ce64fc35b37abd29ab02066cfce09f1fab861f800c0a3e20b78a2e7efe48fd63accda5021b9441994cb4ed64",
"pids": [
2504
],
"md5": "f5ba5c900a3431268169ef51b2dddde5"
},
{
"yara": [],
"sha1": "3c49a9244cbc11c99d30b4a179bca0449e2e9697",
"name": "76a6ede8ed907592_fam06-60.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-60.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "76a6ede8ed907592a5825bb875dfa632e1b665844ed60f2c98728e5414d351d8",
"urls": [],
"crc32": "0733B70E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/76a6ede8ed907592_fam06-60.dds",
"ssdeep": null,
"size": 16512,
"sha512": "37db6d748e5d674ebee7ba563494a95742d9ddbeac0b2e25595e60fc93868f21e091142808200e8d2c2a6eddd7c81fdc37eb44f108ed6f8527388f9bb20a0c9a",
"pids": [
2504
],
"md5": "e0091398f4621f030b48de411e72b6d6"
},
{
"yara": [],
"sha1": "b2c40f83b4b4694ff09636345d36e86dbf5f0626",
"name": "ddf9e9bc138eed32_fam06-75.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-75.MSK",
"type": "data",
"sha256": "ddf9e9bc138eed32ee4ffafa458042fba8c9652bd24a4a7963ddcb92c496bf65",
"urls": [],
"crc32": "B78A5C92",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/ddf9e9bc138eed32_fam06-75.msk",
"ssdeep": null,
"size": 512,
"sha512": "ac4a68ba5a72b71291ea08dc33fd93fab27c21d790e8a3306b29f2cb85a9f3ad2d00aac6cd5a61cbe369367d1fd49f0547c0cdb5cc7bda590dfdc5f3aef2c545",
"pids": [
2504
],
"md5": "a5f2ff316d1e2c593e11ff845035edcf"
},
{
"yara": [],
"sha1": "ee68ffff555d7834ea5e8791ae72b358839a3282",
"name": "1a5ab72e2019677e_family-15.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-15.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "1a5ab72e2019677e3fecffb137d6b25ea12e17317bab76ff0626edcf7bba9bb8",
"urls": [],
"crc32": "AFE894B5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1a5ab72e2019677e_family-15.dds",
"ssdeep": null,
"size": 65664,
"sha512": "2a34a23abf0715acdfcf46ea7b5a6162e7d87d00e0c41e536c97a665691c23fa5f87b9f168c2ca3a30768fb0c20f6a09884bc90cb44fabaedfe1f108d6e56051",
"pids": [
2504
],
"md5": "5c08c335154f7919369495fe2d7cb1ab"
},
{
"yara": [],
"sha1": "94bc1f34164e95c2e8d03a795ccba162488570c5",
"name": "c6d2b7b6cc185e5e_fam06-26.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-26.MSK",
"type": "data",
"sha256": "c6d2b7b6cc185e5ecf579e0dc95f8f01d256f5a7c802a8bdd66e2e8d36c01e33",
"urls": [],
"crc32": "8E329395",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c6d2b7b6cc185e5e_fam06-26.msk",
"ssdeep": null,
"size": 8192,
"sha512": "205f2583d0b9b56feb0982641ed5d6482bb55f8d272880c52fe5b754c407ba175eff9fb7958f5aa17bd7764e384b05acf8126a95b7b940740beb5859219e5a53",
"pids": [
2504
],
"md5": "018c952f098c82348ee0351744629493"
},
{
"yara": [],
"sha1": "137d7bbce4912139a5d94e8a4c56e7f4036761fe",
"name": "edb0490fcf4b0103_fam06-06.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-06.MSK",
"type": "data",
"sha256": "edb0490fcf4b010301ff775f99ab96d82d41b847dde1e50694c5140bb3e8f454",
"urls": [],
"crc32": "F7E780E1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/edb0490fcf4b0103_fam06-06.msk",
"ssdeep": null,
"size": 2048,
"sha512": "6416def6f9004af046bb2b444f591244922044f4812c260fba3be89c57a9f3a4a472213a9e43daa5536bddaddf1b08811491918447caf7bd467fe801eaf6775a",
"pids": [
2504
],
"md5": "747af40e094e6522e2ca85e89238d1a4"
},
{
"yara": [],
"sha1": "d9935e84bd763cd4b8be14cb7861f1266f659f31",
"name": "a73060afb61efe1b_version.dat",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\version.dat",
"type": "ASCII text, with no line terminators",
"sha256": "a73060afb61efe1b7c817645d00c342df02407f65435a64c88d251d56150ff42",
"urls": [],
"crc32": "88CA49A7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a73060afb61efe1b_version.dat",
"ssdeep": null,
"size": 4,
"sha512": "eaef1eb5700988ddbf1f5ebd0e41b89f120cf454248978f0fe936d0924d6eed2413320740ce06669a16e34ae9167c3e0f670dad92289207517ce267201be89e8",
"pids": [
2504
],
"md5": "3806734b256c27e41ec2c6bffa26d9e7"
},
{
"yara": [],
"sha1": "d353645c45e0b930b14a3770bb734b2a9b371269",
"name": "76bf9ac1db0fb57f_family-31.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-31.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "76bf9ac1db0fb57f442759422f112cf6c0f7a67b5d8c9663d3cb8c4e2ede7aea",
"urls": [],
"crc32": "D86473F7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/76bf9ac1db0fb57f_family-31.dds",
"ssdeep": null,
"size": 32896,
"sha512": "8652b83544e48cde32d439b42c3c9917f7ba90d7f4948b7f5dd21e45dfd7b28b1a081d7b2d6ba06bf66b94657f0b7c7d45cdc0acfa54ecbb39d912eb921b62cc",
"pids": [
2504
],
"md5": "ddd3b2fe10071c27ba641985ff1156c8"
},
{
"yara": [],
"sha1": "8007b78ca72765936576ea07925eab8c0d29fd8c",
"name": "22162ec4da4f2aee_family-05.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-05.MSK",
"type": "data",
"sha256": "22162ec4da4f2aeefdaad2cddc75d1b56f20712cb5ef1c4e0f524594507f92b9",
"urls": [],
"crc32": "287457C1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/22162ec4da4f2aee_family-05.msk",
"ssdeep": null,
"size": 4096,
"sha512": "b3332f24ba82253b2399db0568b1e9e4b638968e24539e68ec9bd8da45f9ccafd22da4a092e3a2e15b7a072b44fc452087754c4aa55b621c17efcd7dbb9a3c18",
"pids": [
2504
],
"md5": "d3a40d404ce926000bc460dd8f3a8c6a"
},
{
"yara": [],
"sha1": "d4c8c4f7e11eaba41c38c2d96197699cc6e5d3e1",
"name": "bf6b717ef1a6d44f_family-26.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-26.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "bf6b717ef1a6d44f610f30d106551091fe111bba722742698d325276a1875762",
"urls": [],
"crc32": "77F448AB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/bf6b717ef1a6d44f_family-26.dds",
"ssdeep": null,
"size": 65664,
"sha512": "a389fb268fca238f72b1d40bd5c24eaa1784eaa9aeb4008e79a6c0fd83023493827048ba05e4af6eb12dee1376998bd0c8467ff5be94df7fd3f9a3c72c89ea3b",
"pids": [
2504
],
"md5": "8af96d0e99dc9649076ca99a45eef4a6"
},
{
"yara": [],
"sha1": "030411d44018d60fd59b8c9d75abccdb17288d82",
"name": "beeac19a5cfe7902_fam06-06.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-06.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "beeac19a5cfe7902878c8e2144bcbed8ef4fafd89347893570356971d42fc5a7",
"urls": [],
"crc32": "2DAC9A6A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/beeac19a5cfe7902_fam06-06.dds",
"ssdeep": null,
"size": 16512,
"sha512": "7ded6519269971c72e64530e89bb0ff96032c652f38cbae196d923fe114fd9768239c7293da2bca30dec0130bb2a6844b739b935364d29311fde3515f9d57431",
"pids": [
2504
],
"md5": "bc419c962f0ca4a68413a928a9fa1203"
},
{
"yara": [],
"sha1": "ae39e79f9eb1cd393689f241d8229d10e6b1b91d",
"name": "d23357eecd185ec3_fam06-66.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-66.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 128, DXT3",
"sha256": "d23357eecd185ec30059a04a2e049a76b63d7dea87183058097e33a320d726bf",
"urls": [],
"crc32": "44C59225",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d23357eecd185ec3_fam06-66.dds",
"ssdeep": null,
"size": 8320,
"sha512": "f8c3504414dc3c47bc0455507911d1a37877a0342797cb462dd06d64210811f1b3690a29ff71fadf88f0b52764f4e0b3f0f433401c00e42ecba868c75862045a",
"pids": [
2504
],
"md5": "46d6c27efe1df49b22ecd286b5a0ebce"
},
{
"yara": [],
"sha1": "c483636f85284b7e7ec632cdd7e258612eb89621",
"name": "7108ff16faa163d5_family-33.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-33.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "7108ff16faa163d5e99391b1f6248742a65ce66f43647835eff02de774366048",
"urls": [],
"crc32": "15F35F62",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7108ff16faa163d5_family-33.dds",
"ssdeep": null,
"size": 32896,
"sha512": "7a01ecb752c63c6941ece67836db386ffc48035659f52b3a20be965fb2b3b000a71d05052110373e6842c8d1de9572451ad46afd0c8297ac15ca7ea144683182",
"pids": [
2504
],
"md5": "ee630ea461384d0a50acebe71f4cbc7f"
},
{
"yara": [],
"sha1": "b13bbb1a7ce745878c746460ff0e09630bef3df1",
"name": "a6aa137d5953c819_fam06-14.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-14.MSK",
"type": "data",
"sha256": "a6aa137d5953c8191e4c2333d7374e6cb228d91db78aea0044ea010f14748a9b",
"urls": [],
"crc32": "0FD4824A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a6aa137d5953c819_fam06-14.msk",
"ssdeep": null,
"size": 4096,
"sha512": "7b2079ff6250cb870a9a48e9f3dcff72db7c49860bcf68fe45cc08088db2f8cfe070e472b20da1c1035289259008ced28e5dc33697107e94ea66989131a05df4",
"pids": [
2504
],
"md5": "b086a61df9d00fe194bff186ce537237"
},
{
"yara": [],
"sha1": "ab722ba154dcca5f19fcf1e39cbade92d4dd5191",
"name": "689261c02596c00f_family-34.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-34.MSK",
"type": "data",
"sha256": "689261c02596c00f96b02eb83b668f73cb6b0ab91dde218a7e4a94caba239c2e",
"urls": [],
"crc32": "E453811D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/689261c02596c00f_family-34.msk",
"ssdeep": null,
"size": 4096,
"sha512": "463ec433167a6720964e2ea51d5b1b9da4675394ed22e74b43e212ac07283d0bd5b56b9d11d418a7a0128f20f28304e10aea59a49aca45c4cafdb7b86bad0f7a",
"pids": [
2504
],
"md5": "f078c4955de6622427ffc25093075399"
},
{
"yara": [],
"sha1": "9f73c5b2b93f7f01209a0e4a20f08c80390b6619",
"name": "601782872393fe23_fam06-69.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-69.MSK",
"type": "data",
"sha256": "601782872393fe2312b39bed28a757b80c3ba6eb868222350f30b590ec30b074",
"urls": [],
"crc32": "CBF46B34",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/601782872393fe23_fam06-69.msk",
"ssdeep": null,
"size": 4096,
"sha512": "930b26e6f4d8750178650108fb71b6050d188ac84e478f09d10f66cd460c6b5b6537e53d2fdd99b3cc5396af90a719c830c61c4d0b98843497d74feb3725c26c",
"pids": [
2504
],
"md5": "0718cc1aabde9466d31a4ad29741a715"
},
{
"yara": [],
"sha1": "aa8255cb8713b42073c61229394c91c32b756996",
"name": "d6d215f8cec14f2a_family-18.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-18.MSK",
"type": "data",
"sha256": "d6d215f8cec14f2a64a216f18555ab8f6f04c1d4296c0cf1a381d6cfde1e6f26",
"urls": [],
"crc32": "DB268CC0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d6d215f8cec14f2a_family-18.msk",
"ssdeep": null,
"size": 32768,
"sha512": "1f69c05d1995f663a603faf5c782b90d40f9513d29cbb63d719a04c46435215afbc6fc073effaac567dadca9547a7e12ce32b84b9a6fedaf586a7c3e41e5f9b9",
"pids": [
2504
],
"md5": "8d0e25c74c30c9dee7ba1264eb707b3b"
},
{
"yara": [],
"sha1": "e47b41f9668815410293c8eb9b7ebaee42115f2f",
"name": "459683c90d049404_fam06-58.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-58.MSK",
"type": "data",
"sha256": "459683c90d049404875d98dfc9b6fee7a1a2fb9c99fc6c565d92b506bf2f847c",
"urls": [],
"crc32": "F6574274",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/459683c90d049404_fam06-58.msk",
"ssdeep": null,
"size": 2048,
"sha512": "2ece85c47eb1d2f6cf1531b64aeadddff65016489fe873ae491c229ae5025b7fa58537af6c1ef50c77becb23a61b5ae30e32bff02666fa1e8daf6c674570e6f7",
"pids": [
2504
],
"md5": "a9145121a7d54c862b56678d685393ba"
},
{
"yara": [],
"sha1": "f94a2a4eb262d308703088bcaa0e7d9c7843c1e9",
"name": "3a07aec05d0e2789_fam06-29.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-29.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "3a07aec05d0e278911a469740b94c2144d0536f6f96f9d8c10424de90a81522b",
"urls": [],
"crc32": "F7B840BD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/3a07aec05d0e2789_fam06-29.dds",
"ssdeep": null,
"size": 16512,
"sha512": "d52d76c58a2d051aaa97c45b28ccfbaeb713bc4304cde3fb4525be15c2148b6b186d0472f2760f6a1323e10fc9b1e9cb8607170591d185f04add4983d5a0c984",
"pids": [
2504
],
"md5": "ec2b1e28dd3d008fa5ebd3d7e7e9f822"
},
{
"yara": [],
"sha1": "de3a2df3ca0e92eede86aadd87dc11f206399fe5",
"name": "5259f8d1d1200c7f_family-21.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-21.MSK",
"type": "data",
"sha256": "5259f8d1d1200c7fd16043b8aa90d566c799ca5a6a5f91c7dc0f66d7dd0ce2d0",
"urls": [],
"crc32": "9F7F4BBE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5259f8d1d1200c7f_family-21.msk",
"ssdeep": null,
"size": 8192,
"sha512": "36e30f3eded52e6fc11ada2871340ff257509f15cd6d06339ca0a432fd5238822cdc16e20a108d3a7086ed0a874a7075fcae674f5f9d97499e3ee145bf4ca87a",
"pids": [
2504
],
"md5": "f288e518c540fcc453143f26df3965a5"
},
{
"yara": [],
"sha1": "a89d023b270bbd8e53da0a271fb583561c0f359f",
"name": "ad15c797ec054b3d_fam06-25.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-25.MSK",
"type": "data",
"sha256": "ad15c797ec054b3daa04f839bdca34fad9e8717d0686df765a093f61dd834bfb",
"urls": [],
"crc32": "D44F707B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/ad15c797ec054b3d_fam06-25.msk",
"ssdeep": null,
"size": 2048,
"sha512": "a62e9c9e3aaf4a88565c055b8d6fe01f056187adf1f15ffb73a531d61bac2973d639039a75bb7e726b92f9a495253b4aea8e45d0d360d782daf0b0464cf3bcfd",
"pids": [
2504
],
"md5": "7f08e19534a1d400abfc221a9f39782b"
},
{
"yara": [],
"sha1": "1ebe9dbaec458c2f585c95eb7142c1d47617fa09",
"name": "9bbb6df37ed6f332_fam06-74.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-74.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 64, DXT3",
"sha256": "9bbb6df37ed6f3320d774d97cc37722bc23912190b10985717c0a21ac30cb269",
"urls": [],
"crc32": "60618A27",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/9bbb6df37ed6f332_fam06-74.dds",
"ssdeep": null,
"size": 4224,
"sha512": "c45f67346d700dc6a1419bf0a09dec5937f721f0a1146c7baeac26d3eef0be61dc6dd614bac701d5f2b8eda8d52e7f742f95915e8d75379e9fac246886f7c391",
"pids": [
2504
],
"md5": "2fcf82c6ab017ebc6a240abfc56262cc"
},
{
"yara": [],
"sha1": "2775f725819173cc21236153582c5d1f7427fbb8",
"name": "7452b36a492c6652_family-39.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-39.MSK",
"type": "data",
"sha256": "7452b36a492c6652658d8c7a643070efc5cf7d0048a2587a2430703f13fbb89a",
"urls": [],
"crc32": "530D21C9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7452b36a492c6652_family-39.msk",
"ssdeep": null,
"size": 4096,
"sha512": "0518a69defcb687096b2dd7419ceac566b42044ba9e20d90f77c0f49d6af3b79161249b0815123489d1712be1c6c65dd8eae6c52ee6035104cae0d9741d15b31",
"pids": [
2504
],
"md5": "be183a6c0fb26306716044b31b6a0bb7"
},
{
"yara": [],
"sha1": "a8917f561e0be9232aac5e4a32878312722304ea",
"name": "c2f13e393baffa70_fam06-43.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-43.MSK",
"type": "data",
"sha256": "c2f13e393baffa70eddccc6d44769905e6ddfa218372e6abdb8366ed96c37292",
"urls": [],
"crc32": "AA08232C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c2f13e393baffa70_fam06-43.msk",
"ssdeep": null,
"size": 8192,
"sha512": "f027ca0d352d460cf1ffa12c03ef7b2babef476148407ba4b18e016c3ca3c8442598d88ce5702a2eddb3bd9b3923ab7f21d94ffbfb70597dad304f2d0224d7b8",
"pids": [
2504
],
"md5": "fb2eb6d358e799d6842fc0b54405ac2b"
},
{
"yara": [],
"sha1": "728636c2e939c844997f91cc020a409d0a4a3f1f",
"name": "2fd573ac2e89064c_fam06-07.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-07.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "2fd573ac2e89064cc763283785c56371951516c244a663a5a1834251c2f4c24b",
"urls": [],
"crc32": "8E44492E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/2fd573ac2e89064c_fam06-07.dds",
"ssdeep": null,
"size": 32896,
"sha512": "30bdd4290094ffc2d87398129a832f811050df9181fdccb9301bc7c42320c643ee603d8bdf7a4e945cf81869ee8c41e94fb24d79e554dc874d474a00c1f19c81",
"pids": [
2504
],
"md5": "b7f9d23f7c8bbcf45bc9d4273b15568e"
},
{
"yara": [],
"sha1": "ea28a702ead0a6dc8c02f411d7521218f530f6ef",
"name": "998370c7c94ab40c_nh03-01.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-01.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "998370c7c94ab40cc20f4473f7a18c5c03f1bb6d8c5f251b86cbbf944d3c071d",
"urls": [],
"crc32": "37A56FA0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/998370c7c94ab40c_nh03-01.dds",
"ssdeep": null,
"size": 262272,
"sha512": "3d2f7d77da46de92c0c8da03f751e6230a6748819a23bfca194cce7dcb7884f44a0953f3df2ef357c0fcbc8850becba9e268ebb15a9ab98e11d988b5e1cec9c5",
"pids": [
2504
],
"md5": "f1d1b110de28cf3a6e9c97ca81eb4fa9"
},
{
"yara": [],
"sha1": "89cd2eded68af61be233ccc84d593c426cb5c541",
"name": "cb82d9b17bdd75a9_fam06-51.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-51.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "cb82d9b17bdd75a92cb1facafbfb2a2e62106b30c5742b7cb6317cde1e91013f",
"urls": [],
"crc32": "6A365E22",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/cb82d9b17bdd75a9_fam06-51.dds",
"ssdeep": null,
"size": 65664,
"sha512": "e1d0beb2bd4ca3c85f66e24ae1a3f3b095930e953808caf45dbd6c9876ce936b15fe6a928c9b1ae367ba50358ffa606733765eddee2a41c9b745befef835d0cb",
"pids": [
2504
],
"md5": "b1482fd7bf6ec7042ae68e09be4a17b7"
},
{
"yara": [],
"sha1": "812eba99b6ae7d16655ae559b351f156f4aa3351",
"name": "f0ea7f73be63438f_fam06-32.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-32.MSK",
"type": "data",
"sha256": "f0ea7f73be63438fe78321e680eff4cff1e5831f666827c0ba66bd2d068a591e",
"urls": [],
"crc32": "AB2FF4BA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/f0ea7f73be63438f_fam06-32.msk",
"ssdeep": null,
"size": 2048,
"sha512": "6a65e9140e8a9c78de9a9e4b29068f7cb03f9a10e8eaa601621830026aef024783911cdef9d6ae3558ee3b2588488655a1db3e3b607524853b9536c702482d64",
"pids": [
2504
],
"md5": "30aa83fa74da1573f762b5d4120af713"
},
{
"yara": [],
"sha1": "2eca383f2b896a52d8594032388dac0989740368",
"name": "d114c1e515e3beb0_family-41.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-41.MSK",
"type": "data",
"sha256": "d114c1e515e3beb0e593639cdb251bcbac20a587a13b818d8c2ef5709e029eb5",
"urls": [],
"crc32": "D0E48E74",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d114c1e515e3beb0_family-41.msk",
"ssdeep": null,
"size": 512,
"sha512": "7ae9bf52e933aea9586a67558badfe8685a82864aa28b8b3ab5215d36f66599e3882571e87a999176b0b4433123cdd12840375ef1726fc588eae92b516a860f2",
"pids": [
2504
],
"md5": "b3a8ac3b7e3985fc0f77ba39ac827f28"
},
{
"yara": [],
"sha1": "013578a49df4fab5192414da5d0ffb6943bb5a32",
"name": "164b1af6f0500424_fam06-39.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-39.MSK",
"type": "data",
"sha256": "164b1af6f0500424074b6777de29a2505d1786bca6537ab6097a737243c87d82",
"urls": [],
"crc32": "E1A01696",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/164b1af6f0500424_fam06-39.msk",
"ssdeep": null,
"size": 4096,
"sha512": "201c003f285545ee4f0cc302ea78c900ad52597d1313e64113421956ec168c06ac0825493b5e0fe7569e8a098e32949ef7694243506c38184bd0bfcf0daea277",
"pids": [
2504
],
"md5": "74fbae3a2450845bc6d0566ce62f1be5"
},
{
"yara": [],
"sha1": "d3e2da5d686a4a8915edaf8f7c5fb37c78e332ba",
"name": "0c40993e518f40d7_fam06-37.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-37.MSK",
"type": "data",
"sha256": "0c40993e518f40d77a9ca9b50ed3e89c6e55e57332a2d18a832f00a783b11f37",
"urls": [],
"crc32": "2D497A35",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/0c40993e518f40d7_fam06-37.msk",
"ssdeep": null,
"size": 8192,
"sha512": "6ef35789ab3730ed097341a09b643ca044cf5931ad24f6721a714fc9750e8e9f170f59cb7a1d62ee760187a1c58b949004187b828d82085a720191c8bae1e25f",
"pids": [
2504
],
"md5": "c6c3f5f4c6928069b920080e101c1512"
},
{
"yara": [],
"sha1": "985196b7ceac8e15a55c45ec83002b292fd547c5",
"name": "4065d0b86b04b176_winjlejgt.exe",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\winjlejgt.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "4065d0b86b04b1765c8762f06c49d52620def0efa998d3d3c5634b1e01513321",
"urls": [],
"crc32": "6AA9F1B2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4065d0b86b04b176_winjlejgt.exe",
"ssdeep": null,
"size": 66561,
"sha512": "a055410232d4da1be044ee3652359a15f1406542a79cf0be81e083240488245fce69e2fe9d6002da0b6f4cb2c13b7c978a1cb15354deaa30db1d1e22390a772d",
"pids": [
2504
],
"md5": "28c238b093100c7a52923a4c1d232e57"
},
{
"yara": [],
"sha1": "bd7b798009a9a50b307e21e1d5f4a8a0e7332aa7",
"name": "5ddbd79828ffb413_fam06-35.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-35.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "5ddbd79828ffb4135f2480a8922f6f660a211201fcebeb1763b4aec4b2529f92",
"urls": [],
"crc32": "31978402",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5ddbd79828ffb413_fam06-35.dds",
"ssdeep": null,
"size": 16512,
"sha512": "0192343412331d60544ac38bf26f3ab8bc84e93aac33c5613015c99eb2c132c37f6a3bb5f388b25cbe5264650f4840eb38d1256b2ed08534450d68339759395e",
"pids": [
2504
],
"md5": "f4a0b71344815bdea0a6f5e4060df600"
},
{
"yara": [],
"sha1": "76ee23f86e4ad02bda1fc9a715a7904cd3642a27",
"name": "56cf556686f28179_fam06-69.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-69.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "56cf556686f281798b073a919b2c1c9c1ce531cc794a16189bb505d77bad1c79",
"urls": [],
"crc32": "8902E2CE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/56cf556686f28179_fam06-69.dds",
"ssdeep": null,
"size": 32896,
"sha512": "c53145405945ae724302a25e3b2b5b9e2e735d39003314f90f2651850b3e32570891c0a0488062b1d6e8e8fd6ec65780323bed366a7fb0d7e9c4d7e597584fa1",
"pids": [
2504
],
"md5": "66f8481a0e0b68d5498c3f984681665c"
},
{
"yara": [],
"sha1": "79e24b769669e5c6da396e99bb18f068a793b0d4",
"name": "12eebd3cfbee0ccf_family-16.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-16.MSK",
"type": "data",
"sha256": "12eebd3cfbee0ccf3c60f898b3e5435d9983b4a9f5a81002a0fdf1e653a45fe1",
"urls": [],
"crc32": "B8C9D5FC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/12eebd3cfbee0ccf_family-16.msk",
"ssdeep": null,
"size": 32768,
"sha512": "0235c776aa61ec095fdadfe19a7ae9a0ab5fcdf7a932dbef242176bd4bddcd17cc6cfd840adc50832623bcc30cda1a6d60e8d3b40ee261f0668a542325ee3e8d",
"pids": [
2504
],
"md5": "2b2d45d0a0639f65a4c023bc621193bd"
},
{
"yara": [],
"sha1": "5979f010a33d7acb3d7b5588ca206e38708efce9",
"name": "d71de7699a9df76b_family-35.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-35.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "d71de7699a9df76b249c62f675aa9067185c6cfae3f6faa0f02b7e5b95918e89",
"urls": [],
"crc32": "896429A0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d71de7699a9df76b_family-35.dds",
"ssdeep": null,
"size": 16512,
"sha512": "a5c1097f04f310d4537785e716104a7998782081b45a85bae51b7f0605904817e8bbb2d7abfd8601cde7ff53c58c38c8e9811e6329d139c03ca700144d83cc9b",
"pids": [
2504
],
"md5": "189d557da78438c20cfa8b7ca7f720da"
},
{
"yara": [],
"sha1": "a6ab65f201d9364b0550a55931c9e04b75c5ecb6",
"name": "1b74285f7ab40ee5_family-27.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-27.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "1b74285f7ab40ee55d33aef1e53b23c43800b1886b94b215aa3b0b1c52bc4eac",
"urls": [],
"crc32": "6FD511B5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1b74285f7ab40ee5_family-27.dds",
"ssdeep": null,
"size": 32896,
"sha512": "acf18a9405cf2e08d46dd1a5a52e14c82c7154ff28986c2645c39af71162a005bda957ae4d2b7b45152321265cd6369f50bb482a580446771f3ae9362a4f41c3",
"pids": [
2504
],
"md5": "8ac8f8641d2eccf196a18ea2e1d37664"
},
{
"yara": [],
"sha1": "ab4f1a04a38666ccb63485fedf588ab8ae27f193",
"name": "834a4e4dd8308ca9_fam06-28.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-28.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "834a4e4dd8308ca9312bb36ff79d095d35c3b442d23b324ad3db6cf8df12a6e6",
"urls": [],
"crc32": "7FB20C62",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/834a4e4dd8308ca9_fam06-28.dds",
"ssdeep": null,
"size": 65664,
"sha512": "ac2969d67203dcd3b66cd3b13b30fa73ad5abc01869e7711bda9e6d35496b15c27c52a26e19e25074b6701c38f6f0f089e716b8f4860dceb9766410d80ee0809",
"pids": [
2504
],
"md5": "889bd37e1b65da2862cbfa3931cd3f28"
},
{
"yara": [],
"sha1": "77c7b23c7f52ce302a6d05cde70a4afa4ac7c00a",
"name": "55780f0228d1b2ee_family-33.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-33.MSK",
"type": "data",
"sha256": "55780f0228d1b2ee2c16264abbddd098b6518cb7c43abae8b4390117c855b2da",
"urls": [],
"crc32": "46612C09",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/55780f0228d1b2ee_family-33.msk",
"ssdeep": null,
"size": 4096,
"sha512": "cdc13f8981d8168dd5df3127f552ca78d056cdfdf1e00c5ede9c81d47fb4bdb8af7f7b3fc7c68d387741a98555713d1d4c65091e995c16ca7b54f5780adadb05",
"pids": [
2504
],
"md5": "209b4cb04b030169e29fe37bf73245ba"
},
{
"yara": [],
"sha1": "17bdd42d5651572e64eddddd9e8b5417f8c4a49b",
"name": "4b5b0917aa032ccc_fam06-64.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-64.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "4b5b0917aa032ccc2c84b988083d8fccd7b8f27c648e348f9e5ea38ffa66965e",
"urls": [],
"crc32": "23B7B5C7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4b5b0917aa032ccc_fam06-64.dds",
"ssdeep": null,
"size": 32896,
"sha512": "a12a4c3279846a4edefeefa858f777d12114a8b9703d59fc29f340d82275b20b6ed0138b86db48775ee284e86538c1a7d379f313ee4bf2d4dacaada28109f777",
"pids": [
2504
],
"md5": "3a3cc3424af3b3e89c0517941caefc1c"
},
{
"yara": [],
"sha1": "de252fc8fdc72d6a2efa68f6fdb12d9a4a0ce194",
"name": "0205b9309f945ac9_fam06-38.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-38.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "0205b9309f945ac954301aae8ca870f2f0734496932120d5ea5db654679eb3d4",
"urls": [],
"crc32": "FB8F7043",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/0205b9309f945ac9_fam06-38.dds",
"ssdeep": null,
"size": 65664,
"sha512": "56801a64b08b033002726c2729cc289bbc5bb3ee4bfb8c0c93ec555c11bdf4321333f798bf7173ffe6a51a2d7409cb4405060c844229275add802290e3fa3ca7",
