openapi: 3.0.3 info: title: VirusTotal API v3 - IoC Investigation version: '3.0' description: Investigate files, URLs, IP addresses, and domains. Submit and analyse samples, retrieve reports, get comments and votes, view sandbox behaviour, traverse the relationships graph. contact: name: VirusTotal / Google Threat Intelligence url: https://docs.virustotal.com/reference/overview license: name: VirusTotal Terms of Service url: https://www.virustotal.com/gui/terms-of-service x-generated-from: https://storage.googleapis.com/gtidocresources/guides/GTI_API_v3_openapi_spec_10022025.json x-last-validated: '2026-05-29' servers: - url: https://www.virustotal.com/api/v3 description: VirusTotal / GTI API v3 production. security: - VTApiKey: [] tags: - name: IoC Investigation - Analyses, Submissions & Operations description: IoC Investigation - Analyses, Submissions & Operations - name: IoC Investigation - Attack Tactics description: IoC Investigation - Attack Tactics - name: IoC Investigation - Attack Techniques description: IoC Investigation - Attack Techniques - name: IoC Investigation - Comments description: IoC Investigation - Comments - name: IoC Investigation - Domains & Resolutions description: IoC Investigation - Domains & Resolutions - name: IoC Investigation - Files description: IoC Investigation - Files - name: IoC Investigation - Files Behaviours description: IoC Investigation - Files Behaviours - name: IoC Investigation - IP addresses description: IoC Investigation - IP addresses - name: IoC Investigation - Popular Threat Categories description: IoC Investigation - Popular Threat Categories - name: IoC Investigation - Search & Metadata description: IoC Investigation - Search & Metadata - name: IoC Investigation - URLs description: IoC Investigation - URLs - name: IoC Investigation - Zipping files description: IoC Investigation - Zipping files paths: /analyses/{id}: get: tags: - IoC Investigation - Analyses, Submissions & Operations deprecated: false description: 'Returns an [Analysis](https://gtidocs.virustotal.com/reference/analyses-object) object. ' operationId: analysis parameters: - description: Analysis identifier in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a URL / File Analysis x-microcks-operation: delay: 0 dispatcher: FALLBACK /analyses/{id}/relationships/{relationship}: get: tags: - IoC Investigation - Analyses, Submissions & Operations deprecated: false description: 'This endpoint is the same as [/analyses/{id}/{relationship}](https://gtidocs.virustotal.com/reference/analyses-get-objects) except it returns just the related object''s descriptors (ID and context attributes, if any) instead of returning all attributes. ' operationId: analysesGetDescriptors parameters: - description: Analysis identifier in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:analyses-object#relationships)) in: path name: relationship required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Object Descriptors Related to an Analysis x-microcks-operation: delay: 0 dispatcher: FALLBACK /analyses/{id}/{relationship}: get: tags: - IoC Investigation - Analyses, Submissions & Operations deprecated: false description: "As mentioned in the [Relationships](https://gtidocs.virustotal.com/reference/relationships) section, those related objects can be retrieved by sending `GET` requests to the relationship\ \ URL. \n\nAvailable relationships are described in the [analysis](https://gtidocs.virustotal.com/reference/analyses-object) object documentation.\n" operationId: analysesGetObjects parameters: - description: Analysis identifier in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:analyses-object#relationships)) in: path name: relationship required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Objects Related to an Analysis x-microcks-operation: delay: 0 dispatcher: FALLBACK /submission/{id}: get: tags: - IoC Investigation - Analyses, Submissions & Operations deprecated: false description: 'Returns a [Submission](https://gtidocs.virustotal.com/reference/submission-object) object. ' operationId: getSubmission parameters: - description: Submission object ID in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a Submission Object x-microcks-operation: delay: 0 dispatcher: FALLBACK /operations/{id}: get: tags: - IoC Investigation - Analyses, Submissions & Operations deprecated: false description: 'Returns an [Operation](https://gtidocs.virustotal.com/reference/operation-object) object. ' operationId: getOperationsId parameters: - description: Operation ID in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get an Operation Object x-microcks-operation: delay: 0 dispatcher: FALLBACK /attack_tactics/{id}: get: tags: - IoC Investigation - Attack Tactics deprecated: false description: VirusTotal Get an Attack Tactic Object operationId: attackTacticsid parameters: - description: Attack tactic's ID in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get an Attack Tactic Object x-microcks-operation: delay: 0 dispatcher: FALLBACK /attack_tactics/{id}/relationships/{relationship}: get: tags: - IoC Investigation - Attack Tactics deprecated: false description: 'This endpoint is the same as [/attack_tactics/{id}/{relationship}](https://gtidocs.virustotal.com/reference/attack_tacticsidrelationship) except it returns just the related object''s descriptor instead of returning all attributes. ' operationId: attackTacticsidrelationshipsrelationship parameters: - description: Attack tactic's ID in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:object-attack-tactics#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Object Descriptors Related to an Attack Tactic x-microcks-operation: delay: 0 dispatcher: FALLBACK /attack_tactics/{id}/{relationship}: get: tags: - IoC Investigation - Attack Tactics deprecated: false description: 'Available relationships are described in the [Attack Tactic](https://gtidocs.virustotal.com/reference/attack-tactics) object documentation. ' operationId: attackTacticsidrelationship parameters: - description: Attack tactic's ID in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:object-attack-tactics#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Objects Related to an Attack Tactic x-microcks-operation: delay: 0 dispatcher: FALLBACK /attack_techniques/{id}: get: tags: - IoC Investigation - Attack Techniques deprecated: false description: VirusTotal Get an Attack Technique Object operationId: attackTechniqueid parameters: - description: Attack technique's ID in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get an Attack Technique Object x-microcks-operation: delay: 0 dispatcher: FALLBACK /attack_techniques/{id}/relationships/{relationship}: get: tags: - IoC Investigation - Attack Techniques deprecated: false description: 'This endpoint is the same as [/attack_techniques/{id}/{relationship}](https://gtidocs.virustotal.com/reference/attack_techniqueidrelationship) except it returns just the related object''s descriptor instead of returning all attributes. ' operationId: attackTechniquesidrelationshipsrelationship parameters: - description: Attack technique's ID in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:object-attack-techniques#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Object Descriptors Related to an Attack Technique x-microcks-operation: delay: 0 dispatcher: FALLBACK /attack_techniques/{id}/{relationship}: get: tags: - IoC Investigation - Attack Techniques deprecated: false description: 'Available relationships are described in the [Attack Technique](https://gtidocs.virustotal.com/reference/attack-techniques) object documentation. ' operationId: attackTechniqueidrelationship parameters: - description: Attack technique's ID in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:object-attack-techniques#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Objects Related to an Attack Technique x-microcks-operation: delay: 0 dispatcher: FALLBACK /comments: get: tags: - IoC Investigation - Comments deprecated: false description: "This endpoint retrieves information about the latest comments added to Google Threat Intelligence. \nYou can do some filtering over those comments, and get only those that contains\ \ a certain tag inside (e.g. filter=tag:malware).