"pids": [
2504
],
"md5": "baf8e381168fd819ec428a912cb37c69"
},
{
"yara": [],
"sha1": "8ee779aa49ac464eb7525eb6150b2624374ce7ae",
"name": "64c49c10b803f75f_fam06-46.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-46.MSK",
"type": "data",
"sha256": "64c49c10b803f75fccfa4ec31ccaab3a6ce0f954c1747bbebcf36d153dcb1222",
"urls": [],
"crc32": "01F550C8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/64c49c10b803f75f_fam06-46.msk",
"ssdeep": null,
"size": 8192,
"sha512": "aa112dd391ea2b0420677e88fc29facf5113b72e5d9b623f58bd3ca5b88e9660d14e94939b07b820dbefc32ab90ffea98f5a29980d2c2ce42305134f1e7721d0",
"pids": [
2504
],
"md5": "bfe757e5a1813f046866b9aa5cb8b80f"
},
{
"yara": [],
"sha1": "a7a45a8eab48df9ad03cdeadb037ffaaf1ab5230",
"name": "16f0a3eb8a0ad95b_fam06-48.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-48.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "16f0a3eb8a0ad95b62fad9dba85292820c821dfa02e2500a0793eda1d911b06d",
"urls": [],
"crc32": "E95EAD4A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/16f0a3eb8a0ad95b_fam06-48.dds",
"ssdeep": null,
"size": 16512,
"sha512": "895ef4c834901f81002ddb177b6c8d97a045d297f7552e168bba5f771c1fc12c5e524e4676e3f2695b858cc05fba9312e1d92f2744b1c012d54bde34b27fef6b",
"pids": [
2504
],
"md5": "f30027d02605356aec6465b660d18d72"
},
{
"yara": [],
"sha1": "d7e990faf05c8cecf436dd96faa233435ab262fa",
"name": "d3493e03413267df_fam06-39.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-39.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "d3493e03413267dff10094c759704c42b72c75490e81e20cede042cdb65710e8",
"urls": [],
"crc32": "36028D59",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d3493e03413267df_fam06-39.dds",
"ssdeep": null,
"size": 32896,
"sha512": "47b5c43505b20bb9183294c5cc4e7b13f733a11486a71d3e19fdd24279cf322fce8fdc5b7834589137d26b6bc72bd1a84b85177fd22fc828f40a897fac75bf0d",
"pids": [
2504
],
"md5": "0dfdc94c1dd0433a406c480e89c5544c"
},
{
"yara": [],
"sha1": "0d7a84a5aed88a3fd467ce2f95e229ce7951c876",
"name": "556659eee443088c_family-09.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-09.MSK",
"type": "data",
"sha256": "556659eee443088c4b81f6982c57fc97163f55ced571f3d6678311e5f62cdaac",
"urls": [],
"crc32": "2C7AA559",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/556659eee443088c_family-09.msk",
"ssdeep": null,
"size": 8192,
"sha512": "c7d4bb8bea4a24f23bbcb60210a3e711a965b3ee8364196ecee3bd4200f432b4eec3545b33d56b3fdfbf5b7c64100472181322eba62f371a1519cbfdbdd1be28",
"pids": [
2504
],
"md5": "6d4c0a6308bd842483d44b768ec11f77"
},
{
"yara": [],
"sha1": "1992d46c00adc11c5abca4c57ff5d23c0e3a2285",
"name": "6e5761776756933b_family-08.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-08.MSK",
"type": "data",
"sha256": "6e5761776756933b56d40c843eaa523aadc4fc33ae26ee055150a4719a2a3e48",
"urls": [],
"crc32": "80C6A256",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/6e5761776756933b_family-08.msk",
"ssdeep": null,
"size": 4096,
"sha512": "61acd85fae69e5766d1b7c5e6aadac76335941f670c435b7941c0d0c5be8c533905f1368fe7b64cd99f372e01f6a08790ee65cf97df73fc9ddd93f3dd4ecad29",
"pids": [
2504
],
"md5": "53afb543f3959af84a578ed732e4289b"
},
{
"yara": [],
"sha1": "d6bc779a8fbdc3f3e018c93a6629fe051b58fd8f",
"name": "a052fc5b187bd30a_fam06-08.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-08.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "a052fc5b187bd30a0e36c144c33166c36fcb9904f6d310b44aacce3912d8a18b",
"urls": [],
"crc32": "0D01383B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a052fc5b187bd30a_fam06-08.dds",
"ssdeep": null,
"size": 65664,
"sha512": "78e9ba610c98f34d7d59ad5e429805c37c663b7668a22087be0aa66461afa99192d3fb47477962181514b3f50c08ab474acad0511c2b62205e4a2763ef7079cc",
"pids": [
2504
],
"md5": "42848b2b2618c0fe224d353a1d181345"
},
{
"yara": [],
"sha1": "011a23b5fa68b251cb4b2e7d6b6b228c2433da6b",
"name": "4f780105011f0f3e_fam06-34.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-34.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "4f780105011f0f3ea509cb4fb783314cc71876f00d0b229f2bacefc681039b66",
"urls": [],
"crc32": "CDD86B79",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4f780105011f0f3e_fam06-34.dds",
"ssdeep": null,
"size": 32896,
"sha512": "2fbffa3f8faf225152135785121133198bc82e5b433eb920b268619cf2a07f686a989bc5091a55542d532c6da0872a4a6a15295ba97b84442b75a59038cc5e68",
"pids": [
2504
],
"md5": "4201767ae6d8c3bfe7d392364d98a5e1"
},
{
"yara": [],
"sha1": "e9c1fffa85d5d080606aef476a145a2a38e9a70b",
"name": "1e683fd5e81f9c78_fam06-59.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-59.MSK",
"type": "data",
"sha256": "1e683fd5e81f9c781dd11b23e6d88ac3bc273a2216465ec7cc37056b82fcfc90",
"urls": [],
"crc32": "83D26D47",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1e683fd5e81f9c78_fam06-59.msk",
"ssdeep": null,
"size": 1024,
"sha512": "a1ca80ae9e08292cddc0a46652dbed7fe19fdf7167fe1b61c0bb6595842740c3321f398f4053dcd9782d6f4530dfc6783b0b86eb49de925d39bb48563116ae11",
"pids": [
2504
],
"md5": "a1ddaacf4dccfbf158d1dd6df893544f"
},
{
"yara": [],
"sha1": "a3ec4b29e306164db847ad1741a3d276e6fe8326",
"name": "ce027a8df9ac6cd6_fam06-63.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-63.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 128, DXT3",
"sha256": "ce027a8df9ac6cd606996af2626cab0db629d43f073d74349a9359d6bf728584",
"urls": [],
"crc32": "7105EEE2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/ce027a8df9ac6cd6_fam06-63.dds",
"ssdeep": null,
"size": 8320,
"sha512": "5f88208f59d2f4bed6ced8bcc80dcad55eb883d7b721a9cc9f3be5615a0fdcd0ba8a557cee550016e3b08d105b3e61b30f4816fbae01ca82de1673cbf0ad8499",
"pids": [
2504
],
"md5": "be855227d7981615cc6a5b89b2c33c5b"
},
{
"yara": [],
"sha1": "05ab1cf96fad74525384de203e858ae01acdff05",
"name": "1d50d3b6a4ec591a_fam06-13.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-13.MSK",
"type": "data",
"sha256": "1d50d3b6a4ec591a42df8c3d0b77f8a0a94251b36f507d363f02741960056e11",
"urls": [],
"crc32": "50C83A5A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1d50d3b6a4ec591a_fam06-13.msk",
"ssdeep": null,
"size": 4096,
"sha512": "987cf27bcb29190f028772650b59d053f884cf3b0ef3c0f783c7bed5af09d60baea2b2201a5607f9d2f50f9052dd20d26713a331abb5706147010067dd4fc385",
"pids": [
2504
],
"md5": "23523b9cd97b4e346e6537168e27453d"
},
{
"yara": [],
"sha1": "7dfe3e20165896c9fd1080908cf28593857790de",
"name": "c11759b70c5e79ae_fam06-09.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-09.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "c11759b70c5e79ae1f8a0cd21b46df48b80cd4acf320d3e0a78f136dc622fce9",
"urls": [],
"crc32": "42D22D50",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c11759b70c5e79ae_fam06-09.dds",
"ssdeep": null,
"size": 65664,
"sha512": "a8e443cce65935212effb9a88e43246ff8fe6aa6d6b3f33de2fe9880b73dca05d78d9dd4c9c4f98678aed1779a75de1dfb12bab393ef85e2d944dfb2acf894f5",
"pids": [
2504
],
"md5": "cb003dd5d88659bf910d5c139f2ee64d"
},
{
"yara": [],
"sha1": "f0c4f2ce03db12344702ecfd344936708c6248a7",
"name": "1ddb8d6b6e1bc91a_fam06-49.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-49.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "1ddb8d6b6e1bc91a543442d2b2a43c41ee818f72b5c01eaf808fdd72cb8cd8a0",
"urls": [],
"crc32": "C7DAEA13",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1ddb8d6b6e1bc91a_fam06-49.dds",
"ssdeep": null,
"size": 16512,
"sha512": "d4cb29efb1f0c24a58e5996f96967a277518db8913caa6d9c69f2233c1047318feaa640fe40f835a578756783bbab88692ad10ed53cd3c9b6021296763629e4e",
"pids": [
2504
],
"md5": "d12e86ed55043917a2784be573dfbabd"
},
{
"yara": [],
"sha1": "72b7717ecc3656906c670e3876c2e328e32a0670",
"name": "cbff3a35f04f53f8_nh04-05.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-05.MSK",
"type": "data",
"sha256": "cbff3a35f04f53f8e5a631edfb77e69003ebdf38bb1076d718d4cad4fcd9b972",
"urls": [],
"crc32": "B8168D92",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/cbff3a35f04f53f8_nh04-05.msk",
"ssdeep": null,
"size": 32768,
"sha512": "010cfbd22e036098b090e435374b9577478dab6be37867c8baffb7788a00f77a35c21872898760494718ba4f3aee12afd85dc301d352568dc1767e47c6d38ab3",
"pids": [
2504
],
"md5": "0f46dab3f3370c4c9456706483ddc488"
},
{
"yara": [],
"sha1": "50e96e43a929e12aea2b74aa51c288c5e1ad838e",
"name": "a7bb0bc4df0d113f_nh04-03.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-03.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "a7bb0bc4df0d113fcc7727fd54426affa45a9cf081f50cb7ea808c1cd608c1ce",
"urls": [],
"crc32": "9F45A008",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a7bb0bc4df0d113f_nh04-03.dds",
"ssdeep": null,
"size": 262272,
"sha512": "27db9465c423ebf98b190a8cd9abbe79a7464726e6bc898297d2b621c9c9e34ff5bd729d3fccb519844e7198407482809331e620be414e6f0648fdb7acd4cab1",
"pids": [
2504
],
"md5": "dc1e8401cb11a26ab9a355dc3defc0eb"
},
{
"yara": [],
"sha1": "225134e3eb6a8d8c6c93472791ced4246b943373",
"name": "c6a67f969b73ba58_fam06-04.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-04.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "c6a67f969b73ba58448f7c7cc0d5f0f560a1ef20612a57595cbec56264ade565",
"urls": [],
"crc32": "FF30402F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c6a67f969b73ba58_fam06-04.dds",
"ssdeep": null,
"size": 65664,
"sha512": "c3c1473ed12473c1fc8a03944f7ac05f6ece90633eef4e88364f91a9fd13b9e3b85b2e33b074378d653e317fd1f76017eb7db7c1076ab0efd9e0385708178094",
"pids": [
2504
],
"md5": "66c0f4a3b3c43dd4794c9a5c2022cdef"
},
{
"yara": [],
"sha1": "9c4e44092b0ea4135fb089d825880f652271b576",
"name": "6c4abe8ca2aefd8f_fam06-53.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-53.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "6c4abe8ca2aefd8f83894683c2ea7c0bea6b55d523a664bd44d90c2e4bbcc63c",
"urls": [],
"crc32": "ED9B2F69",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/6c4abe8ca2aefd8f_fam06-53.dds",
"ssdeep": null,
"size": 65664,
"sha512": "9da09fc82acce8a0362127de46a55629f02d556513c0633e5b30021baddb636f348de7ada9e97e1bae11868613dc93f443ae1421a780b81d003f9aa9ac2752bb",
"pids": [
2504
],
"md5": "3b5a60aaccef360ea4ad4da82924a087"
},
{
"yara": [],
"sha1": "dbe1bf0faf20e9a0239ad8587118d442adbaf5bb",
"name": "56948d92dc37f63e_fam06-31.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-31.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "56948d92dc37f63e5faf10b1907918ad558b93e6e5b347481ef15541b198d233",
"urls": [],
"crc32": "A787A387",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/56948d92dc37f63e_fam06-31.dds",
"ssdeep": null,
"size": 16512,
"sha512": "440c78a43331aa4c589992fcfc20530aef6414b099629d6765aa22fcef7553cc7320f5d9f917ef0ef15b41ee7d39fcc1d022b3f18ba6e1d1386c977529df7dd5",
"pids": [
2504
],
"md5": "4bb6678d35bf47716e288cf669e3b352"
},
{
"yara": [],
"sha1": "997959d3b31dc775d2d0c894f59c35bd73cc02b9",
"name": "bbc2a4c1d9a33a19_family-36.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-36.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "bbc2a4c1d9a33a19bd2fa8dd884d02c7f10d3f805904c1e4fe2fb371663e90d1",
"urls": [],
"crc32": "850686E4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/bbc2a4c1d9a33a19_family-36.dds",
"ssdeep": null,
"size": 16512,
"sha512": "8208c16da7151a203bc43382ceeb2edcd536db6f88fbe431cce37b1f6c8abf85e6637ade84d7436218b4481ce5f9dc4eb9c6738025db9217cff7500a127a6ab6",
"pids": [
2504
],
"md5": "ada1b827eef563beac8cfcca5d2178ff"
},
{
"yara": [],
"sha1": "b1fcfc797a0f9eb2051459cd663e5a43f5332453",
"name": "c2ba729bea5c438a_family-01.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-01.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 256, DXT3",
"sha256": "c2ba729bea5c438a0aa12006ab07ca9ae78924a6a9620f5684acbcd3fb0321e5",
"urls": [],
"crc32": "CBFC37D2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c2ba729bea5c438a_family-01.dds",
"ssdeep": null,
"size": 131200,
"sha512": "9c4af03f62e4009fdfb398d30e96359772a042bcf4d2c285de5bec3fb9a3126ee01df5fc17ac52d5329ec877d09f1cffc8d505a4fcee255900ffd75d8cf75169",
"pids": [
2504
],
"md5": "b7add00cddec0f92664f725bea2ce0c3"
},
{
"yara": [],
"sha1": "9f2ce7b6b36940d4b6f04163917f0302e744ae96",
"name": "ba0253c1b7227fb6_family-15.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-15.MSK",
"type": "data",
"sha256": "ba0253c1b7227fb6b9c254c9caa467b481fe51fa58a92ea7c011d8539e016fe8",
"urls": [],
"crc32": "212431F8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/ba0253c1b7227fb6_family-15.msk",
"ssdeep": null,
"size": 8192,
"sha512": "aa5b258acc549112f0ff346d8dd355cc35d27f7ff3687b51c6c363acbba09707c1dc1d4f9ee1671d73b671d0bebdbe84d046dd26c85558d107693fb507a56020",
"pids": [
2504
],
"md5": "ff112d50c6633f848d78b4f1c5823944"
},
{
"yara": [],
"sha1": "cd6527038002671cbaa3280881a7f37c7346a05a",
"name": "b5ec8dfa85431a50_nh03-01.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-01.MSK",
"type": "data",
"sha256": "b5ec8dfa85431a507c36e23dbf51e3ed18d0d95293eaf71cbfbac7046cb199cb",
"urls": [],
"crc32": "63ED5BB3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b5ec8dfa85431a50_nh03-01.msk",
"ssdeep": null,
"size": 32768,
"sha512": "92bfc670a0fb2e043e703fbbc82cf884307ed878b6c8b5cdd0fcfdead51e27f978d3b24a8111345e702bcf697ffe23a01f0e1aa3c9d8cf42d00f72bf710c6293",
"pids": [
2504
],
"md5": "1b20dbb544b3814fbc3628d98338e6f0"
},
{
"yara": [],
"sha1": "424df92c2039f70ee7bcb144ea993df678eac7ef",
"name": "543ed066778322ca_fam06-44.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-44.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "543ed066778322ca86a47895d20f980756e9e3a2145a8bafdd68ea4687981bf9",
"urls": [],
"crc32": "4BAFDBD7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/543ed066778322ca_fam06-44.dds",
"ssdeep": null,
"size": 32896,
"sha512": "e632bbb4b77338fe10a34fb9d650194d04ee9ec1e1e92b8a003255cdf976491b982d64e1a2f3ed42f22d34c897545eb9cdc4d3d5a1ee9a1034180b863ee8c32d",
"pids": [
2504
],
"md5": "49de3a7f0b487207d2a8dcbdfdba3756"
},
{
"yara": [],
"sha1": "842aab2d220d31db813cf13013ca97f2c13bf7a6",
"name": "ffd3922d85b9950c_system.ini",
"filepath": "C:\\Windows\\system.ini",
"type": "Windows SYSTEM.INI, ASCII text, with CRLF line terminators",
"sha256": "ffd3922d85b9950cefb6618cad5f2ed6cb9aa3008fb6504ad7194ec78a59c0fa",
"urls": [],
"crc32": "58E916F2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/ffd3922d85b9950c_system.ini",
"ssdeep": null,
"size": 256,
"sha512": "1f3c3b41f572b565d771c54eeb0f264b0b09519ff64db58437108d58deea08037e865080baa8ab1d7b9f8af3c13fef0b1f470e1903a46717a2b8c07391d32dc7",
"pids": [
2504
],
"md5": "d180582785c674f88385a88b26e8fec0"
},
{
"yara": [],
"sha1": "6ae379fbbd63ae4451befbcc142adf7aba77c7da",
"name": "4a0517e9ec7f2f87_fam06-21.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-21.MSK",
"type": "data",
"sha256": "4a0517e9ec7f2f870c96ee0833031f04f67ab0de5bca36c7d84f80d7c2f10edd",
"urls": [],
"crc32": "ECFBBBBC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4a0517e9ec7f2f87_fam06-21.msk",
"ssdeep": null,
"size": 8192,
"sha512": "98e92ea5d21b8cb194cbad5e2542912d10a796dfc831d829e54c44b9f2722ede748f8930d2905bc7c5c6fa16c601aa0540626295fef82282b98d62009e96682e",
"pids": [
2504
],
"md5": "f9e9a7229a578832a4b1557be2122878"
},
{
"yara": [],
"sha1": "448cf9740f580bdcedba2db1ee87f98450376d1c",
"name": "d0412c481cebca11_fam06-31.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-31.MSK",
"type": "data",
"sha256": "d0412c481cebca113d2ff4840c1a79f5d264b12ac422ab1581677b6679f18276",
"urls": [],
"crc32": "85B35C17",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d0412c481cebca11_fam06-31.msk",
"ssdeep": null,
"size": 2048,
"sha512": "c0f94fd895e227826eab3b620d69db0b253c234d011e6deda15dca6454bd5c4e240108f9371a4aa38dac6b91797720c59271a4153d242e7b41c84df55de41db7",
"pids": [
2504
],
"md5": "07d63ffdd1757b8edb01d34f947e8c63"
},
{
"yara": [],
"sha1": "1588a9c18f12a4437fab41613c9b81d4b7683924",
"name": "e1624e30f99e7810_family-41.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-41.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 64, DXT3",
"sha256": "e1624e30f99e7810c115442d75c65193baef5cf7f5043b30fa466916f183d4b9",
"urls": [],
"crc32": "07AA59FA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e1624e30f99e7810_family-41.dds",
"ssdeep": null,
"size": 4224,
"sha512": "9551c859c0a0668c9f932231e708ac2b99716c85fcf244ae163c77f91a8f59aa88c6343870787d87f1327126c97cd27365c45d39ce1abb51501506f390f6a84f",
"pids": [
2504
],
"md5": "b6996628df25fc99d0d2cdecdcc96e09"
},
{
"yara": [],
"sha1": "06c28383028df560357dd98c6663ecbfbed8e164",
"name": "735e33c203bc7ea8_family-38.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-38.MSK",
"type": "data",
"sha256": "735e33c203bc7ea8b26c9d7e19913ab6c478780dfebcab93d4f488bb4ea12b81",
"urls": [],
"crc32": "222B2296",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/735e33c203bc7ea8_family-38.msk",
"ssdeep": null,
"size": 4096,
"sha512": "83c9d49e117badab97a8fa2c4f164bab5b9200d8c58e7ebc53b0c9b2b47899141772cb6ce69834106cac00da58864fa445f14f78e48cfe1855281b23e8aa59ca",
"pids": [
2504
],
"md5": "4f8e860f3cc7e50ec6c6617d00093621"
},
{
"yara": [],
"sha1": "68e921aed16f96fa9c0ef5a8b700697751e8f9e6",
"name": "048fe3ea4def607e_fam06-09.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-09.MSK",
"type": "data",
"sha256": "048fe3ea4def607eb3ba56e28f67a62ce4807547b1b346a70a62776a3f0f2e40",
"urls": [],
"crc32": "2EBC3EA9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/048fe3ea4def607e_fam06-09.msk",
"ssdeep": null,
"size": 8192,
"sha512": "4f77b02eba937cfd64766e7a8bff6556376ed391ff50ec16f2e1210010e6be31a6e47ff4269ebe145b8111172f24d841226f962cf72ae1aa736d790d86021d9f",
"pids": [
2504
],
"md5": "efa29499f700f277bbc49617de94bc1a"
},
{
"yara": [],
"sha1": "a15a7f1fa4e2587949546a74059f8863a379285f",
"name": "bd7221e5c4fbbb5d_fam06-66.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-66.MSK",
"type": "data",
"sha256": "bd7221e5c4fbbb5d6f26782b0f2ab93d276ae9f955b7e6901b313c42327d0288",
"urls": [],
"crc32": "5FB82BAD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/bd7221e5c4fbbb5d_fam06-66.msk",
"ssdeep": null,
"size": 1024,
"sha512": "b3d0a134cc02e88a3dc45cbfa9cef3a92ff25bfc1cf5d5a06d36737bae12e67f8cd9104a92b2235639ca080757f81c54ec419a3cfb56ccb1990a5b6a724347a2",
"pids": [
2504
],
"md5": "c289d369d66a9912f7d9c1201ba9512b"
},
{
"yara": [],
"sha1": "1e556f7bf22e701e6ba3490c0f504f436efe3343",
"name": "d76c2316f897799e_fam06-24.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-24.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "d76c2316f897799e287d3d15ff9051276ca2c9914af36c4a3b0e438f94e15698",
"urls": [],
"crc32": "6A5ED3AA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d76c2316f897799e_fam06-24.dds",
"ssdeep": null,
"size": 16512,
"sha512": "a82d0125498bbe33700ba441647e464dd26daf9e50e8d320ab7e8058329d981111d0288dae6c1059463b0c90324ecaa3b096cc0bc37ce3a8cbd66b2ebfb22230",
"pids": [
2504
],
"md5": "e69a602cbc556ad74539add5ef1656a5"
},
{
"yara": [],
"sha1": "001e8d3a39485c65bdf4df9ad23140c6bf16f5f3",
"name": "08005b50438137e7_fam06-62.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-62.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 64, DXT3",
"sha256": "08005b50438137e7f5c3ae59b869e4bbc95eb20f61b5f960da21252274abac0d",
"urls": [],
"crc32": "53782409",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/08005b50438137e7_fam06-62.dds",
"ssdeep": null,
"size": 4224,
"sha512": "da9f314a032f8e7307d29ecb82761e1ef6e1bf0f4c4a00897f57e87bef469318cd2670912c062c9e29b69b2848bbc244f1cbdcc8dd9d9b1bc33c50d2f6f60bd0",
"pids": [
2504
],
"md5": "fcab684d4c396c0bea5863d6c073884a"
},
{
"yara": [],
"sha1": "6a9ba4913fcf3ac27e0b10044a48b1072cff96d7",
"name": "7c7fb8d69e134090_fam06-40.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-40.MSK",
"type": "data",
"sha256": "7c7fb8d69e134090b4a37e0fa182b16c90b299dc122c434c7cca606f34c9e9b2",
"urls": [],
"crc32": "97B9C217",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7c7fb8d69e134090_fam06-40.msk",
"ssdeep": null,
"size": 8192,
"sha512": "00786361d8f3248a1b325cde8301bfd70390191621257dcf83a795b0f1148fd6e89a6527e094b5501a813d4c40fdec5ed786f7b374883671722eddc93c623757",
"pids": [
2504
],
"md5": "45ecb6925bbc6ff0145f07f26c71f4e4"
},
{
"yara": [],
"sha1": "1e7d3b9495ff033a1f4fc6788d7c4363635deb62",
"name": "f185b3c642d1cf24_family-30.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-30.MSK",
"type": "data",
"sha256": "f185b3c642d1cf24d85abd99b2818da937190dd057f5bd66c9de23cdeebbae2f",
"urls": [],
"crc32": "25274E52",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/f185b3c642d1cf24_family-30.msk",
"ssdeep": null,
"size": 4096,
"sha512": "bd694f0cc8189fda45224a0a4854f1f55882b79f136b4384998f1e244291b7256b529af0d61c6179fed463d16f74abe94d7e630cb63df07c1ae41beb588843fa",
"pids": [
2504
],
"md5": "7884f9358b3f111fa505bc568bacf76a"
},
{
"yara": [],
"sha1": "57b2b094cf2eccc1a7af72a732f79dfbb575f2e6",
"name": "1efafe1a82b85cae_fam06-64.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-64.MSK",
"type": "data",
"sha256": "1efafe1a82b85caead5ceb84c64c9a7328b0306715013c34026b9a67f9cca2b2",
"urls": [],
"crc32": "B32700A9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1efafe1a82b85cae_fam06-64.msk",
"ssdeep": null,
"size": 4096,
"sha512": "edd9679f51307b67cc2decc2875b3fcbde8287998dba4b8e454fcd3c813ddd602b0a03071703749e9474ce070ab334f52648c47ffa8aba016bf9d6467c0b32f6",
"pids": [
2504
],
"md5": "ce82638c0a4ff6c1d2acbaae520a4610"
},
{
"yara": [],
"sha1": "76299118486f9ce1c6f234745af04ba5f1b1f94b",
"name": "89521c65d615cf1a_fam06-77.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-77.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "89521c65d615cf1ae42263513c73be43287095063f0b4c1de83b4acfcb612968",
"urls": [],
"crc32": "C43E01FF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/89521c65d615cf1a_fam06-77.dds",
"ssdeep": null,
"size": 16512,
"sha512": "750684ef7eae684b5ab07682220ae3efe5e19e6bf04413bbcc9e7fc45bf191d449b847199a75321eb031c4b3a5a194e90258d1db05fa992fec1efa6645767952",
"pids": [
2504
],
"md5": "dd9971bee3e6ae2be69b5fbceeb53b45"
},
{
"yara": [],
"sha1": "07f180a650cc7886bc9c857183c54426513c6095",
"name": "72041c0da33e9160_family-14.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-14.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "72041c0da33e9160fa3f5cb9e90afb76229cd86a08c72d0a447dc786f76ead0b",
"urls": [],
"crc32": "76AE3E6F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/72041c0da33e9160_family-14.dds",
"ssdeep": null,
"size": 262272,
"sha512": "678e90a2cbaf823f9fe0d255525d417e2c5bd288ead58a0476fdde23ddd9874eaff7b8e5b33b736b2cb007d65a57d534137522f625bc3511d987e438aefebc73",
"pids": [
2504
],
"md5": "df05abf18029d669cdb05f5acea9ed94"
},
{
"yara": [],
"sha1": "4a63fdb9e151a4fb57c84821d851fc1dfa2cbcb9",
"name": "2131e6b4bf966bd4_fam06-01.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-01.MSK",
"type": "data",
"sha256": "2131e6b4bf966bd476bb4016405db7d75cc63c18d32cc9e686483862d7326727",
"urls": [],
"crc32": "1897DF35",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/2131e6b4bf966bd4_fam06-01.msk",
"ssdeep": null,
"size": 32768,
"sha512": "0b3cfaff8b57c6c6ef6a689d5f99c1948368debfee62385ad6076059503d337189efa9f286f8451316512e701392c8922078fad4fdb389020dc44aac87021404",
"pids": [
2504
],
"md5": "f5492594187742119f55be92b95e07a9"
},
{
"yara": [],
"sha1": "ed1ce4a78b1048a9e957d7ad4990735bbb7f935c",
"name": "eb700a9b5010a572_family-29.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-29.MSK",
"type": "data",
"sha256": "eb700a9b5010a5726a4aceb7a94d2cae0619129ee72e1b443fc1d83e276f964c",
"urls": [],
"crc32": "2D0722EE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/eb700a9b5010a572_family-29.msk",
"ssdeep": null,
"size": 32768,
"sha512": "d73e2187f13904aeb5b6db4ea9847e388054100f9733f18258ab0f55373470e659a2de749afac61667c40f93ccec71d93706a2c4effee682907ceac610a64439",
"pids": [
2504
],
"md5": "0291da642d1ff03bdce4345841c9f434"
},
{
"yara": [],
"sha1": "daf94d812497c8e5cf854f06d6b3b83d674d6b92",
"name": "96da2ea9536d7c4b_fam06-29.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-29.MSK",
"type": "data",
"sha256": "96da2ea9536d7c4b82bfcfff9a954c4ddb7ad86f967c1088335e7810e43f81b5",
"urls": [],
"crc32": "ED33C573",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/96da2ea9536d7c4b_fam06-29.msk",
"ssdeep": null,
"size": 2048,
"sha512": "c93d8d1475be46d21e25156c928086e9fbcd04ffee0e22dc02cdc4780bd494fd208c9b15b73de09e4104a442f26fd5a206b797f23d5a70c11a57d849cc2c3152",
"pids": [
2504
],
"md5": "0b28761aeac64e67e2ff2faf9291fede"
},
{
"yara": [],
"sha1": "bcaab8890504d8339a9d1e8e9e8bd812082818a8",
"name": "b5d0e5fb12cb3d99_fam06-44.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-44.MSK",
"type": "data",
"sha256": "b5d0e5fb12cb3d99b9c5b513c14fab259f957826cf818a4293ea7cefde0ded3b",
"urls": [],
"crc32": "389C2601",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b5d0e5fb12cb3d99_fam06-44.msk",
"ssdeep": null,
"size": 4096,
"sha512": "a301385bed2195e2463890a7b806a370dca63188753401c430e36da990a420483a03fb94e1fbbe0801400086ff278fe9b6de2bf009624aff48732031a6372768",
"pids": [
2504
],
"md5": "9f55386ed64da8f9ac52eb97d5b8acf3"
},
{
"yara": [],
"sha1": "4c601cde9ae7f373711917ccfe8bdcec3eb6a554",
"name": "efe40df654c8fa31_fam06-41.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-41.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "efe40df654c8fa31ca647b546634db7cf07fb3ba419156549cb8b8912008eb93",
"urls": [],
"crc32": "6C728005",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/efe40df654c8fa31_fam06-41.dds",
"ssdeep": null,
"size": 262272,
"sha512": "e0e06624c136c122a37db0ed2c2b21f041c8362f5f252a6ec28e5aa8c869b5cd4103c324b34a9bf3b77f142e80003e4fbeba06aefb96ed2e8573f67a2de72cbd",
"pids": [
2504
],
"md5": "64628daa28ea57829bc89454da63e869"
},
{
"yara": [],
"sha1": "32c1a138f7414e9ae5ce1db10066bbd0908ebfbd",
"name": "4ef332d31a167520_fam06-48.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-48.MSK",
"type": "data",
"sha256": "4ef332d31a1675205d857e5eaebd81a79ef870ea185d672fd3901a8cc8ddfca1",
"urls": [],
"crc32": "7F09CCA1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4ef332d31a167520_fam06-48.msk",
"ssdeep": null,
"size": 2048,
"sha512": "8c821e4f81334dd3bc413f002d973508f4f739d9608128c13abf6a2c81f8dd230fc3bf0478e56195f43d7484e0085b710895e1636a63c03ffaf574a81270d77a",
"pids": [
2504
],
"md5": "aba4617be37574833c0b0394f67ebec6"
},
{
"yara": [],
"sha1": "9ce3329517a0fba363ef88bb6de601ce9e0873da",
"name": "c8a77a37b2fcf06a_fam06-47.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-47.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "c8a77a37b2fcf06a9bc23a41216d43d1594795b5af31eab684fe5615f10ba8a2",
"urls": [],
"crc32": "12CD38AC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c8a77a37b2fcf06a_fam06-47.dds",
"ssdeep": null,
"size": 65664,
"sha512": "adcb96bd3b14a6912e11c3c7f269906440b031287bc7eceb041a3cb9ec97b2b2deef8a5f33a9bb0bdb616f4b1f5fc5343209dc03e5bf501fe22ff7c9868542b9",
"pids": [
2504
],
"md5": "e2a1c7afe9377f7a5897bdeb2134e175"
},
{
"yara": [],
"sha1": "4ed8924bcb8294f8c37be615a0df6f332c9b702b",
"name": "5ed8fe4303e9eb3a_family-03.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-03.MSK",
"type": "data",
"sha256": "5ed8fe4303e9eb3a3eb601f0aea8b7a2a04ceacac0f1a017aedf872a55d533cf",
"urls": [],
"crc32": "12A52B6B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5ed8fe4303e9eb3a_family-03.msk",
"ssdeep": null,
"size": 2048,
"sha512": "b1ec8e9619ddcc2e863a2537a25fa693b7bdd94cc2cb87926cb1d58dbf1fd31932399a78f39d71d817c498b318fcb823a7899159a2ed6d12490f2e088f5948f3",
"pids": [
2504
],
"md5": "13bbcf8f8686c1b8d71f4c14ed6fef27"
},
{
"yara": [],
"sha1": "791cc41f5a86cfa49b0ad33a07641aa81d7ce334",
"name": "cdf6dae84faa99b4_fam06-13.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-13.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "cdf6dae84faa99b481151c5c43b0c42ac65e3ffd05bc6a061b86d21a9ae2d87c",
"urls": [],
"crc32": "3820875E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/cdf6dae84faa99b4_fam06-13.dds",
"ssdeep": null,
"size": 32896,
"sha512": "302f0160522931532195ec33d84da4f90cd90e7e91b4c7394f80df284164e90d18e6ef662589acc099e421422d3259a2d5a3f0b2b1e0850ffdae786f3864e695",
"pids": [
2504
],
"md5": "668b4a85f8d26f5f06855bb0d9dc9a75"
},
{
"yara": [],
"sha1": "ea62e2d94b9eed4ea4a8c4cf161c800ee460295d",
"name": "105fa5c3b4d998d9_nh04-06.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-06.MSK",
"type": "data",
"sha256": "105fa5c3b4d998d963ae3f9dd02ba3c7dd5a2b6706e8eded0fcbbbe763a0bc19",
"urls": [],
"crc32": "DD3AC781",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/105fa5c3b4d998d9_nh04-06.msk",
"ssdeep": null,
"size": 32768,
"sha512": "9df066591410fc801b8350ffa1e03e2b01f451670bf8c90949f05d034c2bccc315d67d7107270ccd4b090af6c40eaeb881a4f87ff2f54ab631d3f83b1109c19c",
"pids": [
2504
],
"md5": "151c7405ff4791ccb1422e9bb1615e8d"
},
{
"yara": [],
"sha1": "be193bbacaf3a0962195b78b76ea4f6fe5af2285",
"name": "7b1c4ce26e3dbd85_family-40.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-40.MSK",
"type": "data",
"sha256": "7b1c4ce26e3dbd858122c6eb0e01dddd5002ac059b6d454f7efb6477e2015fd8",
"urls": [],
"crc32": "CD18E9FE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7b1c4ce26e3dbd85_family-40.msk",
"ssdeep": null,
"size": 512,
"sha512": "8626e1de4a3afc8cf064be8b0b6fe1db37582f1388105d52e984326ca0d68aea26582f20f555f5b9f7c4f06f50a22cfb84224e9d9a11a23f57c1d9f546f150d7",
"pids": [
2504
],
"md5": "ab595fc22cb45ba71e9430c64b5af718"
},
{
"yara": [],
"sha1": "b6f14aefa89c06cd7afcd5c1c401536113c269ab",
"name": "65332efb852d41b9_fam06-33.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-33.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "65332efb852d41b967240f3ef811f039ea786cec18ba4c843ed9a3e19674333c",
"urls": [],
"crc32": "C9FAF2A3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/65332efb852d41b9_fam06-33.dds",
"ssdeep": null,
"size": 32896,
"sha512": "f6e4cfbab6abde3d7e32b7eb5cb08de7d6ed5f7399612233c5be96e2f3f35ad6e8904ecc6b602e585bb2ccdf60065611170c8fcb17abcea3c746c700593ebe5d",
"pids": [
2504
],
"md5": "d74d668f715698b3bb544fd3aaa5aa01"
},
{
"yara": [],
"sha1": "3147113535f1144bb5fd619231dedebabc1740c2",
"name": "76a8f3e77d435296_fam06-40.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-40.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "76a8f3e77d4352960fde8793b4fa3e23afb9e68120cb542bf6f671c7a67c38c6",
"urls": [],
"crc32": "354C2A10",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/76a8f3e77d435296_fam06-40.dds",
"ssdeep": null,
"size": 65664,
"sha512": "1f8bdbc46a3d4ab2629c8f847a0f48ba7228badb9829586a042a20bb7c0cb6a79e3aa79a73fda33c2555f37fe9f3ff5d78f4b1244c613e16b8bc590a3c1de885",
"pids": [
2504
],
"md5": "2379450b45ec6869ed5f0c037d959d15"
},
{
"yara": [],
"sha1": "5cc5f42e955a092f3f9a32b624db7d180ac4c41e",
"name": "2a5560ec06d2ab73_fam06-56.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-56.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "2a5560ec06d2ab73d5775f2dda12d379d4fb2ca1617e4f1099c99864f1c2a557",
"urls": [],
"crc32": "2B3472C4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/2a5560ec06d2ab73_fam06-56.dds",
"ssdeep": null,
"size": 16512,
"sha512": "b1e782fee3f0cf6508cb5e55b25d372de75ee4f5503016cb00e55e72d645859aab33cf5700686bb095596fc112c90a7754c678741ae0c011db30d0101b331aea",
"pids": [
2504
],
"md5": "c9ba078f25315cbaaa7aa91ab16952c7"
},
{
"yara": [],
"sha1": "1ef59f3cd0caa35f1b9e466f466939ba43e467f1",
"name": "b52f81f70f17c7c3_family-10.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-10.MSK",
"type": "data",
"sha256": "b52f81f70f17c7c30538574a9f4a659a341807ba0cf3a94bc0938f208c7c39ac",
"urls": [],
"crc32": "77FC09D0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b52f81f70f17c7c3_family-10.msk",
"ssdeep": null,
"size": 8192,
"sha512": "81f43c3944b0f3fe2a8f924da63812876d2ca90bbf954a4a431ac8a55a92bce6ea02eb5029512b3412436a7b5b3bde39aee901573ea5bba9ca5e3ddf2e46d7a7",
"pids": [
2504
],
"md5": "f98104db678aca79b1d354a210342432"
},
{
"yara": [],
"sha1": "3a9a28861613f23dc3a68b4fbea9f7986c50d819",
"name": "a7b4c73b17fb2fe6_family-22.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-22.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "a7b4c73b17fb2fe6ee907ee332e7482f64c88228dde60bde31f4cb0ea4b6d15a",
"urls": [],
"crc32": "A3D5BEBD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a7b4c73b17fb2fe6_family-22.dds",
"ssdeep": null,
"size": 16512,
"sha512": "2c8afc68d877942f9cf1e6e0f902e9b1732bbd905e9775ab784bd581bb54d2b14038ba871fc2896453fb16ddfdd4b41f044a89a7f6349746445a749e762704aa",
"pids": [
2504
],
"md5": "b73410362d9aa426a4c71314ce1a8816"
},
{
"yara": [],
"sha1": "d74e7c7ef77498f19192da669ef781de1a6ba299",
"name": "5f12b3688b7a5283_family-37.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-37.MSK",
"type": "data",
"sha256": "5f12b3688b7a52832367707c0e14db0909a5b6fd44c135603f5600b36280bf68",
"urls": [],
"crc32": "B44051ED",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5f12b3688b7a5283_family-37.msk",
"ssdeep": null,
"size": 4096,
"sha512": "3a39813d1bf50d51a331bdab8bc66b4d8951f667837c740a88d5fe52de9c98734f780ff9175c3cfe594bcc9ab6067a4caae285e12641c0b87ca6f8413a66229d",
"pids": [
2504
],
"md5": "b0525e791d83236130cd5d4cbb0012fc"
},
{
"yara": [],
"sha1": "43870ac5c1850e6c40fef8fb38a2af5469249bf2",
"name": "5ed2d23c019d52a5_fam06-75.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-75.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 64, DXT3",
"sha256": "5ed2d23c019d52a530a99d15801cb2278f51c7b2790ec816256e15b4ce637626",
"urls": [],
"crc32": "6F211541",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5ed2d23c019d52a5_fam06-75.dds",
"ssdeep": null,
"size": 4224,
"sha512": "6b3b4e58adef373802cfeac9e627a50ea7235c555df46a802cbec8853212203dbdb3a11b2d51f32a158161c5a89762cfe3f1f0c4238de3d649e2a87da8a72a55",
"pids": [
2504
],
"md5": "336596e835d4a7f75d905c6263712686"
},
{
"yara": [],
"sha1": "f44c88122049ec74433dfd3109c33ac74ff9a91a",
"name": "1fb11fbb990ae504_family-10.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-10.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "1fb11fbb990ae5041cadf1ba7a5a254db893c513cdfde5821638ec04659e4356",
"urls": [],
"crc32": "B5F77440",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1fb11fbb990ae504_family-10.dds",
"ssdeep": null,
"size": 65664,
"sha512": "d0c9a9cc1f5ac389ab942afebe578c63d909612f6741b594609b0e24fddd26295b210a9ab0872589c5a5d6c59583d9e39be2a2edcea869844db9a0fbbc06168f",
"pids": [
2504
],
"md5": "d012ae52200d6c8c2f946bf40648f042"
},
{
"yara": [],
"sha1": "3c66ce915a172c91208a4b4ab3503bd1f0601050",
"name": "396d8049820fbc02_fam06-36.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-36.MSK",
"type": "data",
"sha256": "396d8049820fbc0284a24cc6143a5086916fe45ec532c58e8b03c2efd5d57e51",
"urls": [],
"crc32": "490E538E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/396d8049820fbc02_fam06-36.msk",
"ssdeep": null,
"size": 2048,
"sha512": "7042e77ebc4b2fd282c7bfedfc42398352e950e7b6661130d3dd5ea70f195307866b2e72304379628d7481f02e80054b823e7e1e529707f4434ddd9edf633414",
"pids": [
2504
],
"md5": "644ab02de9030a3cac86869010e50ae5"
},
{
"yara": [],
"sha1": "58e11812aa9f7f119f29f8e0347c56bd113abf8f",
"name": "8566e10641e850f1_fam06-57.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-57.MSK",
"type": "data",
"sha256": "8566e10641e850f169ed826d718a563c1fbf8d4fcd957faa5a48da844a3e9f66",
"urls": [],
"crc32": "BED0D029",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/8566e10641e850f1_fam06-57.msk",
"ssdeep": null,
"size": 2048,
"sha512": "ba0103c9a6d68ed7e75ab56b078507d5092637bed3251ec3e8b18ddafb7bf9d3622f0ee400e0c38ba82a27e26e921774e926ee30f24fb6e9ad12ce0bc7c5de3d",
"pids": [
2504
],
"md5": "2ed124e51490f9278b9bdb63a43877d1"
},
{
"yara": [],
"sha1": "a347f34a23e209746026942dc60779e4ebf75efe",
"name": "22e4433fc139a823_family-20.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-20.MSK",
"type": "data",
"sha256": "22e4433fc139a82380bb928896b8fdef31384f99627954cc5806da6a7b39c3a3",
"urls": [],
"crc32": "763C46BC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/22e4433fc139a823_family-20.msk",
"ssdeep": null,
"size": 8192,
"sha512": "f2a2d67b17a2f6c17b398216eae1b091ff754c20ef6ebff22aea6288291cf2e52e4464f74831b6c341fbbc3787c8eb4aaea9423defdcf0d54545afc6086916ec",
"pids": [
2504
],
"md5": "1246d6bf3a698b8c153442e2cf8ffeb8"
},
{
"yara": [],
"sha1": "340ac295620a7c6c815707431d49c47a7f84d183",
"name": "8274a92b4d40ed3d_fam06-65.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-65.MSK",
"type": "data",
"sha256": "8274a92b4d40ed3d2e2c465451faf9540f71dec92619413a722a8072fc059323",
"urls": [],
"crc32": "61824C0E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/8274a92b4d40ed3d_fam06-65.msk",
"ssdeep": null,
"size": 1024,
"sha512": "4171a6aa48871dbd135c0ea67b6a908a79afdcd4734c61a0ce4e8a576e5368b0b386e892ff1bc6a2e6cc357d985a9baff39e0ed1dd3c9c4cd8e09e8d04d3bdab",
"pids": [
2504
],
"md5": "771d206acd9f0e29c3ca1b46ffa17c1c"
},
{
"yara": [],
"sha1": "db20e63422dfbda3c60c61f5b07d87e2c845f2f0",
"name": "7586d5b1e0ad06f5_fam06-70.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-70.MSK",
"type": "data",
"sha256": "7586d5b1e0ad06f585dea8c01e28d0e7994633ff15ec7e808c60c9fb0f82223c",
"urls": [],
"crc32": "79FE01AA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7586d5b1e0ad06f5_fam06-70.msk",
"ssdeep": null,
"size": 1024,
"sha512": "f9ff83db70a546091e021f0d6363e0e2c22072cd1f55b4c449e5151310620ef0dd92259d78008a5313668638b0b739f1880d29d4e0e0ff8679fc428f29c0b26f",
"pids": [
2504
],
"md5": "fd83c5feac7832def8876dea4250c63f"
},
{
"yara": [],
"sha1": "9cc7b6733669bd2083d32ef7dc5c78da89497bdb",
"name": "34a75003791d8474_family-12.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-12.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "34a75003791d847464f70eab1a88911f258cb1b7db07ef9ed822acbe0ea0be7c",
"urls": [],
"crc32": "9E76F6AA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/34a75003791d8474_family-12.dds",
"ssdeep": null,
"size": 65664,
"sha512": "98e17d4fd51b7fa31cd6d870d414ffe36c0239f5c81a325b4734a583312729ef4c3959726070eca65c5dcccbe1a42b61d03684e9b6aae006a8012fad3cf553bb",
"pids": [
2504
],
"md5": "7585906a1105018506973ba70bae59a3"
},
{
"yara": [],
"sha1": "f087939fc72b7f507d6ae81a39004636f3700dc9",
"name": "4305f9a20887020a_fam06-03.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-03.MSK",
"type": "data",
"sha256": "4305f9a20887020a9e9a18b49dbbc13df5c6c5a5788994164bd20f3d6355db70",
"urls": [],
"crc32": "EC5228EF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4305f9a20887020a_fam06-03.msk",
"ssdeep": null,
"size": 32768,
"sha512": "076eb6133c87faf9e4dd9c21923f03ab86411b20499a22c25f489d7349972fa257019d13632a8d02af02fa5cc1e57a314f8c6e0c717a03cc1cf59e24c2b88434",
"pids": [
2504
],
"md5": "639f15dd270feb8ac01ee2cb3e9cf68a"
},
{
"yara": [],
"sha1": "943830bd063efdf60a3a735967c9bcc63b24c5e2",
"name": "e0f7f0ce210e4861_fam06-59.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-59.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 128, DXT3",
"sha256": "e0f7f0ce210e48617468b27ef314969c11794d3a35751ad8cc3194da91b5c5c1",
"urls": [],
"crc32": "FCFB2675",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e0f7f0ce210e4861_fam06-59.dds",
"ssdeep": null,
"size": 8320,
"sha512": "2b4ee469ba1eff17efe47b9f944fee5d9dfc0e44b783e516a77bbf6e709e155cdae10a423998755d010c5a71a662af41a38581fe5cb94078cd613c22a7d78a5d",
"pids": [
2504
],
"md5": "c6356f4a00965e10da7a9d7594765233"
},
{
"yara": [],
"sha1": "692d2153f640f37c20154db1d0f9797216b4ee39",
"name": "1de2fc20878fe8bc_family-40.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-40.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 64, DXT3",
"sha256": "1de2fc20878fe8bc1f1f9678b630bf59b5c7289522fa25326f3aad474095ff2a",
"urls": [],
"crc32": "D4A8C30B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1de2fc20878fe8bc_family-40.dds",
"ssdeep": null,
"size": 4224,
"sha512": "7db162ecb934de60950a7d672a7e6762f60b1d1ab7a3974e4d6bdc2c57ab3b351bdb99c0a0d3a3bbdd81baad8b43bebad84a870111c15eb12e92cd4728499d4c",
"pids": [
2504
],
"md5": "5b58d5adf352288999e46c5fdfbf942e"
},
{
"yara": [],
"sha1": "1b1043856a670463080d6aea4bfde02b0c73d320",
"name": "a5d00b3a49400dc3_family-06.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-06.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "a5d00b3a49400dc396b6b0d90db9abc8075050c624ca350ddd8544943388a833",
"urls": [],
"crc32": "A9583140",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a5d00b3a49400dc3_family-06.dds",
"ssdeep": null,
"size": 32896,
"sha512": "4e566f17ce33c9dc306ba3968fbcb085fed3d5cd7510d71426366ff8c6c53f679f2be3b90556741af73cee6fe37ce023512bb6d25b9d75b649c837fddd793f18",
"pids": [
2504
],
"md5": "2f4be5f30f9747eec0b61163a766ee98"
},
{
"yara": [],
"sha1": "670ecc4b5daf3e9c282eaa4a5a38f420b78a46fc",
"name": "e5e47aa66395fb94_fam06-42.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-42.MSK",
"type": "data",
"sha256": "e5e47aa66395fb940547cb4b1c16ead7cbd2ca7eb97d8d066ee88cdcb61f746b",
"urls": [],
"crc32": "D5EEC29A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e5e47aa66395fb94_fam06-42.msk",
"ssdeep": null,
"size": 8192,
"sha512": "0d816c88154e51a21435365b0af7b980202ecad42fd56e20b5acd3897d57395b8ce75a365910e1f09ffdde911d81415b383ac4600adcd8c91b263231bcc61ed0",
"pids": [
2504
],
"md5": "f3c0fa2e4c740c414956adc2dd92aeee"
},
{
"yara": [],
"sha1": "54cd7f2d9cd6e6625075b08c4be6e948840ff9b2",
"name": "42bbe97afda838aa_nh04-03.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-03.MSK",
"type": "data",
"sha256": "42bbe97afda838aad6353cf263c0ddf57d01c2453be421cc0bae767f45473618",
"urls": [],
"crc32": "5EE3F8F4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/42bbe97afda838aa_nh04-03.msk",
"ssdeep": null,
"size": 32768,
"sha512": "6ab84ba227e60530d16f36c76e553deaebe1e522a04d0255038bcde7b0bd3a490f14e3abfdaaa9eb60a8006649ad0b8b82e25352bd2cad5ca4733ffd7d3ab07c",
"pids": [
2504
],
"md5": "6c12225def9e9490837255b6a12df0db"
},
{
"yara": [],
"sha1": "ad42652c188ebf918447b704ece84c225b4f0485",
"name": "5664f6a0dec26fff_fam06-05.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-05.MSK",
"type": "data",
"sha256": "5664f6a0dec26fff391f461dd2a5dadc0a14746aaaa2e9327ebe1294642cd99d",
"urls": [],
"crc32": "6448B895",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5664f6a0dec26fff_fam06-05.msk",
"ssdeep": null,
"size": 2048,
"sha512": "35beb03c87a2c8a82ab9a4ea67d776610996df529d22ae29711a75b555588a304998ec0063c3828a1dfde0d5e495c376efc218f323b2e93b3bf8fcf0910b2432",
"pids": [
2504
],
"md5": "200801bd1346d80630f2d93ed07d4993"
},
{
"yara": [],
"sha1": "19f886da249b15a86acb128627d7748a2e17743d",
"name": "e4a882123351cdf2_family-16.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-16.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "e4a882123351cdf25afdef15a68a3958d18609fc57eef655f36d279ab1238b20",
"urls": [],
"crc32": "70B27D61",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e4a882123351cdf2_family-16.dds",
"ssdeep": null,
"size": 262272,
"sha512": "9bc8e46f00a8bebbc7dbeb1a1eac324c55e423b02a21996c476282dfefb1b549a072b28a19b729d8256a24878c87899ef44f51c29e71346ab446be3016b1689a",
"pids": [
2504
],
"md5": "0488869715d69b25a96b722bd32ec0f7"
},
{
"yara": [],
"sha1": "b205b54e4515d03f0dba701e202ee9ea7e6c1d28",
"name": "8e41b77a30a4a261_family-11.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-11.MSK",
"type": "data",
"sha256": "8e41b77a30a4a261807bf67eb5520fb6c1222fc2941d56bf95386ad6e5e7e0a6",
"urls": [],
"crc32": "17897C8E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/8e41b77a30a4a261_family-11.msk",
"ssdeep": null,
"size": 8192,
"sha512": "d7588858522aee1e81303501604a3ad6682854148862c20f4d91ded92dd945ad4b0ae3a4d84b53a121921493c6cf7560c972f7a9105b1a301081c4a3b4c61fd2",
"pids": [
2504
],
"md5": "890c8de08cbfbcc7946caa73986253b8"
},
{
"yara": [],
"sha1": "669c263459462f347d9decc7a0a091173f216359",
"name": "33acfc554918f911_fam06-17.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-17.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "33acfc554918f9114ea40ae99da6ba6ab0f7ddeb3f08a87d6783b4030230a963",
"urls": [],
"crc32": "36B0C31C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/33acfc554918f911_fam06-17.dds",
"ssdeep": null,
"size": 65664,
"sha512": "f7d0d117146d05f6c2504743c92ab78fdeb327636f5985bf5131dbdc8ff9a5989e94e462059edb428b77e9364172f8ddb7d91acd715963395950eae0207eb5a3",
"pids": [
2504
],
"md5": "3be71e738c28730725a27c3042ddb6df"
},
{
"yara": [],
"sha1": "0a1c893b9058c8583b6898b5401e85a863707864",
"name": "11307a038466d393_shop.dat",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\ini\\Shop.dat",
"type": "ASCII text, with CRLF line terminators",
"sha256": "11307a038466d393b648063dbd7c9f4fb626cf1940ba0e36a1aff519d69c62b6",
"urls": [],
"crc32": "9527041C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/11307a038466d393_shop.dat",
"ssdeep": null,
"size": 23549,
"sha512": "ed157b9f0eceb424cd0fb41675af0d6f60e42d9aec396926d7db234acede9d2017b245bfa5455dd77de8bc6c4819975d04413d34c9d37ad17be5bcb2e9ae920f",
"pids": [
2504
],
"md5": "f69ba8781142dc46365980f6823cfd17"
},
{
"yara": [],
"sha1": "d34dde11767cd81a718793ca83346f234c31fb1a",
"name": "41399fc5192aa747_fam06-47.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-47.MSK",
"type": "data",
"sha256": "41399fc5192aa747c683913139ce8fb61f51a86ab0cbaebdc2f1d255eae27a66",
"urls": [],
"crc32": "777E25F4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/41399fc5192aa747_fam06-47.msk",
"ssdeep": null,
"size": 8192,
"sha512": "22c271f75ffbc27bd49ac335275d95840429e4df4ace20f3bbf593e409567afa78d8867702136fcfac401efed687aac093daef230e285e256281ea20d24085ae",
"pids": [
2504
],
"md5": "7a39862784191180a4b3f1f238e0d601"
},
{
"yara": [],
"sha1": "400c04ba002d1ade3573fcde479f44ecba2c8b4b",
"name": "98ba51c2ae9342e8_fam06-05.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-05.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "98ba51c2ae9342e8ef03e44c8483d5403454a2091165c4e70dbdce65750c0a9a",
"urls": [],
"crc32": "1ACB87E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/98ba51c2ae9342e8_fam06-05.dds",
"ssdeep": null,
"size": 16512,
"sha512": "2323d8905ee7d8241bd6046b5b2c2ebd45d26a1e80b27a3a4d8f95b2f8c2d715bcd430555a728629a35a5e8f66f945cf37efc3f5119ea25b062cafabbcd38e61",
"pids": [
2504
],
"md5": "ffb84939337c46931f53b04f62871b68"
},
{
"yara": [],
"sha1": "9ef5ebb2c4443e72d7b1dda7ad64cf6d1d8c29fb",
"name": "99f343aec1940201_fam06-11.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-11.MSK",
"type": "data",
"sha256": "99f343aec1940201d6aeabb749796b0908a506dbea9306c656b851b7c46634f3",
"urls": [],
"crc32": "EDF39472",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/99f343aec1940201_fam06-11.msk",
"ssdeep": null,
"size": 32768,
"sha512": "82f850af464a6cd78560dd5488c7febf8ef8ad3ed261d5795cbea562858d51bd965bd7e27fde42b47261efa3d4045c884e256528a16ea0db13161457a3979f2e",
"pids": [
2504
],
"md5": "e21ae4a27fdc8ce9164e2648ec18f32e"
},
{
"yara": [],
"sha1": "c7c55a357b8ec793816bd00b6a7914b353511c60",
"name": "5a0ff7b65163c7db_fam06-62.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-62.MSK",
"type": "data",
"sha256": "5a0ff7b65163c7dbfdb4f4ea6df434da0d84b4f99bcc94c7d223a1ac7f88f33a",
"urls": [],
"crc32": "18177942",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5a0ff7b65163c7db_fam06-62.msk",
"ssdeep": null,
"size": 512,
"sha512": "374c7a70e79d780927d78235adacdbd1f27d66f2a5b85a04e7a4a695fb14d2e4c7eab3700b4f294487049fbff06e217b49bf6b15f6961063300b8cd65d114de1",
"pids": [
2504
],
"md5": "bc8ce7ec214bc96edbec701e6f2b3c1d"
},
{
"yara": [],
"sha1": "beac5a1e0b54b72b826f64f33fac879e687b3a5b",
"name": "911215d9faa47911_family-05.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-05.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "911215d9faa479111c0a4d1520c4d0e2afae3cb5acb519e132503569957ba458",
"urls": [],
"crc32": "B4AE30AB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/911215d9faa47911_family-05.dds",
"ssdeep": null,
"size": 32896,
"sha512": "a764fae376448c3b2556c5f21da5365d4c16c7cf41d671b16d2e64985a2594974b6922538bf25f18ffe274dac11c57bcaf78033db1581d2643725bdfd6790d03",
"pids": [
2504
],
"md5": "e0220ead19cbc02246445dba89caa687"
},
{
"yara": [],
"sha1": "4b591a4df4506bc3f76da15fc36805edcf9885f3",
"name": "7d33581f36bb9ad6_fam06-30.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-30.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "7d33581f36bb9ad6b787d86e351c47734f3c3ce31f5d8f992fa02e0e1044d647",
"urls": [],
"crc32": "169F3DCD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7d33581f36bb9ad6_fam06-30.dds",
"ssdeep": null,
"size": 16512,
"sha512": "c267659f29ac163060bf32ddb809f1d97f2bed51a802b52db54d006fb7557e39b7521c9572bb3e7b6f3016df670592c2d4b9777a99dfcca7a7925876a0b92c7c",
"pids": [
2504
],
"md5": "e4b9b4aff4934b774a35a848fd3a7f86"
},
{
"yara": [],
"sha1": "3b8349c73104478c33a1229415e63137e91bad43",
"name": "e85bbeeacf866229_fam06-16.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-16.MSK",
"type": "data",
"sha256": "e85bbeeacf866229d63f5ef7924afc3cd9158c2d7e4da416e0249fe5351f8036",
"urls": [],
"crc32": "4B9FD7EC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e85bbeeacf866229_fam06-16.msk",
"ssdeep": null,
"size": 8192,
"sha512": "7315309b68b0fdd42c8bde4871c06b6afecbc24c8656b93402953cc748cf7097db644e6c9462d4a76b2ffa322bd2bdf13b469296d1b1b2afb089d5031cd0cc22",
"pids": [
2504
],
"md5": "deb933381f8a07af874a12839cb88a77"
},
{
"yara": [],
"sha1": "ebda9c0e3ef8306d0542aac91d8eaea7f4345462",
"name": "84294aa0397fc49c_fam06-45.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-45.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 256, DXT3",
"sha256": "84294aa0397fc49c9bbef94d9b3a73b31892377f98b80f471067bb68cdd4a43d",
"urls": [],
"crc32": "B16FF536",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/84294aa0397fc49c_fam06-45.dds",
"ssdeep": null,
"size": 131200,
"sha512": "de1e94591090730a5abab2ef2dbdbe0f53b1d87d70ba4e335602c50afcfab4ff406394f9da6874ead9f4ca14f1e6afb0ca7923d098d6a62d8ab7dc8103778177",
"pids": [
2504
],
"md5": "68db2a3773a05d69070bc28421a7249c"
},
{
"yara": [],
"sha1": "f9b053e6d6e8ab416a746dbf0191caa0dc3d2e8c",