\n\n```json Response example\n{\n \"meta\": {\n \"cursor\": \"Cs8BChEKBGRhdGUSCQiCnsTiupvwAhK1AWoRc352aXJ1c3RvdGFsY2xvdWRynwELEgNVUkwiQDAxMTkxNTk0MmRiNTU2YmJhYjUxMzdmNzYxZWZlNjFmZWQyYjAwNTk4ZmVhOTAwMzYwYjgwMGIxOTNhN2JmMzEMCxIHQ29tbWVudCJJMDExOTE1OTQyZGI1NTZiYmFiNTEzN2Y3NjFlZmU2MWZlZDJiMDA1OThmZWE5MDAzNjBiODAwYjE5M2E3YmYzMS1kOTRkN2M4YQwYACAB\"\ \n },\n \"data\": [\n {\n \"attributes\": {\n \"votes\": {\n \"positive\": 0,\n \"abuse\": 0,\n \"negative\": 0\n },\n \"tags\": [\n \ \ \"_:api\",\n \"_:public\",\n \"aicc\",\n \"monitorapp\",\n \"malware\"\n ],\n \"text\": \"#aicc #monitorapp #malware\",\n \"html\"\ : \"#aicc #monitorapp #malware\",\n \"date\": 1619424604\n },\n \"type\": \"comment\",\n \"id\": \"u-011915942db556bbab5137f761efe61fed2b00598fea900360b800b193a7bf31-d94d7c8a\"\ ,\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/comments/u-011915942db556bbab5137f761efe61fed2b00598fea900360b800b193a7bf31-d94d7c8a\"\n }\n }\n ],\n \"links\"\ : {\n \"self\": \"https://www.virustotal.com/api/v3/comments?filter=tag%3Amalware&limit=1\",\n \"next\": \"https://www.virustotal.com/api/v3/comments?filter=tag%3Amalware&cursor=Cs8BChEKBGRhdGUSCQiCnsTiupvwAhK1AWoRc352aXJ1c3RvdGFsY2xvdWRynwELEgNVUkwiQDAxMTkxNTk0MmRiNTU2YmJhYjUxMzdmNzYxZWZlNjFmZWQyYjAwNTk4ZmVhOTAwMzYwYjgwMGIxOTNhN2JmMzEMCxIHQ29tbWVudCJJMDExOTE1OTQyZGI1NTZiYmFiNTEzN2Y3NjFlZmU2MWZlZDJiMDA1OThmZWE5MDAzNjBiODAwYjE5M2E3YmYzMS1kOTRkN2M4YQwYACAB&limit=1\"\ \n }\n}\n```\n" operationId: getComments parameters: - description: Number of items to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Filter returned elements in: query name: filter schema: type: string - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Latest Comments x-microcks-operation: delay: 0 dispatcher: FALLBACK /comments/{id}: delete: tags: - IoC Investigation - Comments deprecated: false description: VirusTotal Delete a Comment operationId: commentIdDelete parameters: - description: Comment ID in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Delete a Comment x-microcks-operation: delay: 0 dispatcher: FALLBACK get: tags: - IoC Investigation - Comments deprecated: false description: VirusTotal Get a Comment Object operationId: getComment parameters: - description: Relationship name (see [table](ref:comment-object#relationships)) in: query name: relationships schema: type: string - description: Comment ID in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a Comment Object x-microcks-operation: delay: 0 dispatcher: FALLBACK /comments/{id}/relationships/{relationship}: get: tags: - IoC Investigation - Comments deprecated: false description: 'This endpoint is the same as [/comments/{id}/{relationship}](https://gtidocs.virustotal.com/reference/comments-relationships) except it returns just the related object''s IDs (and context attributes, if any) instead of returning all attributes. ' operationId: commentsRelationshipsIds parameters: - description: Comment identifier in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:comment-object#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: '10' type: string - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Object Descriptors Related to a Comment x-microcks-operation: delay: 0 dispatcher: FALLBACK /comments/{id}/vote: post: tags: - IoC Investigation - Comments deprecated: false description: "```json Example response\n{\n \"data\": {\n \"abuse\": 0,\n \"negative\": 0,\n \"positive\": 1\n }\n}\n```\n" operationId: voteComment parameters: - description: Comment ID in: path name: id required: true schema: type: string requestBody: content: application/json: schema: properties: data: description: Vote type. Can be either `positive`, `negative` or `abuse` type: string required: - data type: object responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Add a Vote to a Comment x-microcks-operation: delay: 0 dispatcher: FALLBACK /comments/{id}/{relationship}: get: tags: - IoC Investigation - Comments deprecated: false description: 'Comment objects are related to other objects in the Google Threat Intelligence dataset. As mentioned in the [Relationships](https://gtidocs.virustotal.com/reference/relationships) section, those related objects can be retrieved by sending `GET` requests to the relationships endpoint. All available relationships are documented in the [Comment](https://gtidocs.virustotal.com/reference/comment-object) API object page. ' operationId: commentsRelationships parameters: - description: Comment identifier in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:comment-object#relationships)) in: path name: relationship required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Missing or invalid API key. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Object not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '429': description: Rate limit or quota exceeded. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' security: - VTApiKey: [] summary: VirusTotal Get Objects Related to a Comment x-microcks-operation: delay: 0 dispatcher: FALLBACK /domains/{domain}: get: tags: - IoC Investigation - Domains & Resolutions deprecated: false description: 'Returns a [Domain](https://gtidocs.virustotal.com/reference/domains-object) object. ' operationId: domainInfo parameters: - description: Domain name in: path name: domain required: true schema: type: string - description: The name of your tool or service. This is required to obtain the gti_assesment data in: header name: x-tool required: false schema: type: string responses: '200': content: application/json: examples: Result: value: '' description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a Domain Report x-microcks-operation: delay: 0 dispatcher: FALLBACK /domains/{domain}/comments: get: tags: - IoC Investigation - Domains & Resolutions deprecated: false description: 'Returns a list of [Comment](https://gtidocs.virustotal.com/reference/comment-object) objects. ' operationId: domainsCommentsGet parameters: - description: Domain name in: path name: domain required: true schema: type: string - description: Maximum number of comments to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Comments on a Domain x-microcks-operation: delay: 0 dispatcher: FALLBACK post: tags: - IoC Investigation - Domains & Resolutions deprecated: false description: "With this endpoint you can post a comment for a given domain. The body for the POST request must be the JSON representation of a comment object. Notice however that you don't need to\ \ provide an ID for the object, as they are automatically generated for new comments.