"name": "5726af3bddb3e8de_family-06.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-06.MSK",
"type": "data",
"sha256": "5726af3bddb3e8dede6875864f2fe4badee8b8df6802468e290b1f142fc57b50",
"urls": [],
"crc32": "0733041B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5726af3bddb3e8de_family-06.msk",
"ssdeep": null,
"size": 4096,
"sha512": "b3ec12becfc10c3b7145a78cd28d20febfde6ef6a93d55a9605ec2ca44c260a8189de5557577e17e1c3c2b99096ae463d605333fafeea6bde4849bcd8995544d",
"pids": [
2504
],
"md5": "5fa04612236956b7ad60bd74ec106cbe"
},
{
"yara": [],
"sha1": "91cde5b7d75e80fde8bca3e8774de2f97807eb94",
"name": "7eb7df19a3408dda_family-24.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-24.MSK",
"type": "data",
"sha256": "7eb7df19a3408ddaf78f429f1c279e5fadb000aea60ccaa0349f795df49f53f3",
"urls": [],
"crc32": "EEB02978",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7eb7df19a3408dda_family-24.msk",
"ssdeep": null,
"size": 8192,
"sha512": "5a8ab647dba44dfbcc2c945ad6a967c9d7320780776752e197905c152f4fc45226c563a5879083b70f7cf6ef4195498c7f902d96bc6ea12f90fa90b570a141a3",
"pids": [
2504
],
"md5": "66dc38de14782d6d17caebaa80372899"
},
{
"yara": [],
"sha1": "59816cffac507d772bb69964a6a6747c7e49343d",
"name": "1a319479ff2fd312_fam06-65.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-65.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 128, DXT3",
"sha256": "1a319479ff2fd31274575ed0eb2f9efd8af01bc52625e2c23f917ed453469f1d",
"urls": [],
"crc32": "B08753C3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1a319479ff2fd312_fam06-65.dds",
"ssdeep": null,
"size": 8320,
"sha512": "622fa644bf45f82d00242e0d250b32d0c0554fe944987948b56e223a65b0302bfc19924fb2df4245d99f5c4f7cc66cd00013f39247179bf302a4c34c1e81c94e",
"pids": [
2504
],
"md5": "6ff9dbf974c2c59d71ba36945fef832f"
},
{
"yara": [],
"sha1": "692de648433098357799e3ce46472d4737fe8cf0",
"name": "2dd9600cf4ac6c1d_family-31.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-31.MSK",
"type": "data",
"sha256": "2dd9600cf4ac6c1ddab30b89db45b834e993277060f484dbb113a8d5dadef61b",
"urls": [],
"crc32": "688FEC99",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/2dd9600cf4ac6c1d_family-31.msk",
"ssdeep": null,
"size": 4096,
"sha512": "06dbb85b0eb25e5d84b43d42bdf36e93cec8aef0fc5b5b524c54c5e364b248cd6ee4cacb10b58cfd8242fc51656bd5d5001521f3c9603192cba4bf7502ccc359",
"pids": [
2504
],
"md5": "48a9c57c687dc174addc390008e5c58c"
},
{
"yara": [],
"sha1": "98ca41e0af3d239cc37f6c074100ef5f7a8f1dfa",
"name": "619965605a3e03c3_fam06-72.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-72.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "619965605a3e03c3af1d4d8ec1d74e63df4c8925b535b9257c2147aeb28a595a",
"urls": [],
"crc32": "1CEC8E14",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/619965605a3e03c3_fam06-72.dds",
"ssdeep": null,
"size": 16512,
"sha512": "5d232566a8dc5ed1bad3497ef088b42bab3d1168c7f06a0800cac2762de9da7be21a85165e2beaf0097295f810523986d6666b08a42494658b2a461485df24d3",
"pids": [
2504
],
"md5": "5ae09ce10d4ef2f072f0dec9b569e1c5"
},
{
"yara": [],
"sha1": "e477abf9d011bed5ce08bc16b75aae7592db2bc9",
"name": "900db48735c0256a_family-19.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-19.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "900db48735c0256a089991f79f1b23936ca69acb00bf5135ecd30c5daaa69308",
"urls": [],
"crc32": "C8D5380D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/900db48735c0256a_family-19.dds",
"ssdeep": null,
"size": 262272,
"sha512": "ddfcbeb6e3cc61c0eeb7323582928a7794d5db6ab629235e6b7d045131666fa90318090117164202f961dc2c3ff830107dd8c52d0334ee810c12a13b78743617",
"pids": [
2504
],
"md5": "bb36c2248a019fd042966cbb398df134"
},
{
"yara": [],
"sha1": "32a6a4c9a2789fbffffb5a43d06f86a6b0ce8a33",
"name": "4747f6736eeace1b_nh04-05.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-05.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "4747f6736eeace1b1fee8a8978ab4bad2066eedafcf90c0a78ba1d944875c926",
"urls": [],
"crc32": "12760DAA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4747f6736eeace1b_nh04-05.dds",
"ssdeep": null,
"size": 262272,
"sha512": "c84931e04085dc6db1b8e6836b720ce9f04bab4d156f97e254eaab126f594c4e7cd2b77fe7849671d463e1435173ff4bb6b5c204c7ecc50a8e68e3277a14e83d",
"pids": [
2504
],
"md5": "ca1d238a9a8df6f753e838447970fa3f"
},
{
"yara": [],
"sha1": "cd3385eeaa873aa6e48a14cf5748fc6233dac812",
"name": "5288c12ab0c7642e_family-17.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-17.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "5288c12ab0c7642e695f2c1ca279f0089c58877e0cb40afff1fc946f3463c207",
"urls": [],
"crc32": "C6F7C68D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5288c12ab0c7642e_family-17.dds",
"ssdeep": null,
"size": 262272,
"sha512": "37886a3289b73c5ed1c5efeaf12bd146545c448f4b7ade5d1c85e08ab2fffee15fc52b77fe7f3e4f0e1d7f8f5a9dc7024ef3b043cab1b8ba0f594af65c35bcdd",
"pids": [
2504
],
"md5": "027fc8cadb5aa403957c9566a703300f"
},
{
"yara": [],
"sha1": "726968b3a08960aee28724e348bbe4d50a7d1cf8",
"name": "4af676b4268c6fa7_fam06-03.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-03.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "4af676b4268c6fa798e02351d7234e78efb35d7e2bc72841b3f0c6b587e12b42",
"urls": [],
"crc32": "48FFA1E4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4af676b4268c6fa7_fam06-03.dds",
"ssdeep": null,
"size": 262272,
"sha512": "00cf8b09786d96b3076eade87eabb323aa4950a3365695d650e50d9cf1b24bd0339efc5849378d4a80023d778be05b173f5f7f9488eb706dc095faf55ac92c92",
"pids": [
2504
],
"md5": "998fd270aeeb210979b4491782f00429"
},
{
"yara": [],
"sha1": "52e1e70e0570df1744ac2459190e073c271914fa",
"name": "06fd17396dc4e9aa_fam06-37.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-37.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "06fd17396dc4e9aa7ec88a0c9c1aa6a4431c86c61c0d11ca5b43403483d24c26",
"urls": [],
"crc32": "4F15160C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/06fd17396dc4e9aa_fam06-37.dds",
"ssdeep": null,
"size": 65664,
"sha512": "b795121c459177a8fe2b7279fb9be107241c0dec7dd5ae4dbf8fc85250f928fb145622983d6d833fb86dc15cb10fb5eaed6a4c7c1543a59c9106c0df776a39d1",
"pids": [
2504
],
"md5": "e0d80b0bc5ecc5433a01483392ef17cb"
},
{
"yara": [],
"sha1": "8350203a3c4829ca68136067cb33b8886caa16e5",
"name": "f8a7da766075f9f8_fam06-57.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-57.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "f8a7da766075f9f8edc1e40cefa1488a9dd9e32515412424bfd06cdcad2c432b",
"urls": [],
"crc32": "8F701508",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/f8a7da766075f9f8_fam06-57.dds",
"ssdeep": null,
"size": 16512,
"sha512": "2ea016c5d6a514888f48f2d5160a805767e07512b8187b253696d63dc3330ca423d4927716c9c2605368bf11e9f5e497d8cbd43ea12925caaab04bcb81c8b13c",
"pids": [
2504
],
"md5": "69e12f7f35efd9812c6ce316fa7dfc6f"
},
{
"yara": [],
"sha1": "fa902f5406fa182964761e159f06c82ef84824bc",
"name": "f06eb1913a0758eb_fam06-21.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-21.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "f06eb1913a0758ebf87b76f95bf2589699d04b454fc81812412d83be4e6fbc2d",
"urls": [],
"crc32": "35E4E1FF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/f06eb1913a0758eb_fam06-21.dds",
"ssdeep": null,
"size": 65664,
"sha512": "757400fcdb023b7901b2a6784b2bee99a698d1a4d2dfdf8f87139d9a49611871d257bcf3d6b768bc42eb02a4265068af6c438b8612ccb493217b55a20ef1462b",
"pids": [
2504
],
"md5": "68b51f85c0c609e22e642439ced7cce8"
},
{
"yara": [],
"sha1": "8a7b6aa0b69466293e721925a8c9de128bd07d60",
"name": "7685351e01b4505d_fam06-15.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-15.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "7685351e01b4505d8eb0bdc1479bbb117968e055cbdb6addc8ef54f2cf066072",
"urls": [],
"crc32": "196F9398",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7685351e01b4505d_fam06-15.dds",
"ssdeep": null,
"size": 32896,
"sha512": "282c7f6560e71d81c46e0eb5bcf6069ef44717c3e1388fc788b174b7a1b9b4b53766ebfac2db5290dd9dbc655550b20777692322686d55cd986bb0dcf390e2aa",
"pids": [
2504
],
"md5": "caadfa93e93bc8d203661b6fa970c048"
},
{
"yara": [],
"sha1": "5829a4d37a5e4dd135a875e8c2fbdee7ac4cd3c5",
"name": "5aa7180861747743_fam06-35.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-35.MSK",
"type": "Claris clip art",
"sha256": "5aa7180861747743765ec4ac2c7a48ffc3f90cb2df4e18873c1c4678eda7a4d9",
"urls": [],
"crc32": "4DCCBFDD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5aa7180861747743_fam06-35.msk",
"ssdeep": null,
"size": 2048,
"sha512": "eb2125aa3bfb7108a8da0cdf8b0a00b1402e4b963cae576f360ee5caadeb6a05b3448c45be5cc497ee936c5c26ce0f4a772dab730b467348d841806d939df540",
"pids": [
2504
],
"md5": "81d87c016f9d7892de0eeb23555289d8"
},
{
"yara": [],
"sha1": "f4fa01dac41445656078cbf70097405dd5df194f",
"name": "184d4c969ac71317_family-13.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-13.MSK",
"type": "data",
"sha256": "184d4c969ac713170bdf6f439f25ee1bb397bcfe8dbd6e225cb692dfc793d78c",
"urls": [],
"crc32": "2F326D09",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/184d4c969ac71317_family-13.msk",
"ssdeep": null,
"size": 8192,
"sha512": "ca1be5f2435b9e2db2a78c13f4a8624de59cecbef0219341a7396f6f3ba7c04fd3f11b7e6b93157e2a949f3eff21f80499d70137a5164f208d7c6232e0ee1ac9",
"pids": [
2504
],
"md5": "52969f27f54f97062e832c2d5042f417"
},
{
"yara": [],
"sha1": "5ef7d8ca7323d58ace6e8125f24980b3b76a1da2",
"name": "a27585adc95d3bad_fam06-68.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-68.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "a27585adc95d3bad68975e6b7a6a175f07888d79a384d9ade839e911c32ccb94",
"urls": [],
"crc32": "BD6E1208",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a27585adc95d3bad_fam06-68.dds",
"ssdeep": null,
"size": 16512,
"sha512": "a54d06d8c2ef68c967964b39a24d6599a4c8a599368c38eea1f0613844eb955bb3e7771e6ab59298ca481197c7aaf312409a191f080d9bda26958ff4d74f6fbf",
"pids": [
2504
],
"md5": "c68d378e5ca10d4219a1696d4d55e80f"
},
{
"yara": [],
"sha1": "b6b787ab14492bc4c6142b1a32f94f1426b77f2f",
"name": "7b49e5f693667111_family-38.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-38.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "7b49e5f693667111105f27f026bd4ee90bcd0d20ab738e8cbfb3f16934b76f88",
"urls": [],
"crc32": "7CD2B872",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7b49e5f693667111_family-38.dds",
"ssdeep": null,
"size": 32896,
"sha512": "6728467e2c309bba138948165a0dedb4f60e63aab0d4a698a0e89a1def745fa8f81e8a3d262b6eab62d471a1a9bef5c497310cb6e43285eaa0206f4b0df99512",
"pids": [
2504
],
"md5": "b0cd4b9a2b499cebbe0bd5c2706ce9f7"
},
{
"yara": [],
"sha1": "91d575de65239668be470ae1d4ccf2cfc64e16a5",
"name": "fff8cf8d4ef72abc_family-07.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-07.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 256, DXT3",
"sha256": "fff8cf8d4ef72abc5db65ac14ddde7c0e2632c5af673e6dcf483ca0337984237",
"urls": [],
"crc32": "1923DF36",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/fff8cf8d4ef72abc_family-07.dds",
"ssdeep": null,
"size": 131200,
"sha512": "24d655850b24822a35aebe35bc6bcaa1b6b7acebf04c63714c33eba43fc254360a2de8a318b39170b6b6141d66e83483cc48b4f4eeacc5cc187e9280a39e5f0a",
"pids": [
2504
],
"md5": "4e47978e9b0681a66fc322c7e3369745"
},
{
"yara": [],
"sha1": "85145781c90f863c4d2726a1e5b7dddad97d74ef",
"name": "b5a0222b2b87d04e_fam06-45.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-45.MSK",
"type": "data",
"sha256": "b5a0222b2b87d04e3d4f6604332a74fa743dd36f776d68ec18bccb0933d1afad",
"urls": [],
"crc32": "51D8E80C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b5a0222b2b87d04e_fam06-45.msk",
"ssdeep": null,
"size": 16384,
"sha512": "c50ecc67d88514f4943e58c68f6597538aca5f3a0256bacf20554393ca6ce9047ad9dd9d5d2027557932eeb3203da59cf1262538b79f99b90b075223c7e90123",
"pids": [
2504
],
"md5": "8501ae7bf932ab63f4aa629a2ca5bc4f"
},
{
"yara": [],
"sha1": "7370d36db72a998f912e3fdbb67517506725e284",
"name": "324cc0fa7468df6b_fam06-18.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-18.MSK",
"type": "data",
"sha256": "324cc0fa7468df6b8de35bdb2882a93dcc1ff0837147350b2c81b2e887a18e3e",
"urls": [],
"crc32": "E6843013",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/324cc0fa7468df6b_fam06-18.msk",
"ssdeep": null,
"size": 16384,
"sha512": "769d254c0d53cb6a2fef38ef1757f17b18377626c9400c99dce43e4c0e0b2256cbf890c0d7aabe1ef0fbba8395d153ab990112259d3255edf019aa3c9438fc80",
"pids": [
2504
],
"md5": "63eb6e5aee7e6438834f6afef489c810"
},
{
"yara": [],
"sha1": "90159884e82a74b453be26867bf228dfcb5cad69",
"name": "fe4b8b4e841ddf4e_fam06-54.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-54.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 64, DXT3",
"sha256": "fe4b8b4e841ddf4eff97ff73590a9341e62e352dc2e80cad30553bcea4ac3aad",
"urls": [],
"crc32": "FC612C5B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/fe4b8b4e841ddf4e_fam06-54.dds",
"ssdeep": null,
"size": 4224,
"sha512": "5cccfd7f536857c05bdabc91f585b340f812587a770d033113a1fe411ba075e694c14b7b59106b0d41574fd32396b8b2f856168e13a8d0ad3fb1bf04ae04d6d6",
"pids": [
2504
],
"md5": "e340156da2494672087ccb53d19e007b"
},
{
"yara": [],
"sha1": "b5ee257e88ddbf7c847f1fe8cfcce811e4c1dd76",
"name": "52ab68ce8b7d2f24_nh04-01.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-01.MSK",
"type": "data",
"sha256": "52ab68ce8b7d2f243f9919a05e7f6907a006ccf85f74f597f580775000693ac3",
"urls": [],
"crc32": "B4920BEA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/52ab68ce8b7d2f24_nh04-01.msk",
"ssdeep": null,
"size": 32768,
"sha512": "2aab7b3749df820d8e507a5a14ee0ce683b032ae284864679e97c17401ee5c8fab63257324b03be4dc61a13855f0d05d25156131857518906e56bf2e9abefab4",
"pids": [
2504
],
"md5": "2541f8ab3fedeb10cb9a5c9ab2c4f514"
},
{
"yara": [],
"sha1": "64df033d2062d5b05f7c2e3c61a54df1b7ff3f3a",
"name": "e73d7999291616da_fam06-73.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-73.MSK",
"type": "data",
"sha256": "e73d7999291616da4972149a2a4ecc54bf6efb7874bc163ca3b5ed91ec17eeac",
"urls": [],
"crc32": "BBE3C18A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e73d7999291616da_fam06-73.msk",
"ssdeep": null,
"size": 512,
"sha512": "716ab598e092f6bb323006e67a762e4648641fd3e9b66989b6f900a1e313d388bfbee3c032c487b62df859b706a3266d9eec0683aa607c96857046cbe7658cce",
"pids": [
2504
],
"md5": "d7ee8d9fd35f79a1757f06aa8a922508"
},
{
"yara": [],
"sha1": "919fbbbd819f9cdcca84807798d0ebdaf516bb24",
"name": "b5c33481d8a0d127_fam06-27.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-27.MSK",
"type": "data",
"sha256": "b5c33481d8a0d1279afbfc9e09a21af384b6eb8f9652f99a7fc4041d088634c0",
"urls": [],
"crc32": "B342E9C8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b5c33481d8a0d127_fam06-27.msk",
"ssdeep": null,
"size": 8192,
"sha512": "4659f372c05c92aad8958133dc7a5b46c3ded90713861f4689c4cd025d450cc550c03c8c5e1ccca5ed45954110bfc736f3f374b0c01325252a49659ba685d0b0",
"pids": [
2504
],
"md5": "41a9572c97b1b1e5a6ae64b67cfbdbfc"
},
{
"yara": [],
"sha1": "7e8b73bbf12690cb08f6b6c46d2cd0bc0db7ea35",
"name": "c34c31ddeaf8d557_family-04.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-04.MSK",
"type": "data",
"sha256": "c34c31ddeaf8d55748bb5f68ad9cd40dfa49d24feb4850ad3f76c66a789620ff",
"urls": [],
"crc32": "75EF9A8C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c34c31ddeaf8d557_family-04.msk",
"ssdeep": null,
"size": 32768,
"sha512": "36a0f3e550ad4f481727f1e5d745079e9adfb9d524678120e7a3454f2a71757069a10e97643eac427355546b4255fc7034a426131147a423f3e1c152e0c6cbf1",
"pids": [
2504
],
"md5": "4e8fca15d5e198e93f0d0c68b86f68f4"
},
{
"yara": [],
"sha1": "60030842eb1c37589718979d386f0a8aeef0f7a3",
"name": "b53d643a18a67f93_fam06-52.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-52.MSK",
"type": "data",
"sha256": "b53d643a18a67f93aa9bb559ba097b47e92b6e09104779eec69662469ac02f2e",
"urls": [],
"crc32": "F426E72A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b53d643a18a67f93_fam06-52.msk",
"ssdeep": null,
"size": 8192,
"sha512": "93e1c5b539a448fa6e9855fa3633187366955af022b1b2612529cd269b977b96a2c4c0e8250192db6f1458fc63207883284f327c28d3ee705b9c6cc7cb17d32e",
"pids": [
2504
],
"md5": "1d106b9cf4152f70c6af8d24eb09e0ed"
},
{
"yara": [],
"sha1": "7e7a367ec6c93e537c81cdb35b4cde8b920844f4",
"name": "2c4079d13048427e_family-36.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-36.MSK",
"type": "data",
"sha256": "2c4079d13048427e65eafe57c6383590df2569f4f2e5c81a64585f051d12f448",
"urls": [],
"crc32": "3A4B5D4F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/2c4079d13048427e_family-36.msk",
"ssdeep": null,
"size": 2048,
"sha512": "df8b151c4e594ed7f9d468467abd4b776079af4abd3a253a86b09f7dfc18ff6433c85b1bacb6e7f74a99cfc28848b7f33534fdb11203f93013ba1953d6463b2f",
"pids": [
2504
],
"md5": "f9bc526da2f56f03057849b5d3c2ece6"
},
{
"yara": [],
"sha1": "d4f393bdf774cd616cc2fb3a622d15a45f1447a3",
"name": "e065d6a1768addda_fam06-24.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-24.MSK",
"type": "data",
"sha256": "e065d6a1768addda0847facdc43e53823bf63a30082bb9f8335afd3d364e574a",
"urls": [],
"crc32": "5D4A4FFB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e065d6a1768addda_fam06-24.msk",
"ssdeep": null,
"size": 2048,
"sha512": "e45d7dbb4f0febeb191150bd8cea4ec9fa60723a4f00f4e792804aa93e45076183d44feca90732cd9c4b9a0604084f3b9045cae21abda91f8867534e29c87956",
"pids": [
2504
],
"md5": "a823e87ba9de1eca66dc794778bcb0c0"
},
{
"yara": [],
"sha1": "ba72f604861ab22b2270af53047fbdf1bfd3c6d7",
"name": "b696fb7453017952_fam06-50.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-50.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "b696fb7453017952dea2258e3acda1cb15e1a64691eb5ec70de863f7da132f58",
"urls": [],
"crc32": "B2A98328",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b696fb7453017952_fam06-50.dds",
"ssdeep": null,
"size": 65664,
"sha512": "7cbda5067fae60596c98f95e4d7f0ab96287d33029b24864ed2699aa0b0d7a6148e8d8a0ea6a7788708bffb666f899a40fa320fb51fddaf0430ea884c70e969e",
"pids": [
2504
],
"md5": "8fc438885d9c663ccab5a329005682de"
},
{
"yara": [],
"sha1": "3e1132f26bac8055c21d9099093d69df0d4823d0",
"name": "e6544a60ce5dbd68_fam06-42.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-42.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "e6544a60ce5dbd682ca87cf7e231c3bff5aab3318a1598a0a7ae3b3c0fa8ec0f",
"urls": [],
"crc32": "740C82EE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e6544a60ce5dbd68_fam06-42.dds",
"ssdeep": null,
"size": 65664,
"sha512": "179936b32fcab1eb62216ce3e28c9ffb904236cb2fb5336bdd2bab5287369d2476d28343117d5053989f9ccc42b2199fdef24a0daf55901caddc6b3f3a3bf64b",
"pids": [
2504
],
"md5": "e37b5d5eca77955195065562dc4b5451"
},
{
"yara": [],
"sha1": "24e0b9cbe988cc3cd1fa324a9029029a2d87b2b3",
"name": "35a298eee24c1cca_nh03-02.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-02.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "35a298eee24c1cca581b56f41cc09a691bc234cc0680bb2b5d9848a642ef710f",
"urls": [],
"crc32": "03231F51",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/35a298eee24c1cca_nh03-02.dds",
"ssdeep": null,
"size": 262272,
"sha512": "acfdddef0214c1da083c0666511e866979fd8a4b8b3a2116a2565ab31ed7de72258c60b796a4a3d1e86a5fe4ab28167e7535a581cb74fc2c9429d1d64f26455c",
"pids": [
2504
],
"md5": "c9fe670683fae96d8351883fd465c5ff"
},
{
"yara": [],
"sha1": "6cc6ab1b1b70637e5374987c8e1c890a9c675dea",
"name": "f52e97688412051c_family-30.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-30.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "f52e97688412051c293c492bc4b26ca599e1d78f0d9da4b7830ddb79afb0bc83",
"urls": [],
"crc32": "BB225E74",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/f52e97688412051c_family-30.dds",
"ssdeep": null,
"size": 32896,
"sha512": "1a727c8deb1da55429836f9d8d52e467c490a980120e0a5ae4e11631b575ec290b5e382a12f85eb4a0c669cafa25a4c3ee93df03f22df728c6e87ed964031382",
"pids": [
2504
],
"md5": "ec47fef74dc55f713517acdd79dd891b"
},
{
"yara": [],
"sha1": "d823a2a673aeaad5e737c71c8fe083ac9d8af649",
"name": "83a32e42a167e44d_family-13.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-13.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "83a32e42a167e44d1c7f70b1ecdf2bdfbde6e8e9c8e38020dfcb0b6651acd0d4",
"urls": [],
"crc32": "712CB18C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/83a32e42a167e44d_family-13.dds",
"ssdeep": null,
"size": 65664,
"sha512": "a6a523725bb728663c25d50b63e78d524dc027561866a03552cda3dede8f74157d136e7676a4ebb461639c9c97e64a204d5d114b93a97b98501c3aa825c1b7ed",
"pids": [
2504
],
"md5": "419ba035e45d56f28fab0910877bb60f"
},
{
"yara": [],
"sha1": "52261d33ba56ee3f935177171ac2097e6c26ee14",
"name": "ce5f0ee5e17b9dc1_family-12.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-12.MSK",
"type": "data",
"sha256": "ce5f0ee5e17b9dc145e6d5516f89c4f1f9b1886711d038c58a8cb5d836e6a7ce",
"urls": [],
"crc32": "9663F957",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/ce5f0ee5e17b9dc1_family-12.msk",
"ssdeep": null,
"size": 8192,
"sha512": "e9eb52b72bf45fd8bef686327d9103f9cb2042054b66a6bbc76e4f82bb293d89c82d74cff689ed8a0844e9144c6e6f5f4369461049efb0eff004905710acec7d",
"pids": [
2504
],
"md5": "b7bbfdc7eb182d03a182bbabc3a615c2"
},
{
"yara": [],
"sha1": "7b9b723e4f92847adee782ccd6e038e1a27959db",
"name": "f53fec26731afa4c_nh04-02.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-02.MSK",
"type": "data",
"sha256": "f53fec26731afa4c775e534e9c022e8d43d4b89e858596ec0c9ed8952cedf43d",
"urls": [],
"crc32": "18733641",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/f53fec26731afa4c_nh04-02.msk",
"ssdeep": null,
"size": 32768,
"sha512": "ae2dc16f10c98ed37ef0fbbf21faa1814949c07ae71e56ea694ef9a91532c677e5b8124e1c3da6e712dcd493305b24b84ba55126addf26836b78bbcaf2b19f40",
"pids": [
2504
],
"md5": "f1c2e632d49b471900fd4a0bee59ba5d"
},
{
"yara": [],
"sha1": "cc106621f3b36a0776e5888983635da8669f27b9",
"name": "1012713e9e1629c9_fam06-68.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-68.MSK",
"type": "data",
"sha256": "1012713e9e1629c9af8207979c7156cb4522c3acdc7375779c13b011637d111d",
"urls": [],
"crc32": "7451AA6B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1012713e9e1629c9_fam06-68.msk",
"ssdeep": null,
"size": 2048,
"sha512": "878bf7280553b610ca19e1797388edd7a181a1d3aa9f5fcaeabdcb0dd23d2557e6eef08556e0b6902448d2f29dfa3cdd1814d795d689d9b4593eecf09fe418ad",
"pids": [
2504
],
"md5": "761e20902e5c938a720a6746a9506f93"
},
{
"yara": [],
"sha1": "ac82a5856d4a51aee9d55f9e5bdb10e86a3ac3ad",
"name": "4d6589c0514a0262_family-35.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-35.MSK",
"type": "data",
"sha256": "4d6589c0514a02628c5d6c48096374bff995c68bc80c99f67da449779943fbec",
"urls": [],
"crc32": "D269F05D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4d6589c0514a0262_family-35.msk",
"ssdeep": null,
"size": 2048,
"sha512": "d954ff109f467f9e339e0d60c8a0621c22dfa621cf0926a9a105b19fd8c2ee9f32761f262f9940ef030c253fd0efbd2c5078764b352ee370ce8dee79122f4af7",
"pids": [
2504
],
"md5": "f2f2bd0b2a5df89dd98540f640c415ca"
},
{
"yara": [],
"sha1": "287a694c3152c1dcca4c02f4056d1acebc77b1be",
"name": "aba7eb043ffb70b9_fam06-19.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-19.MSK",
"type": "data",
"sha256": "aba7eb043ffb70b92af62bc75680092605db38e6be8d0f43c8dc928bd983d9b8",
"urls": [],
"crc32": "056C2B4F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/aba7eb043ffb70b9_fam06-19.msk",
"ssdeep": null,
"size": 16384,
"sha512": "9a8bb46496d88532f03595c64d6492164090557ddc478438fbc9a220a16a90f16bcc8b7f589263315041305109c973b8d97d4919fa8c33a5213bec105e94c1d0",
"pids": [
2504
],
"md5": "5feae8f7bb52d48135eb12c380aff091"
},
{
"yara": [],
"sha1": "595a4185463cd4e62283dbe976a4333e2a081967",
"name": "35143d2dc945be19_fam06-58.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-58.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "35143d2dc945be199d6f8ce50b6af9829014f2b3333f63e10f6fd0e8eef4258f",
"urls": [],
"crc32": "431B5B40",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/35143d2dc945be19_fam06-58.dds",
"ssdeep": null,
"size": 16512,
"sha512": "262fa4b9d2d46271e6efff897403a55028646f3fde8cc04d6224ee6e23c8c3a18733ab2aa5d121ccb185036b3ec40d8fbb105401af0dafcc35bcab8a0fe368f3",
"pids": [
2504
],
"md5": "1a7af6bc062a343b5034f3ebd6559da1"
},
{
"yara": [],
"sha1": "5f59ad1344678ee948ad7a7d967d64bce41d7812",
"name": "0d2328ed18f6b5f8_family-14.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-14.MSK",
"type": "data",
"sha256": "0d2328ed18f6b5f8affc16111c1a9df42781af63cf1e131b1912c7e5b5ac983b",
"urls": [],
"crc32": "EC343070",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/0d2328ed18f6b5f8_family-14.msk",
"ssdeep": null,
"size": 32768,
"sha512": "2706c1a631c71d0285c0b92cc73ce3a4d346606c921b868b2e706ed2eddf216275708df923c0dceb9b3997d771a68be9b365268df0d6437e90d8a9839cd44566",
"pids": [
2504
],
"md5": "2da767769b28cbf60974c931ac1210a3"
},
{
"yara": [],
"sha1": "e9978bd2a3a88414294759c329bbcf7723f40eac",
"name": "dc29760c47e67630_family-29.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-29.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "dc29760c47e67630b329622788b5da8072196aee76c6affa4c46eb2c60d66ad7",