\n\nAny word starting with # in your comment's text will be considered a tag, and added to the comment's tag\ \ attribute.\n\n```json Example request\n{\n \"data\": {\n \"type\": \"comment\",\n \"attributes\": {\n \t\"text\": \"Lorem #ipsum dolor sit ...\"\n }\n }\n}\n```\n\nReturns a [Comment](https://gtidocs.virustotal.com/reference/comment-object)\ \ object.\n" operationId: domainsCommentsPost parameters: - description: Domain name in: path name: domain required: true schema: type: string requestBody: content: application/json: schema: properties: data: default: '{"type": "comment", "attributes": {"text": "Lorem ipsum dolor sit ..."}}' description: A comment object format: json type: string type: object responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Add a Comment to a Domain x-microcks-operation: delay: 0 dispatcher: FALLBACK /domains/{domain}/relationships/{relationship}: get: tags: - IoC Investigation - Domains & Resolutions deprecated: false description: 'This endpoint is the same as [/domains/{domain}/{relationship}](https://gtidocs.virustotal.com/reference/domains-relationships) except it returns just the related object''s IDs (and context attributes, if any) instead of returning all attributes. ' operationId: domainsRelationshipsIds parameters: - description: Domain name in: path name: domain required: true schema: type: string - description: Relationship name (see [table](ref:domains-object#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: '10' type: string - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Object Descriptors Related to a Domain x-microcks-operation: delay: 0 dispatcher: FALLBACK /domains/{domain}/votes: get: tags: - IoC Investigation - Domains & Resolutions deprecated: false description: 'Returns a list of [Vote](https://gtidocs.virustotal.com/reference/vote-object) objects. ' operationId: domainsVotesGet parameters: - in: path name: domain required: true schema: type: string description: domain parameter responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Votes on a Domain x-microcks-operation: delay: 0 dispatcher: FALLBACK post: tags: - IoC Investigation - Domains & Resolutions deprecated: false description: "With this endpoint you can post a vote for a given domain. The body for the POST request must be the JSON representation of a [vote object](https://gtidocs.virustotal.com/reference/vote-object).\ \ Note however that you don't need to provide an ID for the object, as they are automatically generated for new votes.\n\nThe verdict attribute must have be either harmless or malicious.\n\n```json\ \ Example request\n{\n \"data\": {\n \"type\": \"vote\",\n \"attributes\": {\n \t\"verdict\": \"harmless\"\n }\n }\n}\n```\n\nReturns a [votes](https://gtidocs.virustotal.com/reference/vote-object)\ \ object.\n" operationId: domainVotesPost parameters: - description: hostname or domain name in: path name: domain required: true schema: type: string requestBody: content: application/json: schema: properties: data: default: '{"type": "vote", "attributes": {"verdict": "harmless"}}' description: Vote object format: json type: string required: - data type: object responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' '409': content: application/json: examples: Result: value: "{\n \"error\": {\n \"code\": \"AlreadyExistsError\",\n \"message\": \"User \\\"username\\\" already voted \\\"harmless\\\" for this domain\"\n }\n}" schema: properties: error: properties: code: type: string message: type: string type: object type: object description: '409' security: - VTApiKey: [] summary: VirusTotal Add a Vote to a Domain x-microcks-operation: delay: 0 dispatcher: FALLBACK /domains/{domain}/{relationship}: get: tags: - IoC Investigation - Domains & Resolutions deprecated: false description: "Domain objects have number of relationships to other Domains and objects. As mentioned in the [Relationships](https://gtidocs.virustotal.com/reference/relationships) section, those related\ \ objects can be retrieved by sending `GET` requests to the relationship URL. \n\nAll available relationships are documented in the [domain](https://gtidocs.virustotal.com/reference/domains-object)\ \ API object page.\n" operationId: domainsRelationships parameters: - description: Domain name in: path name: domain required: true schema: type: string - description: Relationship name (see [table](ref:domains-object#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Objects Related to a Domain x-microcks-operation: delay: 0 dispatcher: FALLBACK /resolutions/{id}: get: tags: - IoC Investigation - Domains & Resolutions deprecated: false description: 'This endpoint retrieves a [Resolution](https://gtidocs.virustotal.com/reference/resolution-object) object by its ID. A resolution object ID is made by appending the IP and the domain it resolves to together. ' operationId: getResolutionById parameters: - description: Resolution object ID. in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a DNS Resolution Object x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/upload_url: get: tags: - IoC Investigation - Files deprecated: false description: "For uploading files smaller than 32MB you can simply use the [POST /files](https://gtidocs.virustotal.com/reference/files-scan) endpoint, but for larger files you need to obtain a special\ \ upload URL first, and then send the `POST` request to the upload URL instead of sending it to `/files`. The `POST` request should have the same format expected by the [POST /files](https://gtidocs.virustotal.com/reference/files-scan)\ \ endpoint. Each upload URL can be used only once.\n\n> \U0001F4D8 Files larger than 200MBs\n> \n> Notice that although the actual size limit is 650MBs, files larger than 200MBs tend to be bundles\ \ of some sort, (compressed files, ISO images, etc.) in these cases it makes sense to upload the inner individual files instead for several reasons, as an example:\n> \n> - Engines tend to have\ \ performance issues on big files (timeouts, some may not even scan them).\n> - Some engines are not able to inspect certain file types whereas they will be able to inspect the inner files if submitted.\n\ > - When scanning a big bundle you lose context on which specific inner file is causing the detection.