"urls": [],
"crc32": "A4FEBD82",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/dc29760c47e67630_family-29.dds",
"ssdeep": null,
"size": 262272,
"sha512": "54144a1672001e0374e27933d2ce38a4211902ad5bde83114b71d84d64e9bfbe68500862fdd25ac0b50702f17ffa4deb419e1e788db19d5a7c7a01ff64d2c76c",
"pids": [
2504
],
"md5": "7d4073bb45913bc614872088359a449b"
},
{
"yara": [],
"sha1": "b5db1340ca69081822c93034188f2e295b2a3a4a",
"name": "59dfe5b5ea465b94_fam06-76.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-76.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "59dfe5b5ea465b94f6f9747696bdc5e47df1e13547be14e52b5a951b4c4d31ec",
"urls": [],
"crc32": "E007FBA9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/59dfe5b5ea465b94_fam06-76.dds",
"ssdeep": null,
"size": 16512,
"sha512": "719094b3966761f67e5a8eaf457aa07a9d86fa7eb91203a63d6eb1e94d5835c38bfd0be230221a92e3f8c75a74c0e13974ef376879fd4d7561748bb85ca3d96c",
"pids": [
2504
],
"md5": "113677286e2b87ecc557e67c54b7e7fa"
},
{
"yara": [],
"sha1": "fdcd6737d980f3cd919c3c2291cdd2bbae8b4f47",
"name": "da1ec17e58e1b139_nh03-02.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-02.MSK",
"type": "data",
"sha256": "da1ec17e58e1b13968963777d2b3a8b2df40465320cd98287345074f1150e27f",
"urls": [],
"crc32": "1E5A8CAF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/da1ec17e58e1b139_nh03-02.msk",
"ssdeep": null,
"size": 32768,
"sha512": "c2411b29e3667ce7a7fd2f88a1d6bba03aac8cdbdace57a8307f23626dc503a0b6d69e6e48ceea2ee5a0b1dea6cbd1eef34dbd596979cda974da75b49a103b5d",
"pids": [
2504
],
"md5": "1610b6e18467ef9ebbf9ae1206ad0d74"
},
{
"yara": [],
"sha1": "216773c2ab3477648a7d84901001ecdbfc2a1008",
"name": "b6d4e68b93949925_fam06-27.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-27.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "b6d4e68b93949925b57c0f2ad0ae08ef1a96e3c4fb33f38c270785f4e29bbd94",
"urls": [],
"crc32": "33D34996",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b6d4e68b93949925_fam06-27.dds",
"ssdeep": null,
"size": 65664,
"sha512": "3d5febe33e95840028e4ec8d970c0542541387e4afdec6922a6995e44216ecf410906bfd70dc0885aee91a6d7780770fa27de0f61317a31e3934dc65c2fa643e",
"pids": [
2504
],
"md5": "d4f613ce6df22d47d3f0a4d0a3e64d5b"
},
{
"yara": [],
"sha1": "7a9097357f62b85650f42952590040a34951488c",
"name": "2b89660239173ed0_fam06-02.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-02.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "2b89660239173ed053614a44309d8e7b12c4f6d72d54b1512fe25186ebb44fb0",
"urls": [],
"crc32": "9CD3FABC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/2b89660239173ed0_fam06-02.dds",
"ssdeep": null,
"size": 262272,
"sha512": "1f12177329e5876128c70b7a76c890884f474ce5562210f0b602335d0b6b09c67ede14d82633a8f45ec5da92a9bbd103188bfa215d9024285efdbcc23840048d",
"pids": [
2504
],
"md5": "4fc1b72a7851e0ef24fd2a901068ae59"
},
{
"yara": [],
"sha1": "079871b90c79a5816b87b81ae7c5f09163d85e54",
"name": "a2b8287c0d6ad7d4_fam06-14.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-14.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "a2b8287c0d6ad7d4a25f72e90cf6b8aeba58d8fa8cde332025a1fc732327c327",
"urls": [],
"crc32": "01EFC32C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a2b8287c0d6ad7d4_fam06-14.dds",
"ssdeep": null,
"size": 32896,
"sha512": "07868a138d3c702f24617b2cd0cf0bf24ed481303357f9b22aa4d7ac1c6da2139f2f17c0b5f7a6f3b0593734ff671d02ee227141701d6c40680a989bbddb51d4",
"pids": [
2504
],
"md5": "bbaccc6aad2a54a20110283f9854d966"
},
{
"yara": [],
"sha1": "16a5a85ab675faa7dc180ca3feb60cd4c9005969",
"name": "b8b113a68d82f7d1_fam06-51.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-51.MSK",
"type": "data",
"sha256": "b8b113a68d82f7d1180fed13f92350adf12509f86f88b9b559e8d5c1bb82b5b1",
"urls": [],
"crc32": "FB9AB5E8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b8b113a68d82f7d1_fam06-51.msk",
"ssdeep": null,
"size": 8192,
"sha512": "9936f2427eea74e5ecac2938fb8116360418a22263bb2fdf41696dc47a17c2f13104d9dca60a525d5d973fe0ed794d3365bc4f2555b6f7c72f13bc0148d024d1",
"pids": [
2504
],
"md5": "539bc3a6b208df33ce610ede53766190"
},
{
"yara": [],
"sha1": "93aa7e4d6c463b6656df3ec072eb7d688343f0fc",
"name": "e0e7ad0d2e6b5a18_fam06-20.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-20.MSK",
"type": "data",
"sha256": "e0e7ad0d2e6b5a1832f8c0fc13c845fe90f3d5c6ec2fb652143551b65b193d24",
"urls": [],
"crc32": "4CEA42F7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e0e7ad0d2e6b5a18_fam06-20.msk",
"ssdeep": null,
"size": 8192,
"sha512": "fda4ba233a2b0224ed6d551fbb058b60247bc56ef27bc14e7b43a2a424b03f5ef576ca3f1624582ff8dea6a66d22127308874dfad68204c76b177faf07bafefe",
"pids": [
2504
],
"md5": "ba87968ad6782c599af03d3f4d13c6ce"
},
{
"yara": [],
"sha1": "9efc5a09563610fb791b557d15231f33635c0592",
"name": "a78f20b64ca4b0ce_fam06-67.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-67.dds",
"type": "Microsoft DirectDraw Surface (DDS), 64 x 64, DXT3",
"sha256": "a78f20b64ca4b0ce5b8a66fec30be5bb4d12de0f1f3749a314931d23c6dc0b45",
"urls": [],
"crc32": "83E56D05",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a78f20b64ca4b0ce_fam06-67.dds",
"ssdeep": null,
"size": 4224,
"sha512": "d51a022c34451bbe441feba72cd3c86d0a6fc13d58410762bc2d60448126b82898a91152f70d7416eb3f462b6e3e1dec2376ba7007e4a5b493dd99907b0d2e8b",
"pids": [
2504
],
"md5": "8e0eb4cbbbabe22954afd1aea9317e6d"
},
{
"yara": [],
"sha1": "6bc5d68e0ba000e646051011d0cdd1261973814d",
"name": "e6ecdeb76e483d63_fam06-07.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-07.MSK",
"type": "data",
"sha256": "e6ecdeb76e483d637d1cad240512ec6faa8203b1495e8ebbafcf6af925403540",
"urls": [],
"crc32": "35393BC6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e6ecdeb76e483d63_fam06-07.msk",
"ssdeep": null,
"size": 4096,
"sha512": "24bf1abf1171351b6648a228a71cec19d9754651a29aa486a6686309578e7660bec2e4105f3d7f1468b24d8a78e07247178144dae0a9333931c8e477f8df7b2b",
"pids": [
2504
],
"md5": "e84358c89d2ab6257546a261a731b027"
},
{
"yara": [],
"sha1": "3c0fce1008277c22dbde0c0cc39796d727b61c05",
"name": "5c21e6ae8a99f252_fam06-23.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-23.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "5c21e6ae8a99f25243be6324471fe606d7a9f9849e5ba0707cc177c0a80509df",
"urls": [],
"crc32": "FE197A27",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5c21e6ae8a99f252_fam06-23.dds",
"ssdeep": null,
"size": 262272,
"sha512": "6911d963e918f4b34342d9666ba82910f160f7d931a12f137f9bc3c8fec309b33731baae69e84e3ecba47edd76dbe1e3965112bb5285e9ecb205cf9b9aa6207f",
"pids": [
2504
],
"md5": "c4801b85fbaa1de1886556c9d0a0b227"
},
{
"yara": [],
"sha1": "939b98d1bbb70a489dd3ba7e89810403cc99f2ef",
"name": "7a6f7ee1808caa9d_fam06-70.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-70.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 64, DXT3",
"sha256": "7a6f7ee1808caa9da10cf00f2f6eab69cf5590b08d561f59d4e3ef4bcee728a8",
"urls": [],
"crc32": "0E8681C3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/7a6f7ee1808caa9d_fam06-70.dds",
"ssdeep": null,
"size": 8320,
"sha512": "e8fa3b1ec188f0bcf230e4c4e43803dd5a250da5598860a365b49f10f7e9ccd67897db6f1678fc175eb7ac8a90a27617fa8a382e992601231fc93a0176dab6ec",
"pids": [
2504
],
"md5": "9b4f18384f16fad7fb0d8c5d786f2e9a"
},
{
"yara": [],
"sha1": "5faf0b90bcdd34e62f9a55773fe6f19925d96744",
"name": "17fc1991506afd5a_family-21.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-21.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "17fc1991506afd5add6a8a2344b3e65ddd5623e501f23a4d757dc147adbf6e2a",
"urls": [],
"crc32": "87A99F9C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/17fc1991506afd5a_family-21.dds",
"ssdeep": null,
"size": 65664,
"sha512": "5d5d5fb399ca21de25bf0846be71ae1b6c66cbe117732c23a61c6737d066bc5ed19b5ac44ba8dc54d79349992fe1cb8dbde153e0c06f985946c903cbe9390bc2",
"pids": [
2504
],
"md5": "10ee00163deb3af68bf11061bb19a964"
},
{
"yara": [],
"sha1": "cdc8a4986310ab86a24b23e06133f1cd8a21e93f",
"name": "55386036a5edd8f7_nh04-06.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-06.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "55386036a5edd8f770be1c728b547e9979ecba5d18760857bfc61ee114a0b55a",
"urls": [],
"crc32": "8F46CD22",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/55386036a5edd8f7_nh04-06.dds",
"ssdeep": null,
"size": 262272,
"sha512": "774c190f1ccb2059c676f56945991d892f81c840527505b9b6bcfec4291bcfd548977897f45dbd5aa8c22a93069ce3fa8578d113e84cab7c37be48fd701cd0e8",
"pids": [
2504
],
"md5": "d76300cd76523660e7dbe782447acbc0"
},
{
"yara": [],
"sha1": "a7a94065566fb5eed54c0ac112fa228961e07ca4",
"name": "fa7381f5251a0485_family-08.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-08.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "fa7381f5251a0485f8d4d09f7a225996f990919ebf9aee3dba7e13d323ad286a",
"urls": [],
"crc32": "6D426372",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/fa7381f5251a0485_family-08.dds",
"ssdeep": null,
"size": 32896,
"sha512": "647c0db3633b24e295bdceec9bd0944117b97b49016b9745031d471ef9e282fe4191644e6c85257bdcbaf1926fd42238a0f1cdce52e535721756f65f40ff3d39",
"pids": [
2504
],
"md5": "ef28f7f11c32e64918825ed4010ec88c"
},
{
"yara": [],
"sha1": "bc35e89e22ca09bf4a1382f2b8499ec38c2fffab",
"name": "537cc5ddfa300374_fam06-61.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-61.MSK",
"type": "data",
"sha256": "537cc5ddfa3003745cbc15d9b5d5101b3f9168a274849084d83b32d63f046c6f",
"urls": [],
"crc32": "FEBF96B9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/537cc5ddfa300374_fam06-61.msk",
"ssdeep": null,
"size": 4096,
"sha512": "5e6ee363a16e904b42216aa3a219933f3ec405e199c30ac576c33340c05e23354de7e4756450c3dfe2dd3cb2b15aa49b5a0802a158d5cc612820a096f6970b15",
"pids": [
2504
],
"md5": "4c51f0053b5dc4a98346d15193e24ac8"
},
{
"yara": [],
"sha1": "a728f53b9da1a6e41ac072cfc73ef8f5b4f71ca4",
"name": "32e56cf84db65254_fam06-22.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-22.MSK",
"type": "data",
"sha256": "32e56cf84db65254d0bf493842f4a5405abb3f1cb8179ab98417354c25ddb51b",
"urls": [],
"crc32": "88E907FB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/32e56cf84db65254_fam06-22.msk",
"ssdeep": null,
"size": 32768,
"sha512": "c0890c3e868f397ac6a0daffaf435e3000315103c2103c89656ffccda240c07728d9fe1ff465b4a03a2377a0ed5d586ae3d08bacd5906990b70e8a67ddf2b3a4",
"pids": [
2504
],
"md5": "1461da083f0f716791d92b74d9be5a64"
},
{
"yara": [],
"sha1": "8c726a9279f56831b2f360cfc0a4716093ac8faa",
"name": "bab468e93243406d_family-11.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-11.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "bab468e93243406dc8ece4d36426060dbe2f3d52e32fc22805c1c1fb2cf2a77d",
"urls": [],
"crc32": "4DFB26E3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/bab468e93243406d_family-11.dds",
"ssdeep": null,
"size": 65664,
"sha512": "77b0d6fc4f8f3214b4b9f3e289ea7165c50e0ff26dc768fb13ad181f2adbad82415dc63c2f94cdb060e2787ea29f3960a4d9606b71e435d65c3dbff0f9f775d3",
"pids": [
2504
],
"md5": "082cfb4a65f69fbf874c3c650fc24129"
},
{
"yara": [],
"sha1": "23e01a76d82c65484ea460957235a676ea7b98bc",
"name": "ae74a569375fb420_fam06-17.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-17.MSK",
"type": "data",
"sha256": "ae74a569375fb42029a1efaf8df3a4d69e5b2d8200cbe803831ad2a7dda6e0cf",
"urls": [],
"crc32": "791FCFCB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/ae74a569375fb420_fam06-17.msk",
"ssdeep": null,
"size": 8192,
"sha512": "3eb3afe10200315ab42977742d07eef689d3c755241336c2a465e5f09437dd6ce190f9e74716d980740879c85c247540c5271f3c96de693542b0896a4c814793",
"pids": [
2504
],
"md5": "d92b644e7e14c6175cf150ee3a27be65"
},
{
"yara": [],
"sha1": "68c61f5c21ec44081e026082ce861453683dec63",
"name": "cdd325a9e82a2e3a_fam06-32.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-32.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "cdd325a9e82a2e3a06547fce25e791acb786878a8c110aaf433689845f4439b2",
"urls": [],
"crc32": "05957EDA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/cdd325a9e82a2e3a_fam06-32.dds",
"ssdeep": null,
"size": 16512,
"sha512": "eb2bb36168daa7f1c58c8c220de84fb7caeab80845b562bf4dfd759c71dc9bddc92ff0a22db0b1dbfa74a0162f7a5a78f1d869624d7d773d08437537fd8ef918",
"pids": [
2504
],
"md5": "ae498bb739e42a60e0a1fb226047ae69"
},
{
"yara": [],
"sha1": "9c8e73cdb45ed9f6563be263bd7ed884e6f741e8",
"name": "9da43eea8395a98c_fam06-54.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-54.MSK",
"type": "data",
"sha256": "9da43eea8395a98cf98f62482cf3b4d7165a71493db2fcca6caa6b4a8f3a0d7d",
"urls": [],
"crc32": "C6B9A4F2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/9da43eea8395a98c_fam06-54.msk",
"ssdeep": null,
"size": 512,
"sha512": "eea198651332b08600b975b18367c2710138b806761ecf3c6ac7657345ce263c1710c9b03f7dfecc3ef5dcdce87a967965f782a494c19bb6bf9714130756ec69",
"pids": [
2504
],
"md5": "db56e8c2cf648270a6f971a8b5430f52"
},
{
"yara": [],
"sha1": "bff771abbfc18c787d0a669303c3c4f2da38d2a7",
"name": "30916a0d0fbf5cb6_family-03.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-03.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "30916a0d0fbf5cb65789af02e7584d2ae62ac69cca1beca1d2031a278ab3c271",
"urls": [],
"crc32": "9BEA1B05",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/30916a0d0fbf5cb6_family-03.dds",
"ssdeep": null,
"size": 16512,
"sha512": "b4c6b7685421c2ea1c9e65bf2fdfb40089522c48e332e06a489e86e5e7f9898a50c3c935e7d4c780dc4946a7a2219b8a9cfda54c35db2a804da1153ca6d02524",
"pids": [
2504
],
"md5": "bd2f3bc6b7e24f9ba269009b2f3ec07d"
},
{
"yara": [],
"sha1": "9922d84e99288c6ad3e862115389eabf6e0e3117",
"name": "d77254aa20d86c19_fam06-10.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-10.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "d77254aa20d86c1992e3b9138f78f3a28b70e15207a4cbbfc2de235592cbb8db",
"urls": [],
"crc32": "99DD57EB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d77254aa20d86c19_fam06-10.dds",
"ssdeep": null,
"size": 262272,
"sha512": "880d139a416e927db968db20525909da590ec3637a1c48ce172b120c062d02910dcb087eba7287522719a135425519f917f949ab1e96acc47fa47b202d47b9ed",
"pids": [
2504
],
"md5": "2d617cbde691d888823d72d24e34a109"
},
{
"yara": [],
"sha1": "4fb645e0ae153ac30d2dd4afd28faec53c143414",
"name": "363d65033eae519f_family-39.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-39.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "363d65033eae519ff77243e15438fa1a34c9f2bc12b1c1148dff57ad87640dd4",
"urls": [],
"crc32": "928A8087",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/363d65033eae519f_family-39.dds",
"ssdeep": null,
"size": 32896,
"sha512": "6fb43674be554c4fcb64c86da296c01ec54958822876595858a52f3329f648bbc2bb0e8b04be9e8f0923b3f6ee53452aba967400f3b6532803340df6198e84e7",
"pids": [
2504
],
"md5": "74b10ca06aae937bd78cd87f50a49847"
},
{
"yara": [],
"sha1": "4449eb9f5a0a08d869bafb1314de78e6634538ef",
"name": "28dfaab10680025c_nh03-03.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-03.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "28dfaab10680025c79bbf55dcfb47659f7fa9f3798faf34e4ee8c91d8a3d16b8",
"urls": [],
"crc32": "8C9D45B3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/28dfaab10680025c_nh03-03.dds",
"ssdeep": null,
"size": 262272,
"sha512": "7fc307bcf8cb1b6750f3c4551fdf8423782df5ac00ce460a16f7c8f9fba2be03f2195cd5e169846b6f8415b75b0e1875abff62e1176d04599b7ae4537c4ac52e",
"pids": [
2504
],
"md5": "0f2e89bda6fcc8ec5ca6558df8171366"
},
{
"yara": [],
"sha1": "eec6ef9d0f659b7b1820c6bd582e5938bb36cea8",
"name": "c7d366f8e7845ecf_family-28.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-28.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "c7d366f8e7845ecf7580a78253de6bd0953adbaeac0f1259a221ce0918b38d67",
"urls": [],
"crc32": "DDE3C2E6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c7d366f8e7845ecf_family-28.dds",
"ssdeep": null,
"size": 65664,
"sha512": "65d07e3ca64a718d45cb3cecea1b2d67afbb178a7d65ec9604d241dd379d01bce2306f49dd835446e22303eed8d7eb042bca0a8ea016cb150fc7b3f32e41d07f",
"pids": [
2504
],
"md5": "183edf86e03f13eb26728228622d69ad"
},
{
"yara": [],
"sha1": "eeee4679d3c65f7fcac0518b4dd09750af372ecc",
"name": "ffc2e414aa58147b_family-17.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-17.MSK",
"type": "data",
"sha256": "ffc2e414aa58147bf7a18a782d31fb0e348dfab29d0b97df7dcf954008c7872a",
"urls": [],
"crc32": "D0A3E9D9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/ffc2e414aa58147b_family-17.msk",
"ssdeep": null,
"size": 32768,
"sha512": "b353c88356946da81b59d6c9327fb772dc333824b3632328fc1995941ab935d5047b246b402f6898ef1dc44037d2904c956f2c8a9ff82310e0c92210b4a75cf5",
"pids": [
2504
],
"md5": "c36219ba9390ca9a6296213f83b65f49"
},
{
"yara": [],
"sha1": "12c6d6c7ff77a86c1a63606a9efa44235e31cd97",
"name": "530a2be37ff2d8fe_nh04-01.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-01.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "530a2be37ff2d8fe2c0e35e23714bb7a54dc8ae755ec1c9c56d5c3f390bce9f6",
"urls": [],
"crc32": "74281F67",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/530a2be37ff2d8fe_nh04-01.dds",
"ssdeep": null,
"size": 262272,
"sha512": "97b836921a6d191445fc684eb598860fd2200195aabca9c195a0a8b03c18150f4e0b2329f16c962bd6a88a63943f6c3aba6248bbdb2c37aa36c789d8103cd23a",
"pids": [
2504
],
"md5": "167bbec9b765013e6c5b767b7d070204"
},
{
"yara": [],
"sha1": "f6e393020f214fd46528f0e06cff053577af3c3f",
"name": "20258902fe317e6e_family-19.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-19.MSK",
"type": "data",
"sha256": "20258902fe317e6ed1c5f8257d5721451ade306094d2be6d1636a3ecd72fb4ff",
"urls": [],
"crc32": "8137DDCD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/20258902fe317e6e_family-19.msk",
"ssdeep": null,
"size": 32768,
"sha512": "e18adec31c1b5583ea3e2e33f1f7fc57fe621db60414a336f0265407e4a155d207b121ffefa96e6f3bf2364065f24d5d877afa270e6d8b87114f2a04818371c9",
"pids": [
2504
],
"md5": "230d574368209f0c9dc8c1b214d47902"
},
{
"yara": [],
"sha1": "d2b40fd029d08f589e47097e04ba484ead146b44",
"name": "1a58aee7f9b8f229_fam06-01.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-01.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "1a58aee7f9b8f2298e0f9abd0be6a423350176fbca1462d279767806fe185fbd",
"urls": [],
"crc32": "DB0CCE73",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1a58aee7f9b8f229_fam06-01.dds",
"ssdeep": null,
"size": 262272,
"sha512": "62d77115feb9844b629706b12726aa65df2e7d0a82abc6747454e0a7cdb2309e80ad190d249ec09df1dcdf47dc5f0711cefb7c3c6d5eefbe1659c670308119d7",
"pids": [
2504
],
"md5": "e82d9ba0feb69183762cb84ed7d6d5ae"
},
{
"yara": [],
"sha1": "6f569e50f3419fc4f0edfc4e007d5d0a183377da",
"name": "1bb769f9ebd9f9c9_family-23.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-23.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "1bb769f9ebd9f9c96c5c975cb5f06ca6bbc202295160292fb002563bb20385bb",
"urls": [],
"crc32": "11E59151",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1bb769f9ebd9f9c9_family-23.dds",
"ssdeep": null,
"size": 16512,
"sha512": "515e5295d3b19143cdfc918683523cb679cff6a372735d3f168c1a81c233ff7f22a471c6138885e233effb168186e882ba3a7e7a1d25e785e9713dea267265d5",
"pids": [
2504
],
"md5": "1c870fefdde76a88ff4cd2d18deaa4e9"
},
{
"yara": [],
"sha1": "2d5311d8e8a15739bb972382c66374b9997f5bdc",
"name": "0080717d36fc957b_fam06-34.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-34.MSK",
"type": "data",
"sha256": "0080717d36fc957b43764de14df2fa2d4bca1f632f0cc2d669210e552fdb1fac",
"urls": [],
"crc32": "84064DDB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/0080717d36fc957b_fam06-34.msk",
"ssdeep": null,
"size": 4096,
"sha512": "f4f657932e2183ed691449a37955ef3e3f52c9c0e799a8de6efdfdcf6305fee96194881a8a2da87cd67b11a8c97b4d6b982187c95389213aca1df21a76f8c8d0",
"pids": [
2504
],
"md5": "933fa9ae0d62023f0afaa6beeded4113"
},
{
"yara": [],
"sha1": "2b040a4d5c0180d6a2a49662051854a727fecb4f",
"name": "2b632e365622b752_family-18.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-18.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "2b632e365622b752dc5753e749d995cb4def5510439802de71db40f9cc96376a",
"urls": [],
"crc32": "6B0E4B6A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/2b632e365622b752_family-18.dds",
"ssdeep": null,
"size": 262272,
"sha512": "cc3daed79fb0af123b03e0345724206e9143548f878e9859f4559db43664320b498090de4638bf60593f9ae1c4badf1716e1df3d295925e57f50cc2624e4bfda",
"pids": [
2504
],
"md5": "220f21db3e6557a7558e117b6222349b"
},
{
"yara": [],
"sha1": "0d0bc617b91e5c8cb4a9cd95aa146c67937b806d",
"name": "776758397d9db8c9_fam06-10.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-10.MSK",
"type": "data",
"sha256": "776758397d9db8c9794635f7941cd29433edfe4c252af8ac0c18d9d5e41ce40d",
"urls": [],
"crc32": "F203A9BC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/776758397d9db8c9_fam06-10.msk",
"ssdeep": null,
"size": 32768,
"sha512": "2681d9a598152a15cf1487380e9d5bda8fdc83fa3a810c82686e88f366229e4d2be1439ef06ac96516917af52ab2c4e72aceba6841d3735419f7e4d8d689b292",
"pids": [
2504
],
"md5": "4d3c1aa83832c9f447c61ad3412004ab"
},
{
"yara": [],
"sha1": "755db82fafebc4ce31bde62ed8d38c63833d2ed9",
"name": "77cd78095cbc1fec_nh04-04.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-04.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "77cd78095cbc1feccf523a7a71f7bf69b19c30d56ab2485d2295a76a11fbe0cd",
"urls": [],
"crc32": "BB9D712D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/77cd78095cbc1fec_nh04-04.dds",
"ssdeep": null,
"size": 262272,
"sha512": "5ed749c961ed651312e67a369903c2b0ba7083f605eb26ff3980264318276470d869db70286488b98ae4b426b9e91676f0b2a4c32cfe1aeba4a8ff9e1a805f0f",
"pids": [
2504
],
"md5": "a7aba34a8a5ff2f10f5e769df07a9a67"
},
{
"yara": [],
"sha1": "da8685ee29a3d0c1468f379f5f1633fddcd3fe04",
"name": "d7f568718e7c10e5_family-32.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-32.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "d7f568718e7c10e5a983ef0fe7d501d965d64ed1f7e0a38e64725817e8433627",
"urls": [],
"crc32": "F73B177D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d7f568718e7c10e5_family-32.dds",
"ssdeep": null,
"size": 32896,
"sha512": "5b68705f07653b87d9d9dc230446e990e55ab530f7e4455c48355359836be282bc8ca225ececacfd64e1dab1175c257ce4ff963a4d3574eca2d276441c8cd455",
"pids": [
2504
],
"md5": "67e814d2d80c3074a9980592fe5a4814"
},
{
"yara": [],
"sha1": "ac569d413d712c287741fb93e50903b411dc5344",
"name": "497563afe6017a03_fam06-30.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-30.MSK",
"type": "data",
"sha256": "497563afe6017a0382d7b236254dd66b115a305159c82a3ece7f5bb7f0517f16",
"urls": [],
"crc32": "57BF2FF7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/497563afe6017a03_fam06-30.msk",
"ssdeep": null,
"size": 2048,
"sha512": "780a3fe9538e65542c23119a771b83c33c10c50d8fd76629dba3e090e8e14a03022eaf2716bf2ca78e44691c686d82dbe1f5752f4d8f2960facddbd3b5d81645",
"pids": [
2504
],
"md5": "eb93fcfed85952cd4e6415f549c5a1c7"
},
{
"yara": [],
"sha1": "b215a39f9b14eab1bf5d9fe210b78a089c2e9e18",
"name": "c491f78ac993b487_fam06-53.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-53.MSK",
"type": "data",
"sha256": "c491f78ac993b487b736d1da162012771813879e08d92d16ef5d13628f8ac915",
"urls": [],
"crc32": "AF66CAC3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c491f78ac993b487_fam06-53.msk",
"ssdeep": null,
"size": 8192,
"sha512": "ddac8676fbd2bab98be6b08d23bc0609f82130e88b45e189c821688869f72d9270530e4ceb81b8bf13917721e6ea0312d40fab167ad049ce7c93bc859d4cbaa9",
"pids": [
2504
],
"md5": "4cb286f9c485239fbc821ab310143b3b"
},
{
"yara": [],
"sha1": "937f4170225738840d28a2b87df6ff6ef21baf38",
"name": "e9214e307fdd62f7_fam06-23.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-23.MSK",
"type": "data",
"sha256": "e9214e307fdd62f7cfe315cfb6ab1122896425e9274ece94fc0f7e175b549667",
"urls": [],
"crc32": "836F7078",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e9214e307fdd62f7_fam06-23.msk",
"ssdeep": null,
"size": 32768,
"sha512": "cee5e14ed30f02ec4a01e37725c14fb98c3118785247ca948f1002f9114a7e472652001d881777f8eea022750cfc07bd5e75a41e6c5e11fcd39913edd586ce90",
"pids": [
2504
],
"md5": "6a18c519605a12fafeba97da9fa241f9"
},
{
"yara": [],
"sha1": "67234b336a7ec0fdea6a688a28b9d41af6270966",
"name": "37e1123396521e5f_fam06-38.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-38.MSK",
"type": "data",
"sha256": "37e1123396521e5f23ac3c9ddd0a6a0f7bfd13be729ff93855c710a91ba01c04",
"urls": [],
"crc32": "33EE14D3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/37e1123396521e5f_fam06-38.msk",
"ssdeep": null,
"size": 8192,
"sha512": "6bf209ebe3d016b86a111966f40bda9ccd83807ce613969ca049909f0fedebd61d15832b1a7ff832f3d80107b3a8d11a932fb1a6b318811466d51b4be79efb15",
"pids": [
2504
],
"md5": "9d0296d70ad2d8f1185476669f3b9b99"
},
{
"yara": [],
"sha1": "151b3d87c1db6955c42c5f95dc7a2b739a79ee4a",
"name": "6016e1535cdcc336_fam06-71.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-71.MSK",
"type": "data",
"sha256": "6016e1535cdcc336cc51e21ecee2a13257f8807ee1f70a242aa6eb6bd77e9cda",
"urls": [],
"crc32": "416E3ADD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/6016e1535cdcc336_fam06-71.msk",
"ssdeep": null,
"size": 4096,
"sha512": "6401c6596e90a562d5acafdbe22a4ab06491230897289789fcf4fae6e2c99e081277b38ae2a9a09a79668e3a9c986a0f0dbeebe34d7b466bfb5ee4ba423b3794",
"pids": [
2504
],
"md5": "875d140fd785bb30b90d64553e86b2fa"
},
{
"yara": [],
"sha1": "db00f1b256fea767aeffd6a4a5aaac6cddedb17e",
"name": "1c4a8490bb73dedf_family-37.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-37.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 128, DXT3",
"sha256": "1c4a8490bb73dedfb2627cc97c01bddc00604ea5d216fc12703dbdf190b91bf9",
"urls": [],
"crc32": "7998EA24",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1c4a8490bb73dedf_family-37.dds",
"ssdeep": null,
"size": 32896,
"sha512": "fc33a64002ff1f1927cbf76460bd87d42f67dd2b65cd96e77e75ff57b4a4a79e8f3a52b5a1c65c9b61ac7190024247aee77edf61028c7b0a022f9b5a8194d9f5",
"pids": [
2504
],
"md5": "c383a927646f013d7d98e43fee5a0001"
},
{
"yara": [],
"sha1": "fb38d95a813188b0efaf010d06d9930270b1ece6",
"name": "eb1942058aa7e668_fam06-08.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-08.MSK",
"type": "data",
"sha256": "eb1942058aa7e668c97e2b3c9be692d4c29f81251a3d8f5570d5158d8e301e26",
"urls": [],
"crc32": "FFCE9357",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/eb1942058aa7e668_fam06-08.msk",
"ssdeep": null,
"size": 8192,
"sha512": "16b5283e7dd86b5ca3d0e31ba262cd8e58364ce8398ba1cb83618e887b8d8953e68d5b229e9a7207842c771f6004c8e39439094be280f461bc6f8130e3367706",
"pids": [
2504
],
"md5": "b068565d77c304a061691a9e6e430c68"
},
{
"yara": [],
"sha1": "93c5398a8523d79edf129736fbdc13b53e2b717e",
"name": "5a2db16b29cb81a7_fam06-04.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-04.MSK",
"type": "data",
"sha256": "5a2db16b29cb81a7cd5c622dbc564d3ca529b5da36a0a21f96b7fa8024ca142d",
"urls": [],
"crc32": "A57A516A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5a2db16b29cb81a7_fam06-04.msk",
"ssdeep": null,
"size": 8192,
"sha512": "f3fafcf246e109abd81fd96093313d15bac1fc7d08bc5e7b551db16e02485acec9e85f409b717374e66e634abd06eb852c473711d82e18eac4c4a4d2405edf15",
"pids": [
2504
],
"md5": "e0bb4c8b0318a8d7ce633fda7291d598"
},
{
"yara": [],
"sha1": "1edb37e0613b7ac6a4ec917977c63cc180a59dd5",
"name": "4e3b4937fe21bf2d_fam06-50.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-50.MSK",
"type": "data",
"sha256": "4e3b4937fe21bf2d8729aa5bb2be9ba1b323e8d8629231123c657b0c45929c80",
"urls": [],
"crc32": "CFE5F408",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4e3b4937fe21bf2d_fam06-50.msk",
"ssdeep": null,
"size": 8192,
"sha512": "80cb0661e359272082ca09050895330289c1c736b567e3deac944a1317d61ccc476eaf87302e3480f13b499644612623794530df09bc38d95050969757333c50",
"pids": [
2504
],
"md5": "503df784fcf94262667b2fc61b84553e"
},
{
"yara": [],
"sha1": "3702ab985d9eaa40963190d14ecc2a1e877df1ea",
"name": "f87d0376361acf58_fam06-33.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-33.MSK",
"type": "data",
"sha256": "f87d0376361acf58fe8956bc12fe4c565f25e00dd2cc197b9dd5086a7c6073df",
"urls": [],
"crc32": "167851BC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/f87d0376361acf58_fam06-33.msk",
"ssdeep": null,
"size": 4096,
"sha512": "721f58b2734bb2ec48be123c77574b1cd42d8c22bac474a7fcf2861a35f46d5b4bace9e0b51ae83037d932168032d51f2bf4b1c7147cc04785b20c09ed99c0ca",
"pids": [
2504
],
"md5": "bf4514205ef16ce92b0004d52bc93aa4"
},
{
"yara": [],
"sha1": "3555606ed15daa58d0890670bd461445e8dee32c",
"name": "5bc02aa8cbf5721e_fam06-43.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-43.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "5bc02aa8cbf5721e4da50be183b8e26ddd437d148e76d62cd84bd35ae41e6477",
"urls": [],
"crc32": "5F3EC038",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/5bc02aa8cbf5721e_fam06-43.dds",
"ssdeep": null,
"size": 65664,
"sha512": "50e677c0ffc0923adcbc83ab421906d1055b2e4139f5add5727e5028c22b531ffc19c64dc1e736116b3bb03c0649d25ea058135d6f25c11f8b1e1619f421505a",
"pids": [
2504
],
"md5": "b16bf361a311d6e221b175aa9d3e6353"
},
{
"yara": [],
"sha1": "70162ed08bb401c29a37ae14c08b6107866da58e",
"name": "6e09ed02d0271b53_fam06-22.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-22.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "6e09ed02d0271b532e67fed9e0bf5d90878a444ec6cd04ae0ff724ba4c5e47f2",
"urls": [],
"crc32": "B68D98C0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/6e09ed02d0271b53_fam06-22.dds",
"ssdeep": null,
"size": 262272,
"sha512": "5f39eb81636822fa1f767cc918a0ff56183e9b57cf7de864518eed938a5f61848337fdcd3926bb390c753f394a19a20762c414898c4eb136bef664d668a3895c",
"pids": [
2504
],
"md5": "66f4d0c6a72857cde3e21429c889547d"
},
{
"yara": [],
"sha1": "d06c210c4f13349ab20551ab1c24a12fd03214c1",
"name": "195b9e1406a7fb43_fam06-55.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-55.MSK",
"type": "data",
"sha256": "195b9e1406a7fb4389b6be8ba407330a918d0f146f996ef5e09b51f59232f15a",
"urls": [],
"crc32": "1C8C84C7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/195b9e1406a7fb43_fam06-55.msk",
"ssdeep": null,
"size": 2048,
"sha512": "4ab43043d01cfc78dd43327a440e85c03cf3713ed678998e57f7042d0291cea20fbd84ff8409b27815c64e9eb3aece9e57e6dcc0778894343b7112a44735a682",
"pids": [
2504
],
"md5": "b53ac7953e973f9bd9a029468518ca28"
},
{
"yara": [],
"sha1": "becdd4f1833c5a5a16de023b3e9da0c07b1d009b",
"name": "597ae60a727449e3_fam06-63.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-63.MSK",
"type": "data",
"sha256": "597ae60a727449e3101ecc8329339072998d0cf89579c467b3203b16e10ac39d",
"urls": [],
"crc32": "C839B23E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/597ae60a727449e3_fam06-63.msk",
"ssdeep": null,
"size": 1024,
"sha512": "24bf57ef2a6fea57ea1720f0b2df00fb5bda5ddc24e84917dd8a72cb204085c23f3315cdfcc81b01293e3dd0270724270ecef67e5384503164012f854ed0d20f",
"pids": [
2504
],
"md5": "627fe6902ed8d992d5fc951d82753077"
},
{
"yara": [],
"sha1": "cd2b12cdeca36c6abdbac3d976a8ea9f54a06d90",
"name": "0186c087589d2950_fam06-41.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-41.MSK",
"type": "data",
"sha256": "0186c087589d2950b183a12c52f98ed3a404f7a4c510445a3bc83ffaf907e13d",
"urls": [],
"crc32": "F7B4E6E1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/0186c087589d2950_fam06-41.msk",
"ssdeep": null,
"size": 32768,
"sha512": "9092ffce71f54253feb103cf090b859f4322a10e4d3177d04a69974df4c99f8c3f366cc64848d9511a06e0dda6794b43ab944e79f03055c0bdab59c3ee314a53",
"pids": [
2504
],
"md5": "3c3b8330c9c94337ce08d205dbce9712"
},
{
"yara": [],
"sha1": "281b4319d5f1bd98efda3bbb2466496fac7819f2",
"name": "59c1c1a25b1d5478_family-27.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-27.MSK",
"type": "data",
"sha256": "59c1c1a25b1d54784161116a14b12bffa0a0bf4daeba386cb6f3c3c630038bdd",
"urls": [],
"crc32": "BD7CB5CA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/59c1c1a25b1d5478_family-27.msk",
"ssdeep": null,
"size": 4096,
"sha512": "886705d380412c03d55e8b190d9b3ec5df59df0050591dfa1e09a3ebe2476cfdaba3afde4059ff15aef2e2e313b86cc486c3adf27bac84b7daee88912fe9e011",
"pids": [
2504
],
"md5": "8c44d8797d8e33ea60974ceeaecdb3d3"
},
{
"yara": [],
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"name": "e3b0c44298fc1c14_2147c48",
"type": "empty",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"urls": [],
"crc32": "00000000",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e3b0c44298fc1c14_2147c48",
"ssdeep": null,
"size": 0,
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"yara": [],
"sha1": "d401e40321edc33d059b08e8ac71397ec3fb84e3",
"name": "0229b4b54ddf0eeb_family-24.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-24.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "0229b4b54ddf0eebec35729e80e94340d78123b0d7aac26de979755983232e6b",
"urls": [],
"crc32": "DAC1816E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/0229b4b54ddf0eeb_family-24.dds",
"ssdeep": null,
"size": 65664,
"sha512": "7df46c1290fa2400c23de1321a913dcd8c32989b63f2049932fbab9bee2b039ead804f4ee3152c2f3e13b78c81ad558805a0ed8018a20c4cbb76f3b89d87d8b9",
"pids": [
2504
],
"md5": "501eb420ab4a4cb18ed4754c222efcff"
},
{
"yara": [],
"sha1": "55edcf4bbbf940d6e9c4792ffb3d0f7299f12e95",
"name": "301d83ceed528e08_fam06-46.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-46.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "301d83ceed528e08fb676a0851bb7c8c57db8cf563691ac01f4316373add3d6f",
"urls": [],
"crc32": "E38E5B11",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/301d83ceed528e08_fam06-46.dds",
"ssdeep": null,
"size": 65664,
"sha512": "07c5a5d57aa71f9d5e53a3013e223308b05a3351439ed01d9bc6a6224e405db57d86feba7bff2a4b18cfa3a614501737eeb362c6156f0553d9cc9b9942916c58",
"pids": [
2504
],
"md5": "24139790d0ca9d54ceaa3ad831060a57"
},
{
"yara": [],
"sha1": "c405b08a564f9419f0e2735d0a39597cfe2db501",
"name": "3e990a86d1f7c211_fam06-12.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-12.MSK",
"type": "data",
"sha256": "3e990a86d1f7c2118a49333506b8453c0f7d300ba9b589affff289e61448fddf",
"urls": [],
"crc32": "12863693",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/3e990a86d1f7c211_fam06-12.msk",
"ssdeep": null,
"size": 4096,
"sha512": "999601376941a42a21dd490d2108ae91cd5b2197605b383e13098fc85e69875af831b6c4178e200df1f9d0179b0efff06089213d7c6eea4a19bff25acb888b94",
"pids": [
2504
],
"md5": "42a28691b18ea9d4d76527c67e6eb97e"
},
{
"yara": [],
"sha1": "cfe55a5c3d1dbbac9df9f2aa18ac1c33146d0eb8",
"name": "49e65403ac285bf3_family-04.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-04.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "49e65403ac285bf3e7f652749494cbce6efa404e555065be81832ff567b91136",
"urls": [],
"crc32": "6C645BB0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/49e65403ac285bf3_family-04.dds",
"ssdeep": null,
"size": 262272,
"sha512": "2393a34a1eebc3d7624f27d67978798d8315ae393b9d1baa7c50b85db011117bfbec034e742d4d42c023ff6f628ced32b402de8005446cb52028a0e0571f7a9b",
"pids": [
2504
],
"md5": "44a40ac728b15e42d6172a85faa9376e"
},
{
"yara": [],
"sha1": "36d5d0c27b1cbd00c31515ad09b1f6900a3e8555",
"name": "865a140f3f8489f7_fam06-56.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-56.MSK",
"type": "data",
"sha256": "865a140f3f8489f7c57aef33526865ba832be51055b7fb1d3c8cd9d2238509f4",
"urls": [],
"crc32": "6E1F05D9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/865a140f3f8489f7_fam06-56.msk",
"ssdeep": null,
"size": 2048,
"sha512": "27b0afe45f7be33d3dee0352826abebe3fcfb0bdf223eb4dc48d7427d665dffe5ddbcddbe77b1594564f1aac0bf701207712516aeb98f11ae8f60ad6aba7f205",
"pids": [
2504
],
"md5": "3c86e4d2712590d625f2576dd433c397"
},
{
"yara": [],
"sha1": "953cf5ba3cc829ebd7c894a0b92a2ae12415de9e",
"name": "4942595bc79982d8_fam06-55.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-55.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "4942595bc79982d8861da8115f7a40520f73c93f244e7a568c22f1a605034507",
"urls": [],
"crc32": "ECDCF8A1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/4942595bc79982d8_fam06-55.dds",
"ssdeep": null,
"size": 16512,
"sha512": "30efd6f15d21c78e89570e441200055f07473f2959c928361eab0af47e6c38dca9a05315dd674670cab57fd9d7b5f1bbfa001f111fc17dbad18d145eb9bb5783",
"pids": [
2504
],
"md5": "dcbd57cdcc0eb73e18df78668b142914"
},
{
"yara": [],
"sha1": "518ddb58f801defb7c323d88e9c65d1b5cf669d1",
"name": "bc0e66417a777ae3_family-07.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-07.MSK",
"type": "data",
"sha256": "bc0e66417a777ae396c114635432078d42c79fa33f53b29ef33214ed308eda7a",
"urls": [],
"crc32": "0416BA59",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/bc0e66417a777ae3_family-07.msk",
"ssdeep": null,
"size": 16384,
"sha512": "956db8f9ce0d321ebc9692d29aa3c8f3ff28550bbded52166180a43b3a93066512db6d89e3b4719199cd53ee835e28acf43c9eefc8cec03adb1f0e6aad89d485",
"pids": [
2504
],
"md5": "e5ea144b97981f75df17ad1e72a6a4e8"
},
{
"yara": [],
"sha1": "e3a5d863411628baaef18eaad94183b9f4b81862",
"name": "aaee087d0524c461_fam06-20.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-20.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "aaee087d0524c4618ba8208e9160b29ac90a75f9d951d6ba4e624b698b705a44",
"urls": [],
"crc32": "EDDD1C85",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/aaee087d0524c461_fam06-20.dds",
"ssdeep": null,
"size": 65664,
"sha512": "1864704f02e995fa8e2e118daa5ac9e4825b33418d6fbc36ae3372259d03277340d924dad615b487c65cd417ad959863220499a407bddb41a30243ce334ab82c",
"pids": [
2504
],
"md5": "20b54863503c677241562d86445cc494"
},
{
"yara": [],
"sha1": "d6aa298bbb96a493c7cde66ee414f32e2a885828",
"name": "49aeae76388fe5be_family-28.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-28.MSK",
"type": "data",
"sha256": "49aeae76388fe5be4fc89aa0f44e2d1d7690787aeaf3db4f7505fabdbb0dafc3",
"urls": [],
"crc32": "F9D5B5F7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/49aeae76388fe5be_family-28.msk",
"ssdeep": null,
"size": 8192,
"sha512": "2986e1072f59fda11a3258a08874d55ccf570d0d758cca9035b2f3543ac0c68ddbb33d9ee1cc1d47b4b595f53fca0bffbfd61755d7e880b7ccfe269cd8e9f5dc",
"pids": [
2504
],
"md5": "3347fc158b414a960dce39a3351e0993"
},
{
"yara": [],
"sha1": "aa731fa28f683c2c39f5d398fe06758b2bfd45e6",
"name": "a6fe7f3884fe8a5a_fam06-71.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-71.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "a6fe7f3884fe8a5ab53adbc80f641f80fe4a5afc157f0e1cb49fd6ef710806ca",
"urls": [],
"crc32": "B3ACF715",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a6fe7f3884fe8a5a_fam06-71.dds",
"ssdeep": null,
"size": 32896,
"sha512": "bd3c1eb5d593f3c0d6555eade0ede85316aa9906773d82ccfa4001bad04b8f1ff646f1b535f7c88467aaa8d66354f5f21144df33b4df96f8398700ca08692497",
"pids": [
2504
],
"md5": "0840e9c85876ef16446e4b9b9ea069c4"
},
{
"yara": [],
"sha1": "0fb92106836065c5fc0cb49bccfd7fcee2497a33",
"name": "c0d8f1b7fe08d465_family-25.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-25.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "c0d8f1b7fe08d4659ee0a2c555b5a9a33cb28ff216d939e419e74df529f6808f",
"urls": [],
"crc32": "3A340E05",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c0d8f1b7fe08d465_family-25.dds",
"ssdeep": null,
"size": 65664,
"sha512": "000fda22eaa276d89e5befdcf1a26b8968288c25233cb8667f8130c2eb576dab31bc071a6070b5ccea46934b3c69a953a1d4dd44b92a849b3a3c77c7e38f3878",
"pids": [
2504
],
"md5": "214455f6ad5763de5156f2b68d055f72"
},
{
"yara": [],
"sha1": "52239f84f09df4f4054d1e317d7f3d01f3419ee2",
"name": "17fe21c8bff4beb8_fam06-02.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-02.MSK",
"type": "data",
"sha256": "17fe21c8bff4beb8a615211bd2b5a229f6fef173bd4db31254dcd1ae94401609",
"urls": [],
"crc32": "482F00DA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/17fe21c8bff4beb8_fam06-02.msk",
"ssdeep": null,
"size": 32768,
"sha512": "e8cec579b80b46926c42086c3b789b943d070063cce6179e3d2613c48c374180c282b9419ce60af75b613bb7086887f13a63836b14048b07818ab7a1d6c478a9",
"pids": [
2504
],
"md5": "50709fb7208d577dffc2447f927cd8a4"
},
{
"yara": [],
"sha1": "b0793438f2f06302f08bf9a4c3ecac22e182c8a1",
"name": "c73472c9dd31eb0c_nh04-02.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-02.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "c73472c9dd31eb0c8f893d473e092e48acbc3e83502ed863d9533ff1c8de7064",
"urls": [],
"crc32": "C33E494B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/c73472c9dd31eb0c_nh04-02.dds",
"ssdeep": null,
"size": 262272,
"sha512": "452faa4a14e5475d670cf1d904ba21a8213024937d4dd771e210006c3584f112f8ee668380d02aba704f9da3841497488f6806b211394b370d98267d3a6db3a6",
"pids": [
2504
],
"md5": "fd3b74d4fd1c4f67b71f35b2d9ea0b00"
},
{
"yara": [],
"sha1": "540ed83adcf1863c6f12adc8a52bee620c149d73",
"name": "1ac53c0f5942bc25_fam06-12.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-12.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "1ac53c0f5942bc2525250d9b2eab37f7c2597d33478ecaae07df22baa533af86",
"urls": [],
"crc32": "B09CC2E8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1ac53c0f5942bc25_fam06-12.dds",
"ssdeep": null,
"size": 32896,
"sha512": "5d83a519e1a921f766b7ed709db2c613d31382b5ef44870b99b3f6588acce1b9958bc460cbbfb7a9fea789d6bba49cd31541fcaf62afe42cf6075b539dd92a3f",
"pids": [
2504
],
"md5": "ba99e056adfd3d2747851b416f9cb21d"
},
{
"yara": [],
"sha1": "de37d737d0e1d177d1b81bdef79f03872d6cccb0",
"name": "46749c25f93700b6_fam06-61.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-61.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 256, DXT3",
"sha256": "46749c25f93700b651f6d9efde7ab10ce1b8147a6da7e05df1a5090cd666660c",
"urls": [],
"crc32": "9DB92524",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/46749c25f93700b6_fam06-61.dds",
"ssdeep": null,
"size": 32896,
"sha512": "a19c8cd22327a084406474afdbf5a36dab43b164b405fe136b21ba652c3b5b7d2e6b1856195814e26516b29fa97eb0c3df2982125753cd865a26aca31e809d30",
"pids": [
2504
],
"md5": "550d89f05e3c2bf4f4199766c06f2a6e"
},
{
"yara": [],
"sha1": "bef9a58e582681613d82750e5762271d9f49a838",
"name": "1e47c9fcd26bff67_fam06-67.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-67.MSK",
"type": "data",
"sha256": "1e47c9fcd26bff675d69e2821fb6d02b5efe1e16007acf4952ea97806a785467",
"urls": [],
"crc32": "80BE4D66",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/1e47c9fcd26bff67_fam06-67.msk",
"ssdeep": null,
"size": 512,
"sha512": "964524a7056e11dc7af51fb0799e172461c3fc2322b23a94f8ffe159bf11cb3b76b0a516a64045c4e553d85aa59ec4083e3a4934102d63657ae42e6968bd3031",
"pids": [
2504
],
"md5": "687f6534fac505c5cd559d5aa748e12d"
},
{
"yara": [],
"sha1": "aef650c5beecdc42a7a99d80667d9319475a7c97",
"name": "0a9690d0fed343d8_fam06-26.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-26.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "0a9690d0fed343d861e7d89b3368a6381b7ecfd2b1aff14261c2180f57eb2147",
"urls": [],
"crc32": "2A90EF37",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/0a9690d0fed343d8_fam06-26.dds",
"ssdeep": null,
"size": 65664,
"sha512": "de3936f2cd28f39edf1c2cb77708b28fd58394c4e9b721d243f5d12485233c5406b01128fa9cf18c76fef08883be82ca5c98df75c1109cfc3b55540875f47aa5",
"pids": [
2504
],
"md5": "9c254c8e6cfd9246a272daf209d46295"
},
{
"yara": [],
"sha1": "48f4474f55768bc36b8781c8f63d012327c5bb04",
"name": "b64fa98b64969d9e_fam06-16.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-16.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "b64fa98b64969d9e2fbdc44ff69c8d16b3ca6fb435a5818c9670605315609649",
"urls": [],
"crc32": "F2303599",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b64fa98b64969d9e_fam06-16.dds",
"ssdeep": null,
"size": 65664,
"sha512": "06d9253a08827820535abbc733da9b78bac8b90361d1a6aebf24ea427bd5d479a66da3832dbe6bc628d5751df64cf8632d3c5582aa02dd5f70f92f5f56c58846",
"pids": [
2504
],
"md5": "2df6e06e832c84e1eb3a538d2ca1fa52"
},
{
"yara": [],
"sha1": "98c851fadc20582af25a98324d7c56a2dc787fa0",
"name": "eab37dd2f7c2f764_family-25.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-25.MSK",
"type": "data",
"sha256": "eab37dd2f7c2f764e1fd3334de1bf96ec4b64b4e3dce934836ec506e5de97b95",
"urls": [],
"crc32": "29A8FB32",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/eab37dd2f7c2f764_family-25.msk",
"ssdeep": null,
"size": 8192,
"sha512": "bcf8629c4f675d32221b52f3b1c064ebacaaa118d689726aee7402f8ddc432fa0b2fb2e19f33b1415de6b1228fd750654aa239b0a2e309e1a6496524827f8787",
"pids": [
2504
],
"md5": "001fcb02a9839c2599346a9e8281d4c7"
},
{
"yara": [],
"sha1": "1dd22d8caa19b6d4ee84271df6c6b17333db2a3a",
"name": "765951da6c68b5c4_fam06-49.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-49.MSK",
"type": "data",
"sha256": "765951da6c68b5c4f475865b46dc80e893690453785e97ca09e2b5d5fcb7a52d",
"urls": [],
"crc32": "677C9767",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/765951da6c68b5c4_fam06-49.msk",
"ssdeep": null,
"size": 2048,
"sha512": "79e1557f0442332c0995f4fc20e263da52ff22d1af33a1dbd66355e35c25c29f52d9d66834bea05c7a9ea3b0292996554caedd097b363922eb132a09cb102308",
"pids": [
2504
],
"md5": "494ea033e0d20c8e972cd46a84b7de7c"
},
{
"yara": [],
"sha1": "69eca01a5c2e577e5cae537cbed6096dda18e56d",
"name": "bbe226c01f638ff7_fam06-60.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-60.MSK",
"type": "data",
"sha256": "bbe226c01f638ff70211d1e1dd3b4db691f24b93f3fb06d74d3307fa1a3cc3cd",
"urls": [],
"crc32": "FDE386C7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/bbe226c01f638ff7_fam06-60.msk",
"ssdeep": null,
"size": 2048,
"sha512": "484014e65120421401286d276d8818237ede8810137dc5687c67134406b4fc6d48b2e50f47119430dfc2ccf6b58fd12582c19a9799ae85509a41d042a2516cf5",
"pids": [
2504
],
"md5": "6c70b4270af96f01830b9d487823554c"
},
{
"yara": [],
"sha1": "983d8294adca7e80b5db7f61e9d3322e53949d2a",
"name": "419a22cc1eb1c721_family-23.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-23.MSK",
"type": "data",
"sha256": "419a22cc1eb1c7218281caa99793f11924896bdb361fd54d41833dc73a4bac2a",
"urls": [],
"crc32": "55CF2EE5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/419a22cc1eb1c721_family-23.msk",
"ssdeep": null,
"size": 2048,
"sha512": "c00e6745c770f5385ae3c595fe412f25f0b922f42a96ee9026157ba4261d8ceff66e2205553be0d9d529b0b4d0ac5bebb300e7bcc433d107edfeba919417320f",
"pids": [
2504
],
"md5": "e5eca657777bf8be81b5a06c126584de"
},
{
"yara": [],
"sha1": "83d0d899f4a3bbbddfc6163a9e426b573ca93acd",
"name": "f5d28e507bd579bd_fam06-11.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-11.dds",
"type": "Microsoft DirectDraw Surface (DDS), 512 x 512, DXT3",
"sha256": "f5d28e507bd579bda1b25f447e9e9063a477be0c7cf515f3b8010a72ad758899",
"urls": [],
"crc32": "E1416D0D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/f5d28e507bd579bd_fam06-11.dds",
"ssdeep": null,
"size": 262272,
"sha512": "3c6d49c0b270aea024e99009d4c4d543f056148ddf718443af986fb9aa548061c0144ebaa2dd6968eda2397c219528b93ddfdc81af0fe76726c47cc4323f7b3c",
"pids": [
2504
],
"md5": "97ffb69331d2dffab9612555a668f205"
},
{
"yara": [],
"sha1": "882d9ccc0b2c504294a09524b3de74424391e50c",
"name": "60fd1bbed1808484_fam06-25.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-25.dds",
"type": "Microsoft DirectDraw Surface (DDS), 128 x 128, DXT3",
"sha256": "60fd1bbed18084843ff368f8b3a5117db2e6d2630a771d69bdf193226848c209",
"urls": [],
"crc32": "ADE73CB8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/60fd1bbed1808484_fam06-25.dds",
"ssdeep": null,
"size": 16512,
"sha512": "d53a15de6595cdd7445913db66c17781eef3df24304ccd7e48a4376ef93ba0632d918c9fe3324951f492347013cbe2a83e9f61b8e1dec09fce4b78bafcb9487f",
"pids": [
2504
],
"md5": "e691057215c6448142dbcb9b192c6f86"
},
{
"yara": [],
"sha1": "86eb8793039ece8c566cf1d2160798fe8e7b9b99",
"name": "59fe7675bd1193d9_family-01.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-01.MSK",
"type": "data",
"sha256": "59fe7675bd1193d94628d65513130316cedf789069f689af06e30bd601fc0a61",
"urls": [],
"crc32": "F0FC57B8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/59fe7675bd1193d9_family-01.msk",
"ssdeep": null,
"size": 16384,
"sha512": "5fb09f53492c132850da4df0802c3a434bf926a342ea898e280b3531d4f77182e7fc9a892066b20aafab0851df4168aa0e507c2f26a855d92429f8e58981c50e",
"pids": [
2504
],
"md5": "38b2886267e2b97120e62c0cbebe701c"
},
{
"yara": [],
"sha1": "0f64705970d72aab77c2750fffad92eb0b2669d6",
"name": "e9ecbab3180fc49c_fam06-15.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-15.MSK",
"type": "data",
"sha256": "e9ecbab3180fc49caad1a25421af679ddaf0c00ab2551831f8334e8744aeb01e",
"urls": [],
"crc32": "402D4CCA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/e9ecbab3180fc49c_fam06-15.msk",
"ssdeep": null,
"size": 4096,
"sha512": "bfbfd8c0df75dc0b5d5d0d803a92bfee103557e968ab0c614a033cb1ecafc6f2a05d6304510ce98c9390b9cb79178e1d6a9c44ab5e9ce93869f5cac306c51960",
"pids": [
2504
],
"md5": "ee234b60a0df14a9f6bc1f590d6321fb"
},
{
"yara": [],
"sha1": "e0ef82ea979a5f66d3ce4ae0a951f295ea8ed3bb",
"name": "35a9e73defb929f6_family-02.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-02.MSK",
"type": "data",
"sha256": "35a9e73defb929f6df24f4557fde8b7a698c84ca262e0e814a7bb5776cf2f5cd",
"urls": [],
"crc32": "E8EE59D6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/35a9e73defb929f6_family-02.msk",
"ssdeep": null,
"size": 16384,
"sha512": "338b11b65e87951f19468ed8862d3b19e64ee79b5d1c4088f2a8ca5ac7799f4ea1e3a449ff6ff49d2460a5f85e0ccbebb068e63973c1757f0605594c21c08c93",
"pids": [
2504
],
"md5": "afaefd6f9abaeca07912344e1111bffa"
},
{
"yara": [],
"sha1": "c4069e35eeaa1ebfc66241f2b872431d4cc1213a",
"name": "ff3b1ffe83d81c7b_fam06-19.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-19.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 512, DXT3",
"sha256": "ff3b1ffe83d81c7b5a92b15b5a12fc94082ed3d35d77b3f2864e2e4fe9866042",
"urls": [],
"crc32": "12B82721",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/ff3b1ffe83d81c7b_fam06-19.dds",
"ssdeep": null,
"size": 131200,
"sha512": "ec580ce37158fd9c9e2b2dfee86a3f37f78fc2459921ef22fd64b1bd3ad2d8ca53ee17be02ee80726bcd6aee9050c1d07d75cc36d4393d227c572f26755ba95f",
"pids": [
2504
],