\n\n```json Example response\n{\n \"data\": \"http://www.virustotal.com/_ah/upload/AMmfu6b-_DXUeFe36Sb3b0F4B8mH9Nb-CHbRoUNVOPwG/\"\ \n}\n```\n" operationId: filesUploadUrl parameters: [] responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a URL for Uploading Large Files x-microcks-operation: delay: 0 dispatcher: FALLBACK /files: post: tags: - IoC Investigation - Files description: "Upload and analyse a file\n\n> \U0001F4D8 File size\n> \n> If the file to be uploaded is bigger than 32MB, please use the [/files/upload_url](https://gtidocs.virustotal.com/reference/files-upload-url)\ \ endpoint instead which admits files up to 650MB." operationId: filesScan parameters: [] requestBody: content: multipart/form-data: encoding: file: contentType: application/octet-stream example: /path/to/file schema: properties: file: format: binary type: string password: description: Optional, password to decompress and scan a file contained in a protected ZIP file. type: string type: object description: File to scan required: true responses: '200': content: application/json: examples: Result: value: "{\n \"data\": {\n \"type\": \"analysis\",\n \"id\": \"OTdiYWM4MjI0NGE2ZjhlNTk4NDZmZDY1YTliMWYwYjM6YzlhNzBhNDM1NzlmZjc5M2E2NGI5Mzk0NmJjNjVhOWE6MTczNzYzMjk2MQ==\",\n \"\ links\": {\n \"self\": \"https://www.virustotal.com/api/v3/private/analyses/OTdiYWM4MjI0NGE2ZjhlNTk4NDZmZDY1YTliMWYwYjM6YzlhNzBhNDM1NzlmZjc5M2E2NGI5Mzk0NmJjNjVhOWE6MTczNzYzMjk2MQ==\"\ \n }\n }}" schema: properties: data: properties: id: type: string type: type: string links: properties: self: type: string type: object type: object description: The analysis ID. Use [/analyses/](ref:analysis) API call to check the analysis status. '401': content: application/json: examples: Result: value: "{\n \"error\": {\n \"code\": \"WrongCredentialsError\",\n \"message\": \"Wrong API key\"\n }}" schema: properties: error: properties: code: type: string message: type: string type: object type: object description: If password was provided and the file isn't a ZIP, it contains more than one file, the password is incorrect, or the file is corrupt. summary: VirusTotal Upload a File security: - VTApiKey: [] x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}: get: tags: - IoC Investigation - Files deprecated: false description: 'Returns a [File](https://gtidocs.virustotal.com/reference/object-files) object. ' operationId: fileInfo parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string - description: The name of your tool or service. This is required to obtain the gti_assesment data in: header name: x-tool required: false schema: type: string responses: '200': content: application/json: examples: Result: value: '' description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a File Report x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/analyse: post: tags: - IoC Investigation - Files deprecated: false description: "> ❗️ Caution\n> \n> This API endpoint has the potential to produce a denial of service on the scanning infrastructure if abused. Please contact us if you are going to be rescanning more\ \ than 50K files per day.\n\nFiles that have been already uploaded to Google TI can be re-analysed without uploading them again, you can use this endpoint for that purpose. The response is an object\ \ descriptor for the new analysis as in the [POST /files](https://gtidocs.virustotal.com/reference/files-scan) endpoint. The ID contained in the descriptor can be used with the [GET /analyses/{id}](https://gtidocs.virustotal.com/reference/analysis)\ \ endpoint to get information about the analysis.\n\n```json Example response\n{\n \"data\": {\n \"type\": \"analysis\",\n \"id\": \"NjY0MjRlOTFjMDIyYTkyNWM0NjU2NWQzYWNlMzFmZmI6MTQ3NTA0ODI3Nw==\"\ \n }\n}\n```\n" operationId: filesAnalyse parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Request a File Rescan (re-analyze) x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/comments: get: tags: - IoC Investigation - Files deprecated: false description: 'Returns a list of [Comment](https://gtidocs.virustotal.com/reference/comment-object) objects. ' operationId: filesCommentsGet parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string - description: Maximum number of comments to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Comments on a File x-microcks-operation: delay: 0 dispatcher: FALLBACK post: tags: - IoC Investigation - Files deprecated: false description: "With this endpoint you can post a comment for a given file. The body for the `POST` request must be the JSON representation of a comment object. Notice however that you don't need to\ \ provide an ID for the object, as they are automatically generated for new comments.\n\nAny word starting with # in your comment's text will be considered a tag, and added to the comment's tag\ \ attribute.\n\nReturns a [Comment](https://gtidocs.virustotal.com/reference/comment-object) object.\n\n```json Example request\n{\n \"data\": {\n \"type\": \"comment\",\n \"attributes\"\ : {\n \t\"text\": \"Lorem #ipsum dolor sit ...\"\n }\n }\n}\n```\n" operationId: filesCommentsPost parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string requestBody: content: application/json: schema: properties: data: default: '{"type": "comment", "attributes": {"text": "Lorem ipsum dolor sit ..."}}' description: A comment object format: json type: string required: - data type: object responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Add a Comment to a File x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/download: get: tags: - IoC Investigation - Files deprecated: false description: 'This endpoint is similar to [GET /files/{id}/download_url](https://gtidocs.virustotal.com/reference/files-download-url), but it redirects you to the download URL. The download URL you are redirected to can be reused as many times as you want for a period of 1 hour. After that period the URL expires and can''t be used anymore. ' operationId: filesDownload parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Download a File x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/download_url: get: tags: - IoC Investigation - Files deprecated: false description: "This endpoint returns a signed URL from where you can download the specified file. Getting the URL counts as a file download in your quota, even if you don't actually download the file,\ \ but once you have the URL you can use it to download the file multiple times without consuming any quota at all. The URL expires after 1 hour.\n\n```json Example response\n{\n \"data\": \"https://vtsamples.commondatastorage.googleapis.com/275a..fd0f?GoogleAccessId=758681729565-rc7fcckv235v1@developer.gserviceaccount.com&Expires=1524733537&Signature=GRs9WLy...oHA%3D\"\ \n}\n```\n" operationId: filesDownloadUrl parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a File’s Download URL x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/relationships/{relationship}: get: tags: - IoC Investigation - Files deprecated: false description: 'This endpoint is the same as [/files/{id}/{relationship}](https://gtidocs.virustotal.com/reference/files-relationships) except it returns just the related object''s IDs (and context attributes, if any) instead of returning all attributes. ' operationId: filesRelationshipsIds parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:object-files#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: '10' type: string - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Object Descriptors Related to a File x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/votes: get: tags: - IoC Investigation - Files deprecated: false description: 'Returns a list of [Vote](https://gtidocs.virustotal.com/reference/vote-object) objects. ' operationId: filesVotesGet parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string - description: Maximum number of votes to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Votes on a File x-microcks-operation: delay: 0 dispatcher: FALLBACK post: tags: - IoC Investigation - Files deprecated: false description: "With this endpoint you can post a vote for a given file. The body for the `POST` request must be the JSON representation of a vote object. Notice however that you don't need to provide\ \ an ID for the object, as they are automatically generated for new votes.