"md5": "6f3702675d500ba16a043453543485d4"
},
{
"yara": [],
"sha1": "160657956aa3b04732d320c22a62b7f3098b57c1",
"name": "d540905a5dec496d_fam06-77.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-77.MSK",
"type": "data",
"sha256": "d540905a5dec496d51195f5ddf7929bc29db96e2792bb6bca1fbddfedf9daf41",
"urls": [],
"crc32": "60F01A8B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/d540905a5dec496d_fam06-77.msk",
"ssdeep": null,
"size": 2048,
"sha512": "93cc89f8339e574eb26cd13c5c1d1e98de57c6e0975752b7679ceb22eabfad1ff5940e715a973b8b0265eeddb8b1ab4183704574f6f2a0b4df4b610866a173bb",
"pids": [
2504
],
"md5": "4f721b9459ebaacd74841dc0ba05d020"
},
{
"yara": [],
"sha1": "bc845aeb6589c805734b4eaf88b2007c7a9806fd",
"name": "a1dfc2ccdb64af4b_family-22.msk",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-22.MSK",
"type": "data",
"sha256": "a1dfc2ccdb64af4b478d9a884f46836c504675ba1c87f32118fcd1483b71b85e",
"urls": [],
"crc32": "DC244253",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/a1dfc2ccdb64af4b_family-22.msk",
"ssdeep": null,
"size": 2048,
"sha512": "5f0a913db6481082bb0deec19fa6b8a61e0ccc2a7974eda66130e0e372fd4078e05f8ae670d89d6c9c9427c17699e64bfd2fdadaf19bffef01a2d1f4a53a4425",
"pids": [
2504
],
"md5": "93e66b661b3fde1ac318a942495f5bd4"
},
{
"yara": [],
"sha1": "c990c8a4dc4dd9f5e6e9878084cd2a062596639f",
"name": "b6aa05195ba01d32_family-09.dds",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-09.dds",
"type": "Microsoft DirectDraw Surface (DDS), 256 x 256, DXT3",
"sha256": "b6aa05195ba01d3257e9faee1bc3d74d4f472ee41ba8536ab50bd5711ba74f6c",
"urls": [],
"crc32": "EB6EB895",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2657\/files\/b6aa05195ba01d32_family-09.dds",
"ssdeep": null,
"size": 65664,
"sha512": "83397c8d7da309000960f6ab664233eb108e11426d834bc9b9e981e64ff666878fa46a54013d109fb4b68f6ddcff3ca9368219b55d5bb5bf9e2450382d05d270",
"pids": [
2504
],
"md5": "96217d598c0d8b1a7ae0587dfc02e296"
}
]Generic
[
{
"process_path": "C:\\Windows\\System32\\cmd.exe",
"process_name": "cmd.exe",
"pid": 1692,
"summary": {},
"first_seen": 1568973195.6094,
"ppid": 1788
},
{
"process_path": "C:\\Windows\\System32\\taskhost.exe",
"process_name": "taskhost.exe",
"pid": 1724,
"summary": {
"file_opened": [
"C:\\Windows\\Media\\Windows Critical Stop.wav"
],
"guid": [
"{30a99515-1527-4451-af9f-00c5f0234daf}",
"{cd773740-b187-4974-a1d5-e0ff91372277}"
],
"file_read": [
"C:\\Windows\\Media\\Windows Critical Stop.wav"
],
"regkey_read": [
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\.Default\\Close\\.Current\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\DeviceState",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\.Default\\SystemHand\\.Current\\Default Flags",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\.Default\\Open\\.Current\\(Default)",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\.Default\\SystemHand\\.Current\\(Default)",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\.Default\\Open\\.Current\\Default Flags",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\(Default)",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\.Default\\Close\\.Current\\Default Flags"
]
},
"first_seen": 1568973194.9219,
"ppid": 468
},
{
"process_path": "C:\\Windows\\System32\\conhost.exe",
"process_name": "conhost.exe",
"pid": 1700,
"summary": {},
"first_seen": 1568973196.2185,
"ppid": 384
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\e72bf6def02c8b92805526539d28faf36a908e0a71a8948855c3f5cd88490cee.bin",
"process_name": "e72bf6def02c8b92805526539d28faf36a908e0a71a8948855c3f5cd88490cee.bin",
"pid": 2504,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-05.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-40.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-20.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-22.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-36.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-05.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-01.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-28.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-63.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-25.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-20.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-34.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-07.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-38.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-11.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-08.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-11.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-25.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-26.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-70.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-03.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-72.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-17.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-36.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-10.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-37.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-02.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-30.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-03.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-68.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-38.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-64.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-67.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-16.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-29.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-41.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-06.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-22.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-54.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-71.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-04.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-32.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-01.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-73.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-60.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-01.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-31.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-04.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-56.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-05.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-65.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-34.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-64.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-08.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-45.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-18.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-07.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-62.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-76.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-04.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-29.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-19.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-12.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-01.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-43.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-59.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-01.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-21.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-30.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-13.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-44.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-13.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-18.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-27.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-06.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-35.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-41.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-03.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-35.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-24.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-42.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-26.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-10.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-15.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-16.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-26.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-06.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-38.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-77.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-52.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-58.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-71.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-16.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-58.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-13.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-10.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-03.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-35.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-24.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-46.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-67.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-01.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-53.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-49.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-41.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-37.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-21.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-30.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-18.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-50.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-22.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winjlejgt.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-59.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-15.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-52.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-55.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-57.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-24.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-15.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-29.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-38.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-48.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-63.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-51.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-33.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-51.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-74.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-40.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-02.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-11.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-48.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-12.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-39.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-32.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-01.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-72.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-06.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-62.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-28.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-60.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-42.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-09.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-06.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-14.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-05.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-70.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-68.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-39.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-09.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-09.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-14.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-49.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-40.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-43.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-21.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-11.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-69.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-33.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-57.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-56.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-04.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-37.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-26.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-19.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-19.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-03.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-06.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-24.dds",
"C:\\Windows\\2147c48",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-15.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-02.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-31.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\__tmp_rar_sfx_access_check_34898531",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-23.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-13.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-21.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-41.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-65.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-03.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-09.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-25.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-22.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-23.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-32.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-02.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-77.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-47.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-74.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-08.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-23.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-27.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\version.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-03.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-28.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-17.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-05.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-36.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-04.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-10.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-45.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-12.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-29.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-33.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-39.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-28.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-40.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-35.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-08.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-14.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-02.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-14.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-66.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-46.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-66.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-27.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-17.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-31.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-20.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-12.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-34.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-07.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-36.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-05.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-47.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-25.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-34.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-20.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-61.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-54.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-17.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-44.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-18.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-27.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-23.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-32.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-33.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-19.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-39.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-02.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-02.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-31.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-53.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-61.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-75.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-75.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-30.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-03.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-07.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-69.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-01.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-04.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-37.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-76.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-73.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-55.dds",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-02.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-16.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-50.MSK",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\ini\\Shop.dat"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\AntiVirusOverride",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\-691606842",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_7",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\1801680227",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\UpdatesDisableNotify",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\418466543",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\UacDisableNotify",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\AntiVirusDisableNotify",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\-2074820526",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\-1383213684",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\UacDisableNotify",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\DoNotAllowExceptions",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_9",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\FirewallOverride",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_9",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_8",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_8",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\-273140299",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_6",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_4",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_5",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_2",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_3",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_0",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c2_1",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_7",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_6",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_5",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_4",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_3",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_2",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_1",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c3_0",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_4",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_5",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_6",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_7",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\AntiVirusDisableNotify",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_2",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_3",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\DisableNotifications",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_8",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_9",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\UpdatesDisableNotify",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\GlobalUserOffline",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\FirewallDisableNotify",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\AntiVirusOverride",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\FirewallOverride",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\EnableFirewall",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\FirewallDisableNotify",
"HKEY_CURRENT_USER\\Software\\Xpvd\\-2022283959\\1110073385",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_1",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_0",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_3",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_2",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_5",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_4",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c1_7",
"HKEY_CURRENT_USER\\Software\\Xpvd\\c4_1"
],
"dll_loaded": [
"ext-ms-win-kernel32-package-current-l1-1-0",
"C:\\Windows\\system32\\riched20.dll",
"kernel32",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"kernel32.dll",
"MSVCRT.dll",
"C:\\Windows\\system32\\rsaenh.dll",
"C:\\Windows\\system32\\ole32.dll",
"C:\\Windows\\system32\\sfc_os.dll",
"dwmapi.dll",
"C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll",
"C:\\Windows\\system32\\DXGIDebug.dll",
"Signatures
[
{
"markcount": 1,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1568973194.7966,
"tid": 2336,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 388
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "D:\\Projects\\WinRAR\\sfx\\build\\sfxrar32\\Release\\sfxrar.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": ".gfids",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 1,
"families": [],
"description": "The file contains an unknown PE resource name possibly indicative of a packer",
"severity": 1,
"marks": [
{
"category": "resource name",
"ioc": "PNG",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_unknown_resource_name"
},
{
"markcount": 2,
"families": [],
"description": "One or more processes crashed",
"severity": 1,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "e\n7\n2\nb\nf\n6\nd\ne\nf\n0\n2\nc\n8\nb\n9\n2\n8\n0\n5\n5\n2\n6\n5\n3\n9\nd\n2\n8\nf\na\nf\n3\n6\na\n9\n0\n8\ne\n0\na\n7\n1\na\n8\n9\n4\n8\n8\n5\n5\nc\n3\nf\n5\nc\nd\n8\n8\n4\n9\n0\nc\ne\ne\n+\n0\nx\n6\nd\nb\nc\nc\n \n@\n \n0\nx\n4\n6\nd\nb\nc\nc",
"registers": {
"esp": 6029104,
"edi": 2178940951,
"eax": 2178940951,
"ebp": 6029144,
"edx": 2178940952,
"ebx": 32211348,
"esi": 4642765,
"ecx": 2008823930
},
"exception": {
"instruction_r": "8a 08 40 84 c9 75 f9 2b c2 c7 45 fc fe ff ff ff",
"symbol": "lstrlen+0x1a lstrcmpW-0x3f kernelbase+0xa34a",
"instruction": "mov cl, byte ptr [eax]",
"module": "KERNELBASE.dll",
"exception_code": "0xc0000005",
"offset": 41802,
"address": "0x75dba34a"
}
},
"time": 1568973194.7496,
"tid": 2336,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 52
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\n3\nd\n0\n7\n8\n4\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0",
"registers": {
"r14": 0,
"r9": 0,
"rcx": 48,
"rsi": 2149646339,
"r10": 0,
"rbx": 0,
"rdi": 0,
"r11": 43317200,
"r8": 2007859596,
"rdx": 8796092666448,
"rbp": 43316320,
"r15": 131132,
"r12": 4294967295,
"rsp": 43316200,
"rax": 37554048,
"r13": 8791721239232
},
"exception": {
"instruction_r": "83 3d 8d d1 02 00 00 68 53 12 69 fb c7 44 24 04",
"instruction": "cmp dword ptr [rip + 0x2d18d], 0",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x23d0784"
}
},
"time": 1568973200.5319,
"tid": 2040,
"flags": {}
},
"pid": 1724,
"type": "call",
"cid": 521
}
],
"references": [],
"name": "raises_exception"
},
{
"markcount": 0,
"families": [],
"description": "One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.",
"severity": 2,
"marks": [],
"references": [],
"name": "dumped_buffer"