\n\nThe verdict attribute must have be either `harmless` or `malicious`.\n\nReturns a [Vote](https://gtidocs.virustotal.com/reference/vote-object)\ \ object.\n\n```json Example request\n{\n \"data\": {\n \"type\": \"vote\",\n \"attributes\": {\n \t\"verdict\": \"harmless\"\n }\n }\n}\n```\n" operationId: filesVotesPost parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string requestBody: content: application/json: schema: properties: data: default: '{"type": "vote", "attributes": {"verdict": "malicious"}}' description: A vote object format: json type: string required: - data type: object responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' '409': content: application/json: examples: Result: value: "{\n \"error\": {\n \"code\": \"AlreadyExistsError\",\n \"message\": \"User \\\"username\\\" already voted \\\"malicious\\\" for this file\"\n }\n}" schema: properties: error: properties: code: type: string message: type: string type: object type: object description: '409' security: - VTApiKey: [] summary: VirusTotal Add a Vote on a File x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/{relationship}: get: tags: - IoC Investigation - Files deprecated: false description: "File objects have many relationships to other files and objects. As mentioned in the [Relationships](https://gtidocs.virustotal.com/reference/relationships) section, those related objects\ \ can be retrieved by sending `GET` requests to the relationship URL. \n\nSome relationships are accessible only to users who have access to VirusTotal Enterprise package.\n\nMore common relationships\ \ are described in the [File](https://gtidocs.virustotal.com/reference/object-files) object documentation and you can use the [metadata](https://gtidocs.virustotal.com/reference/metadata) endpoint\ \ to get the full list of relationships.\n" operationId: filesRelationships parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:object-files#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Objects Related to a File x-microcks-operation: delay: 0 dispatcher: FALLBACK /sigma_rules/{id}: get: tags: - IoC Investigation - Files deprecated: false description: 'Returns a [Sigma Rule](https://gtidocs.virustotal.com/reference/sigma-rule-object) object. ' operationId: getSigmaRules parameters: - description: Rule ID in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a Crowdsourced Sigma Rule Object x-microcks-operation: delay: 0 dispatcher: FALLBACK /yara_rulesets/{id}: get: tags: - IoC Investigation - Files deprecated: false description: 'Returns a [YARA Ruleset](https://gtidocs.virustotal.com/reference/yara-rulesets-object) object used in our crowdsourced YARA results. ' operationId: getYaraRulesets parameters: - description: Ruleset ID to fetch. in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a Crowdsourced YARA Ruleset x-microcks-operation: delay: 0 dispatcher: FALLBACK /file_behaviours/{sandbox_id}: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: 'Fetches a [File behaviour](https://gtidocs.virustotal.com/reference/file-behaviour-summary-object) object by ID. > 📘 This API call only fetches the behaviour report for a single behavioural analysis you can fetch all of them with [https://gtidocs.virustotal.com/reference/file-all-behaviours-summary](https://gtidocs.virustotal.com/reference/file-all-behaviours-summary) ## Sandbox Report identifiers A Sandbox report ID has two main components: the **analysed file''s SHA256** and the **sandbox name**. These two components are joined by a `_` character. For example, ID `5353e23f3653402339c93a8565307c6308ff378e03fcf23a4378f31c434030b0_VirusTotal Jujubox` fetches the sandbox report for a file having a SHA256 `5353e23f3653402339c93a8565307c6308ff378e03fcf23a4378f31c434030b0` analysed in the `VirusTotal Jujubox` sandbox. ' operationId: getFileBehaviourId parameters: - description: Sandbox report ID. See "Sandbox Report identifiers" section below for more info. in: path name: sandbox_id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a File Behavior Report from a Sandbox x-microcks-operation: delay: 0 dispatcher: FALLBACK /file_behaviours/{sandbox_id}/evtx: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: "> \U0001F6A7 Special privileges required\n> \n> This endpoint is only available for users with special privileges.\n\nFetch the EVTX file associated with the sandbox execution.\n" operationId: fileBehaviourEvtx parameters: - description: Sandbox report ID. in: path name: sandbox_id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get the EVTX File Generated During a File’s Behavior Analysis x-microcks-operation: delay: 0 dispatcher: FALLBACK /file_behaviours/{sandbox_id}/html: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: 'Returns a [File behaviour](https://gtidocs.virustotal.com/reference/file-behaviour-summary-object) object as an HTML report. ## Sandbox Report identifiers A Sandbox report ID has two main components: the **analysed file''s SHA256** and the **sandbox name**. These two components are joined by a `_` character. For example, ID `5353e23f3653402339c93a8565307c6308ff378e03fcf23a4378f31c434030b0_VirusTotal Jujubox` fetches the sandbox report for a file having a SHA256 `5353e23f3653402339c93a8565307c6308ff378e03fcf23a4378f31c434030b0` analysed in the `VirusTotal Jujubox` sandbox. ' operationId: getFileBehaviourHtml parameters: - description: Sandbox report ID. in: path name: sandbox_id required: true schema: type: string responses: '200': content: text/plain: examples: Result: value: "\n\n ..." description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a Detailed HTML Behaviour Report x-microcks-operation: delay: 0 dispatcher: FALLBACK /file_behaviours/{sandbox_id}/memdump: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: "> \U0001F6A7 Special privileges required\n> \n> This endpoint is only available for users with special privileges.\n\nFetch the memdump file associated with the sandbox execution.\n" operationId: fileBehaviourMemdump parameters: - description: Sandbox report ID. in: path name: sandbox_id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get the Memdump File Generated During a File’s Behavior Analysis x-microcks-operation: delay: 0 dispatcher: FALLBACK /file_behaviours/{sandbox_id}/pcap: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: "> \U0001F6A7 Special privileges required\n> \n> This endpoint is only available for users with special privileges.\n\nFetch the PCAP file associated with the sandbox execution.\n" operationId: fileBehavioursPcap parameters: - description: Sandbox report ID. in: path name: sandbox_id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get the PCAP File Generated During a File’s Behavior Analysis x-microcks-operation: delay: 0 dispatcher: FALLBACK /file_behaviours/{sandbox_id}/relationships/{relationship}: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: 'This endpoint is the same as [/file_behaviours/{sandbox_id}/{relationship}](https://gtidocs.virustotal.com/reference/file_behaviourssandbox_idrelationship) except it returns just the related object''s IDs (and context attributes, if any) instead of returning all attributes. ' operationId: fileBehaviourssandboxIdrelationshipsrelationship parameters: - description: Sandbox report ID in: path name: sandbox_id required: true schema: type: string - description: Relationship name (see [table](ref:file-behaviour-summary-object#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Object Descriptors Related to a Behaviour Report x-microcks-operation: delay: 0 dispatcher: FALLBACK /file_behaviours/{sandbox_id}/{relationship}: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: "As mentioned in the [Relationships](https://gtidocs.virustotal.com/reference/relationships) section, those related objects can be retrieved by sending `GET` requests to the relationship\ \ URL. \n\nAvailable relationships are described in the [File behaviour](https://gtidocs.virustotal.com/reference/file-behaviour-summary-object) object documentation.\n" operationId: fileBehaviourssandboxIdrelationship parameters: - description: Sandbox report ID in: path name: sandbox_id required: true schema: type: string - description: Relationship name (see [table](ref:file-behaviour-summary-object#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Objects Related to a Behaviour Report x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/behaviour_mitre_trees: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: "This endpoint returns a summary of MITRE ATT&CK tactics and techniques observed in each of the sandbox reports of a file.\n\nThe resulting structure is the following one:\n\n```json\n\ {\n sandbox_name: {\n \"tactics\": [\n {\n \"id\": tactic_id,\n \"name\": tactic_name,\n \"description\": tactic_description,\n \"link\": tactic_mitre_url,\n\ \ \"techniques\": [\n {\n \"id\": technique_id,\n \"name\": technique_name,\n \"description\": technique_description,\n \"link\": technique_mitre_url,\n\ \ \"signatures\": [\n {\n \"severity\": severity (\"HIGH\" / \"MEDIUM\" / \"LOW\" / \"INFO\" / \"UNKNOWN\"),\n \"description\": signature_description\n\ \ }, ...\n ]\n }, ...\n ]\n }, ...\n ]\n }, ... \n}\n```\n\n```json Example response\n{\n\t\"data\": {\n\t\t\"VirusTotal Observer\": {\n\t\t\t\"\ tactics\": []\n\t\t},\n\t\t\"Zenbox\": {\n\t\t\t\"tactics\": [\n\t\t\t\t{\n\t\t\t\t\t\"description\": \"The adversary is trying to figure out your environment.\\n\\nDiscovery consists of techniques\ \ an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also\ \ allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often\ \ used toward this post-compromise information-gathering objective. \",\n\t\t\t\t\t\"techniques\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"description\": \"An adversary may attempt to get detailed information\ \ about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated\ \ discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.\\nTools such as Systeminfo can be used to gather detailed\ \ system information. If running with privileged access, a breakdown of system data can be gathered through the systemsetup configuration tool on macOS. As an example, adversaries with user-level\ \ access can execute the df -aH command to obtain currently mounted disks and associated freely available space. Adversaries may also leverage a Network Device CLI on network devices to gather detailed\ \ system information. System Information Discovery combined with information gathered from other forms of discovery and reconnaissance can drive payload development and concealment.\\nInfrastructure\ \ as a Service (IaaS) cloud providers such as AWS, GCP, and Azure allow access to instance and virtual machine information via APIs. Successful authenticated API calls can return data such as the\ \ operating system platform and status of a particular instance or the model view of a virtual machine.\",\n\t\t\t\t\t\t\t\"signatures\": [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\"severity\": \"\ INFO\",\n\t\t\t\t\t\t\t\t\t\"description\": \"Reads software policies\"\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\"link\": \"https://attack.mitre.org/techniques/T1082/\",\n\t\t\t\t\t\t\ \t\"id\": \"T1082\",\n\t\t\t\t\t\t\t\"name\": \"System Information Discovery\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"description\": \"Adversaries may enumerate files and directories or\ \ may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated\ \ discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.\\nMany command shell utilities can be used to obtain this\ \ information. Examples include dir, tree, ls, find, and locate. Custom tools may also be used to gather file and directory information and interact with the Native API. Adversaries may also leverage\ \ a Network Device CLI on network devices to gather file and directory information.\",\n\t\t\t\t\t\t\t\"signatures\": [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\"severity\": \"INFO\",\n\t\t\t\t\t\t\ \t\t\t\"description\": \"Reads ini files\"\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\"link\": \"https://attack.mitre.org/techniques/T1083/\",\n\t\t\t\t\t\t\t\"id\": \"T1083\",\n\t\t\t\ \t\t\t\t\"name\": \"File and Directory Discovery\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"link\": \"https://attack.mitre.org/tactics/TA0007/\",\n\t\t\t\t\t\"id\": \"TA0007\",\n\t\t\t\t\t\"name\"\ : \"Discovery\"\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"description\": \"The adversary is trying to avoid being detected.\\n\\nDefense Evasion consists of techniques that adversaries use to avoid detection\ \ throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse\ \ trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses. \",\n\t\t\t\t\t\"\ techniques\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"description\": \"Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process\ \ injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network\ \ resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process. \\nThere\ \ are many different ways to inject code into a process, many of which abuse legitimate functionalities. These implementations exist for every major OS but are typically platform specific. \\nMore\ \ sophisticated samples may perform multiple process injections to segment modules and further evade detection, utilizing named pipes or other inter-process communication (IPC) mechanisms as a communication\ \ channel. \",\n\t\t\t\t\t\t\t\"signatures\": [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\"severity\": \"INFO\",\n\t\t\t\t\t\t\t\t\t\"description\": \"Spawns processes\"\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\ \t\t\t],\n\t\t\t\t\t\t\t\"link\": \"https://attack.mitre.org/techniques/T1055/\",\n\t\t\t\t\t\t\t\"id\": \"T1055\",\n\t\t\t\t\t\t\t\"name\": \"Process Injection\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\ \t\t\t\t\t\t\t\"description\": \"Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when\ \ the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users\ \ into misidentifying the file type, and giving legitimate task or service names.