},
{
"markcount": 2,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2504,
"region_size": 17539072,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 12288,
"base_address": "0x01e00000"
},
"time": 1568973194.7496,
"tid": 2336,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 36
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2504,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x01e00000"
},
"time": 1568973194.7816,
"tid": 2336,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2504,
"type": "call",
"cid": 304
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 0,
"families": [],
"description": "Checks whether any human activity is being performed by constantly checking whether the foreground window changed",
"severity": 2,
"marks": [],
"references": [
"https:\/\/www.virusbtn.com\/virusbulletin\/archive\/2015\/09\/vb201509-custom-packer.dkb"
],
"name": "antisandbox_foregroundwindows"
},
{
"markcount": 1,
"families": [],
"description": "Drops an executable to the user AppData folder",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\winjlejgt.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "exe_appdata"
},
{
"markcount": 2,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.9635066061347,
"section": {
"size_of_data": "0x00012000",
"virtual_address": "0x0006a000",
"entropy": 7.9635066061347,
"name": ".reloc",
"virtual_size": "0x00012000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.20168067226891,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
},
{
"markcount": 1,
"families": [],
"description": "Checks for the Locally Unique Identifier on the system for a suspicious privilege",
"severity": 2,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeDebugPrivilege"
},
"time": 1568973196.3596,
"tid": 2828,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 1679
}
],
"references": [],
"name": "privilege_luid_check"
},
{
"markcount": 10,
"families": [],
"description": "Allocates execute permission to another process indicative of possible code injection",
"severity": 3,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1724,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x002e0000"
},
"time": 1568973194.8436,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 709
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1768,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x00000164",
"allocation_type": 12288,
"base_address": "0x00130000"
},
"time": 1568973195.0316,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 949
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1788,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x028b0000"
},
"time": 1568973195.2656,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1306
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1692,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x00140000"
},
"time": 1568973195.4996,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1412
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1700,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x00000164",
"allocation_type": 12288,
"base_address": "0x01b20000"
},
"time": 1568973195.7186,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1506
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2168,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x01d20000"
},
"time": 1568973196.3436,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1663
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1636,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x002d0000"
},
"time": 1568973196.3596,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1686
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1596,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000002a0",
"allocation_type": 12288,
"base_address": "0x00460000"
},
"time": 1568973196.7656,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1759
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2504,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000002a0",
"allocation_type": 12288,
"base_address": "0x04a00000"
},
"time": 1568973196.7656,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1789
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2504,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000002a0",
"allocation_type": 12288,
"base_address": "0x04b50000"
},
"time": 1568973196.7656,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1792
}
],
"references": [],
"name": "allocates_execute_remote_process"
},
{
"markcount": 1,
"families": [],
"description": "Installs itself for autorun at Windows startup",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Windows\\system.ini",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "persistence_autorun"
},
{
"markcount": 1,
"families": [],
"description": "Operates on local firewall's policies and settings",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "bypass_firewall"
},
{
"markcount": 2,
"families": [],
"description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
"severity": 3,
"marks": [
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "NtSetValueKey",
"return_value": 0,
"arguments": {
"index": 0,
"key_handle": "0x0000000000000f84",
"value": "\u0014\u0000\u0000\u0000\u0005\u0000\u0000\u0000\u0001\u0000\u0001\u0000\u0010\u0000\u0000\u0000\u0014\u0000\u0000\u0000IL \u0006\u0010\u0000$\u0000\u0018\u0000\u0010\u0000\u0010\u0000\u00ff\u00ff\u00ff\u00ff!\u0010\u00ff\u00ff\u00ff\u00ff\u00ff\u00ff\u00ff\u00ffBM6\u0000\u0000\u0000\u0000\u0000\u0000\u00006\u0000\u0000\u0000(\u0000\u0000\u0000\u0010\u0000\u0000\u0000@\u0002\u0000\u0000\u0001\u0000 \u0000\u0000\u0000\u0000\u0000\u0000\u0090\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream"
},
"time": 1568973204.8594,
"tid": 1828,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1788,
"type": "call",
"cid": 8864
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "NtSetValueKey",
"return_value": 0,
"arguments": {
"index": 0,
"key_handle": "0x00000000000001e0",
"value": "\u0014\u0000\u0000\u0000\u0007\u0000\u0000\u0000\u0001\u0000\u0001\u0000\u0004\u0000\u0000\u0000\u0014\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000{\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u00e3\u0007\t\u0000F\u0000b\u0000y\u0000i\u0000r\u0000 \u0000C\u0000P\u0000 \u0000v\u0000f\u0000f\u0000h\u0000r\u0000f\u0000:\u0000 \u00001\u0000 \u0000z\u0000r\u0000f\u0000f\u0000n\u0000t\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000e\u0000\u0000\u0000v\u00ae x\u00e3#)B\u0082\u00c1\u00e4\u001c\u00b6}[\u009c\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00b3\u0086;4\u00e6\u00ee\u00d4\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\r !\u008f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u00e3\u0007\t\u0000F\u0000c\u0000r\u0000n\u0000x\u0000r\u0000e\u0000f\u0000:\u0000 \u00006\u00007\u0000%\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000f\u0000\u0000\u0000s\u00ae x\u00e3#)B\u0082\u00c1\u00e4\u001c\u00b6}[\u009c\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0086\u00e2\u009e\u00956\u0005\u00d4\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\r !\u008f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000}\u00c0\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u00e3\u0007\t\u0000H\u0000a\u0000v\u0000q\u0000r\u0000a\u0000g\u0000v\u0000s\u0000v\u0000r\u0000q\u0000 \u0000a\u0000r\u0000g\u0000j\u0000b\u0000e\u0000x\u0000 \u0000A\u0000b\u0000 \u0000V\u0000a\u0000g\u0000r\u0000e\u0000a\u0000r\u0000g\u0000 \u0000n\u0000p\u0000p\u0000r\u0000f\u0000f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams"
},
"time": 1568973204.8594,
"tid": 1828,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1788,
"type": "call",
"cid": 8866
}
],
"references": [],
"name": "creates_largekey"
},
{
"markcount": 16,
"families": [],
"description": "Creates a thread using CreateRemoteThread in a non-child process indicative of process injection",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 2504 created a remote thread in non-child process 1724",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741790,
"api": "CreateRemoteThread",
"return_value": 0,
"arguments": {
"thread_identifier": 0,
"process_identifier": 1724,
"function_address": "0x002e0000",
"flags": 0,
"process_handle": "0x0000016c",
"parameter": "0x00000000",
"stack_size": 0
},
"time": 1568973195.0156,
"tid": 2828,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 770
},
{
"category": "Process injection",
"ioc": "Process 2504 created a remote thread in non-child process 1768",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741790,
"api": "CreateRemoteThread",
"return_value": 0,
"arguments": {
"thread_identifier": 0,
"process_identifier": 1768,
"function_address": "0x00130000",
"flags": 0,
"process_handle": "0x00000164",
"parameter": "0x00000000",
"stack_size": 0
},
"time": 1568973195.2656,
"tid": 2828,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 1289
},
{
"category": "Process injection",
"ioc": "Process 2504 created a remote thread in non-child process 1788",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741790,
"api": "CreateRemoteThread",
"return_value": 0,
"arguments": {
"thread_identifier": 0,
"process_identifier": 1788,
"function_address": "0x028b0000",
"flags": 0,
"process_handle": "0x0000016c",
"parameter": "0x00000000",
"stack_size": 0
},
"time": 1568973195.4846,
"tid": 2828,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 1310
},
{
"category": "Process injection",
"ioc": "Process 2504 created a remote thread in non-child process 1692",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741790,
"api": "CreateRemoteThread",
"return_value": 0,
"arguments": {
"thread_identifier": 0,
"process_identifier": 1692,
"function_address": "0x00140000",
"flags": 0,
"process_handle": "0x0000016c",
"parameter": "0x00000000",
"stack_size": 0
},
"time": 1568973195.7036,
"tid": 2828,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 1418
},
{
"category": "Process injection",
"ioc": "Process 2504 created a remote thread in non-child process 1700",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741790,
"api": "CreateRemoteThread",
"return_value": 0,
"arguments": {
"thread_identifier": 0,
"process_identifier": 1700,
"function_address": "0x01b20000",
"flags": 0,
"process_handle": "0x00000164",
"parameter": "0x00000000",
"stack_size": 0
},
"time": 1568973196.3286,
"tid": 2828,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 1617
},
{
"category": "Process injection",
"ioc": "Process 2504 created a remote thread in non-child process 2168",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741790,
"api": "CreateRemoteThread",
"return_value": 0,
"arguments": {
"thread_identifier": 0,
"process_identifier": 2168,
"function_address": "0x01d20000",
"flags": 0,
"process_handle": "0x0000016c",
"parameter": "0x00000000",
"stack_size": 0
},
"time": 1568973196.3596,
"tid": 2828,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 1665
},
{
"category": "Process injection",
"ioc": "Process 2504 created a remote thread in non-child process 1636",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741790,
"api": "CreateRemoteThread",
"return_value": 0,
"arguments": {
"thread_identifier": 0,
"process_identifier": 1636,
"function_address": "0x002d0000",
"flags": 0,
"process_handle": "0x0000016c",
"parameter": "0x00000000",
"stack_size": 0
},
"time": 1568973196.7496,
"tid": 2828,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 1701
},
{
"category": "Process injection",
"ioc": "Process 2504 created a remote thread in non-child process 1596",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741790,
"api": "CreateRemoteThread",
"return_value": 0,
"arguments": {
"thread_identifier": 0,
"process_identifier": 1596,
"function_address": "0x00460000",
"flags": 0,
"process_handle": "0x000002a0",
"parameter": "0x00000000",
"stack_size": 0
},
"time": 1568973196.7656,
"tid": 2828,
"flags": {}
},
"pid": 2504,
"type": "call",
"cid": 1761
}
],
"references": [
"www.endgame.com\/blog\/technical-blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"
],
"name": "injection_createremotethread"
},
{
"markcount": 19,
"families": [],
"description": "Manipulates memory of a non-child process indicative of process injection",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 2504 manipulating memory of non-child process 1724",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1724,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x002e0000"
},
"time": 1568973194.8436,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 709
},
{
"category": "Process injection",
"ioc": "Process 2504 manipulating memory of non-child process 1768",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1768,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x00000164",
"allocation_type": 12288,
"base_address": "0x00130000"
},
"time": 1568973195.0316,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 949
},
{
"category": "Process injection",
"ioc": "Process 2504 manipulating memory of non-child process 1788",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1788,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x028b0000"
},
"time": 1568973195.2656,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1306
},
{
"category": "Process injection",
"ioc": "Process 2504 manipulating memory of non-child process 1692",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1692,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x00140000"
},
"time": 1568973195.4996,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1412
},
{
"category": "Process injection",
"ioc": "Process 2504 manipulating memory of non-child process 1700",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1700,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x00000164",
"allocation_type": 12288,
"base_address": "0x01b20000"
},
"time": 1568973195.7186,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1506
},
{
"category": "Process injection",
"ioc": "Process 2504 manipulating memory of non-child process 2168",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2168,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x01d20000"
},
"time": 1568973196.3436,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1663
},
{
"category": "Process injection",
"ioc": "Process 2504 manipulating memory of non-child process 1636",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1636,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x0000016c",
"allocation_type": 12288,
"base_address": "0x002d0000"
},
"time": 1568973196.3596,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1686
},
{
"category": "Process injection",
"ioc": "Process 2504 manipulating memory of non-child process 1596",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1596,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000002a0",
"allocation_type": 12288,
"base_address": "0x00460000"
},
"time": 1568973196.7656,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1759
},
{
"category": "Process injection",
"ioc": "Process 2504 manipulating memory of non-child process 2504",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2504,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000002a0",
"allocation_type": 12288,
"base_address": "0x04a00000"
},
"time": 1568973196.7656,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1789
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2504,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000002a0",
"allocation_type": 12288,
"base_address": "0x04b50000"
},
"time": 1568973196.7656,
"tid": 2828,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2504,
"type": "call",
"cid": 1792
}
],
"references": [
"www.endgame.com\/blog\/technical-blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"
],
"name": "injection_modifies_memory"
},
{
"markcount": 12,
"families": [],
"description": "Modifies security center warnings",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\UpdatesDisableNotify",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\UacDisableNotify",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\AntiVirusOverride",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\UpdatesDisableNotify",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\AntiVirusOverride",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\FirewallOverride",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\UacDisableNotify",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\FirewallDisableNotify",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\AntiVirusDisableNotify",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\AntiVirusDisableNotify",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\FirewallOverride",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\Svc\\FirewallDisableNotify",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "modifies_security_center_warnings"
},
{
"markcount": 126,
"families": [],
"description": "Drops 126 unknown file mime types indicative of ransomware writing encrypted files back to disk",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-28.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-32.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-26.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-03.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-76.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-74.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-72.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-04.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-75.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-26.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-06.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-05.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-14.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-34.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-69.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-18.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-58.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-21.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-25.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-39.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-43.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-32.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-41.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-39.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-37.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-16.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-33.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-46.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-09.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-08.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-59.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-13.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-05.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-15.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh03-01.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-21.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-31.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-38.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-09.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-66.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-40.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-30.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-64.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-01.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-29.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-29.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-44.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family06\\fam06-48.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\family\\family-03.MSK",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\data\\map\\scene\\house\\Nh04-06.MSK",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "ransomware_dropped_files"
},
{
"markcount": 1,
"families": [],
"description": "Attempts to modify Explorer settings to prevent hidden files from being displayed",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "stealth_hiddenfile"
},
{
"markcount": 10,
"families": [],
"description": "Disables Windows Security features",
"severity": 5,
"marks": [
{
"type": "generic",
"description": "attempts to disable user access control",
"registry": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA"
},
{
"type": "generic",
"description": "attempts to disable antivirus notifications",
"registry": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\AntiVirusOverride"
},
{
"type": "generic",
"description": "attempts to disable antivirus notifications",
"registry": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\AntiVirusDisableNotify"
},
{
"type": "generic",
"description": "attempts to disable firewall notifications",
"registry": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\FirewallDisableNotify"
},
{
"type": "generic",
"description": "attempts to disable firewall notifications",
"registry": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\FirewallOverride"
},
{
"type": "generic",
"description": "attempts to disable windows update notifications",
"registry": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\UpdatesDisableNotify"
},
{
"type": "generic",
"description": "disables user access control notifications",
"registry": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Security Center\\UacDisableNotify"
},
{
"type": "generic",
"description": "attempts to disable windows firewall",
"registry": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\EnableFirewall"
},
{
"type": "generic",
"description": "attempts to disable firewall exceptions",
"registry": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\DoNotAllowExceptions"
},
{
"type": "generic",
"description": "attempts to disable firewall notifications",
"registry": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\DisableNotifications"
}
],
"references": [],
"name": "disables_security"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.1474249362946,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5226,
"time": 9.3149108886719,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7070,
"time": 3.0110399723053,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7398,
"time": 1.0182890892029,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7726,
"time": 3.0228559970856,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8054,
"time": 1.6169459819794,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8382,
"time": -0.10033011436462,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8710,
"time": 1.5790750980377,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28120,
"time": 1.0393688678741,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36504,
"time": 3.1570420265198,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "d605890730f64ffa69656eddd91ef80acdfe8f2ad1f20604f3210ced4fb3db42",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "75a9ae18f637011cc5e33583f283492aba9cd795190deea14c72bdb0c7a627d7",
"irc": [],
"https_ex": []
}Screenshots
1028.exe removal instructions
The instructions below shows how to remove 1028.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the 1028.exe file for removal, restart your computer and scan it again to verify that 1028.exe has been successfully removed. Here are the removal instructions in more detail:
- Download and install FreeFixer: http://www.freefixer.com/download.html
- Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.
- When the scan is finished, locate 1028.exe in the scan result and tick the checkbox next to the 1028.exe file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate 1028.exe in the scan result.
c:\downloads\1028.exe 
- Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the 1028.exe file.
- Restart your computer.
- Start FreeFixer and scan your computer again. If 1028.exe still remains in the scan result, proceed with the next step. If 1028.exe is gone from the scan result you're done.
- If 1028.exe still remains in the scan result, check its checkbox again in the scan result and click Fix.
- Restart your computer.
- Start FreeFixer and scan your computer again. Verify that 1028.exe no longer appear in the scan result.
Hashes [?]
Property Value MD5 989bcd32235a0c6eb7831a8ec5a1412f SHA256 e72bf6def02c8b92805526539d28faf36a908e0a71a8948855c3f5cd88490cee
Error Messages
These are some of the error messages that can appear related to 1028.exe:
1028.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
1028.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
1028.exe has stopped working.
End Program - 1028.exe. This program is not responding.
1028.exe is not a valid Win32 application.
1028.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with 1028.exe?
To help other users, please let us know what you will do with 1028.exe:
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.
Leave a reply