\\nRenaming abusable system utilities to evade security monitoring is also a form of Masquerading.\",\n\t\t\t\t\t\ \t\t\"signatures\": [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\"severity\": \"INFO\",\n\t\t\t\t\t\t\t\t\t\"description\": \"Creates files inside the user directory\"\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\ \t\t],\n\t\t\t\t\t\t\t\"link\": \"https://attack.mitre.org/techniques/T1036/\",\n\t\t\t\t\t\t\t\"id\": \"T1036\",\n\t\t\t\t\t\t\t\"name\": \"Masquerading\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\ \t\t\t\t\"description\": \"Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary\ \ (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process\ \ to minimize the adversary's footprint.\\nThere are tools available from the host operating system to perform cleanup, but adversaries may use other tools as well. Examples of built-in Command\ \ and Scripting Interpreter functions include del on Windows and rm or unlink on Linux and macOS.\",\n\t\t\t\t\t\t\t\"signatures\": [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\"severity\": \"INFO\"\ ,\n\t\t\t\t\t\t\t\t\t\"description\": \"Deletes files inside the Windows folder\"\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\"link\": \"https://attack.mitre.org/techniques/T1070/004/\"\ ,\n\t\t\t\t\t\t\t\"id\": \"T1070.004\",\n\t\t\t\t\t\t\t\"name\": \"File Deletion\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"link\": \"https://attack.mitre.org/tactics/TA0005/\",\n\t\t\t\t\t\"id\"\ : \"TA0005\",\n\t\t\t\t\t\"name\": \"Defense Evasion\"\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"description\": \"The adversary is trying to gain higher-level permissions.\\n\\nPrivilege Escalation consists\ \ of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions\ \ to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: \\n\\n* SYSTEM/root\ \ level\\n* local administrator\\n* user account with admin-like access \\n* user accounts with access to specific system or perform specific function\\n\\nThese techniques often overlap with Persistence\ \ techniques, as OS features that let an adversary persist can execute in an elevated context. \",\n\t\t\t\t\t\"techniques\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"description\": \"Adversaries may\ \ inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a\ \ separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process\ \ injection may also evade detection from security products since the execution is masked under a legitimate process. \\nThere are many different ways to inject code into a process, many of which\ \ abuse legitimate functionalities. These implementations exist for every major OS but are typically platform specific. \\nMore sophisticated samples may perform multiple process injections to segment\ \ modules and further evade detection, utilizing named pipes or other inter-process communication (IPC) mechanisms as a communication channel. \",\n\t\t\t\t\t\t\t\"signatures\": [\n\t\t\t\t\t\t\t\ \t{\n\t\t\t\t\t\t\t\t\t\"severity\": \"INFO\",\n\t\t\t\t\t\t\t\t\t\"description\": \"Spawns processes\"\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\"link\": \"https://attack.mitre.org/techniques/T1055/\"\ ,\n\t\t\t\t\t\t\t\"id\": \"T1055\",\n\t\t\t\t\t\t\t\"name\": \"Process Injection\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"link\": \"https://attack.mitre.org/tactics/TA0004/\",\n\t\t\t\t\t\"id\"\ : \"TA0004\",\n\t\t\t\t\t\"name\": \"Privilege Escalation\"\n\t\t\t\t}\n\t\t\t]\n\t\t},\n\t\t\"VirusTotal Jujubox\": {\n\t\t\t\"tactics\": []\n\t\t}\n\t},\n\t\"links\": {\n\t\t\"self\": \"https://www.virustotal.com/api/v3/files/bb04b55bc87b4bb4d2543bf50ff46ec840d653ca9311e9b40d9933e484719a91/behaviour_mitre_trees\"\ \n\t}\n}\n```\n" operationId: getASummaryOfAllMitreAttckTechniquesObservedInAFile parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a Summary of All MITRE ATT&CK Techniques Observed in a File x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/behaviour_summary: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: "This endpoint returns a summary with behavioural information about the file. The summary consists in merging together the reports produced by the multiple sandboxes we have integrated\ \ in VirusTotal. \n\nThis API call returns all fields contained in the [File behaviour](https://gtidocs.virustotal.com/reference/file-behaviour-summary-object) object, except the ones that make\ \ sense only for individual sandboxes:\n\n- `analysis_date`\n- `behash`\n- `has_html_report`\n- `has_pcap`\n- `last_modification_date`\n- `sandbox_name`\n\n```json Example response\n{\n \"data\"\ : {\n \"calls_highlighted\": [\n \"GetTickCount\"\n ],\n \"files_opened\": [\n \"C:\\\\WINDOWS\\\\system32\\\\winime32.dll\",\n \"C:\\\\WINDOWS\\\ \\system32\\\\ws2_32.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\ws2help.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\psapi.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\imm32.dll\"\ ,\n \"C:\\\\WINDOWS\\\\system32\\\\lpk.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\usp10.dll\",\n \"C:\\\\WINDOWS\\\\WinSxS\\\\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\\\ \\comctl32.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\winmm.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\winspool.drv\",\n \"C:\\\\WINDOWS\\\\WindowsShell.Manifest\",\n\ \ \"C:\\\\WINDOWS\\\\system32\\\\shell32.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\MSCTF.dll\"\n ],\n \"modules_loaded\": [\n \"comctl32.dll\",\n \ \ \"C:\\\\WINDOWS\\\\system32\\\\ws2_32.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\MSCTF.dll\",\n \"version.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\msctfime.ime\"\ ,\n \"C:\\\\WINDOWS\\\\system32\\\\ole32.dll\",\n \"USER32.dll\",\n \"IMM32.dll\",\n \"C:\\\\WINDOWS\\\\system32\\\\user32.dll\"\n ],\n \ \ \"mutexes_created\": [\n \"CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500\",\n \"CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500\"\ ,\n \"CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500\",\n \"CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500\",\n \"CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500\"\ ,\n \"CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500\",\n \"MSCTF.Shared.MUTEX.EBH\"\n \ \ ],\n \"mutexes_opened\": [\n \"ShimCacheMutex\"\n ],\n \"processes_terminated\": [\n \"C:\\\\Documents and Settings\\\\Administrator\\\\Local Settings\\\ \\Temp\\\\EB93A6\\\\996E.exe\"\n ],\n \"processes_tree\": [\n {\n \"name\": \"****.exe\",\n \"process_id\": \"1036\"\n },\n \ \ {\n \"name\": \"9f9e74241d59eccfe7040bfdcbbceacb374eda397cc53a4197b59e4f6f380a91.exe\",\n \"process_id\": \"2340\"\n }\n ],\n \"registry_keys_opened\"\ : [\n \"\\\\Registry\\\\Machine\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Image File Execution Options\\\\996E.exe\",\n \"\\\\Registry\\\\MACHINE\\\\System\\\ \\CurrentControlSet\\\\Control\\\\SafeBoot\\\\Option\",\n \"\\\\Registry\\\\Machine\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\Safer\\\\CodeIdentifiers\",\n \"\\\\\ REGISTRY\\\\MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\Safer\\\\CodeIdentifiers\\\\TransparentEnabled\",\n \"\\\\REGISTRY\\\\USER\\\\S-1-5-21-1482476501-1645522239-1417001333-500\\\ \\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\Safer\\\\CodeIdentifiers\",\n \"\\\\Registry\\\\Machine\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Image File Execution\ \ Options\\\\COMCTL32.dll\",\n \"\\\\Registry\\\\Machine\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Image File Execution Options\\\\SHELL32.dll\",\n \"\\\\\ Registry\\\\Machine\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Image File Execution Options\\\\comdlg32.dll\",\n \"\\\\Registry\\\\Machine\\\\Software\\\\Microsoft\\\\\ Windows NT\\\\CurrentVersion\\\\Image File Execution Options\\\\WINMM.dll\",\n \"\\\\REGISTRY\\\\MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Drivers32\\\\wave\"\ ,\n \"\\\\REGISTRY\\\\MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Drivers32\\\\wave1\",\n \"\\\\REGISTRY\\\\MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\ \ NT\\\\CurrentVersion\\\\Drivers32\\\\wave2\",\n \"\\\\REGISTRY\\\\MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Drivers32\\\\wave3\",\n \"\\\\REGISTRY\\\ \\MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Drivers32\\\\wave4\",\n \"\\\\REGISTRY\\\\MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Drivers32\\\ \\wave5\"\n ],\n \"tags\": [\n \"DIRECT_CPU_CLOCK_ACCESS\",\n \"RUNTIME_MODULES\"\n ],\n \"text_highlighted\": [\n \"&Open\",\n \ \ \"&Cancel\",\n \"&About\",\n \"Cate&gory:\",\n \"Host &Name (or IP address)\",\n \"&Port\",\n \"22\",\n \"Connection type:\"\ ,\n \"Ra&w\",\n \"&Telnet\",\n \"Rlog&in\"\n ]\n }\n}\n```\n" operationId: fileAllBehavioursSummary parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a Summary of All Behavior Reports for a File x-microcks-operation: delay: 0 dispatcher: FALLBACK /files/{id}/behaviours: get: tags: - IoC Investigation - Files Behaviours deprecated: false description: "This endpoint returns behavioural information from each sandbox about the file. \n\nThis API call returns all fields contained in the [File behaviour](https://gtidocs.virustotal.com/reference/file-behaviour-summary-object)\ \ object.\n\nNote some of the entries have \n\n- `has_html_report` if true you may fech the HTML [File behaviour](https://gtidocs.virustotal.com/reference/get-file-behaviour-html).\n- `has_pcap`\ \ if true you may fech the PCAP [File behaviour](https://gtidocs.virustotal.com/reference/file_behaviours_pcap).\n\n```json Example response\n{\n \"meta\": {\n \"count\": 5\n },\n \ \ \"data\": [\n {\n \"attributes\": {\n \"verdicts\": [\n \"UNKNOWN_VERDICT\"\n ],\n \"has_pcap\": false,\n \ \ \"analysis_date\": 1669409515,\n \"processes_tree\": [\n {\n \"process_id\": \"2248\",\n \"name\":\ \ \"%windir%\\\\System32\\\\svchost.exe -k WerSvcGroup\"\n },\n {\n \"process_id\": \"2940\",\n \"name\": \"wmiadap.exe\ \ /F /T /R\"\n },\n {\n \"process_id\": \"2988\",\n \"name\": \"%windir%\\\\system32\\\\wbem\\\\wmiprvse.exe\"\ \n },\n {\n \"process_id\": \"2676\",\n \"name\": \"%SAMPLEPATH%\"\n }\n ],\n\ \ \"sandbox_name\": \"C2AE\",\n \"has_html_report\": false,\n \"processes_terminated\": [\n \"%windir%\\\\System32\\\\svchost.exe\ \ -k WerSvcGroup\",\n \"wmiadap.exe /F /T /R\"\n ],\n \"behash\": \"7eb58e30b74038daa9b31b5d9df78cf2\",\n \"has_evtx\": false,\n \ \ \"last_modification_date\": 1669495931,\n \"has_memdump\": false\n },\n \"type\": \"file_behaviour\",\n \"id\": \"edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_C2AE\"\ ,\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/file_behaviours/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_C2AE\"\n }\n\ \ },\n {\n \"attributes\": {\n \"mitre_attack_techniques\": [\n {\n \"signature_description\": \"link function at\ \ runtime on Windows\",\n \"id\": \"T1129\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \ \ \"signature_description\": \"packed with UPX\",\n \"id\": \"T1027.002\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n\ \ {\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\"\ : \"link function at runtime on Windows\"\n }\n ],\n \"signature_description\": \"link function at runtime on Windows\",\n\ \ \"id\": \"T1129\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"refs\": [\n\ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"packed with UPX\"\n }\n\ \ ],\n \"signature_description\": \"packed with UPX\",\n \"id\": \"T1027.002\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ \n }\n ],\n \"has_pcap\": false,\n \"analysis_date\": 1669611166,\n \"sandbox_name\": \"CAPA\",\n \"\ has_html_report\": false,\n \"behash\": \"76c6c8e44cd4f1dbddc0f6c2202c1480\",\n \"has_evtx\": false,\n \"signature_matches\": [\n \ \ {\n \"format\": \"SIG_FORMAT_CAPA\",\n \"rule_src\": \"rule:\\n meta:\\n name: allocate memory\\n authors:\\n - 0x534a@mailbox.org\\n\ \ lib: true\\n scope: basic block\\n mbc:\\n - Memory::Allocate Memory [C0007]\\n examples:\\n - Practical Malware Analysis Lab 03-03.exe_:0x4010EA\\n # ntdll\\n \ \ - 563653399B82CD443F120ECEFF836EA3678D4CF11D9B351BB737573C2D856299:0x140001ABA\\n features:\\n - or:\\n - api: kernel32.VirtualAlloc\\n - api: kernel32.VirtualAllocEx\\n - api:\ \ kernel32.VirtualAllocExNuma\\n - api: kernel32.VirtualProtect\\n - api: kernel32.VirtualProtectEx\\n - api: NtAllocateVirtualMemory\\n - api: ZwAllocateVirtualMemory\\n \ \ - api: NtMapViewOfSection\\n - api: ZwMapViewOfSection\\n\",\n \"name\": \"allocate memory\",\n \"authors\": [\n \ \ \"0x534a@mailbox.org\"\n ]\n },\n {\n \"format\": \"SIG_FORMAT_CAPA\",\n \"rule_src\"\ : \"rule:\\n meta:\\n name: allocate RW memory\\n authors:\\n - 0x534a@mailbox.org\\n lib: true\\n scope: basic block\\n mbc:\\n - Memory::Allocate Memory [C0007]\\n \ \ examples:\\n - Practical Malware Analysis Lab 17-02.dll_:0x1000D10D\\n features:\\n - and:\\n - match: allocate memory\\n - number: 0x4 = PAGE_READWRITE\\n\",\n \ \ \"name\": \"allocate RW memory\",\n \"authors\": [\n \"0x534a@mailbox.org\"\n ]\n },\n \ \ {\n \"format\": \"SIG_FORMAT_CAPA\",\n \"rule_src\": \"rule:\\n meta:\\n name: contain loop\\n authors:\\n - moritz.raabe@mandiant.com\\\ n lib: true\\n scope: function\\n examples:\\n - 08AC667C65D36D6542917655571E61C8:0x406EAA\\n features:\\n - or:\\n - characteristic: loop\\n - characteristic: tight\ \ loop\\n - characteristic: recursive call\\n\",\n \"name\": \"contain loop\",\n \"authors\": [\n \"moritz.raabe@mandiant.com\"\ \n ]\n },\n {\n \"rule_src\": \"rule:\\n meta:\\n name: terminate process\\n namespace: host-interaction/process/terminate\\\ n authors:\\n - moritz.raabe@mandiant.com\\n - michael.hunhoff@mandiant.com\\n - anushka.virgaonkar@mandiant.com\\n scope: function\\n mbc:\\n - Process::Terminate Process\ \ [C0018]\\n examples:\\n - C91887D861D9BD4A5872249B641BC9F9:0x401A77\\n - 9B7CCAA2AE6A5B96E3110EBCBC4311F6:0x10010307\\n features:\\n - or:\\n - api: System.Diagnostics.Process::Kill\\\ n - api: System.Diagnostics.Process::WaitForExit\\n - api: System.Diagnostics.Process::WaitForExitAsync\\n - and:\\n - optional:\\n - match: open process\\n \ \ - or:\\n - api: kernel32.TerminateProcess\\n - api: ntdll.NtTerminateProcess\\n - api: kernel32.ExitProcess\\n\",\n \"format\": \"SIG_FORMAT_CAPA\"\ ,\n \"description\": \"host-interaction/process/terminate\",\n \"name\": \"terminate process\",\n \"authors\": [\n \ \ \"moritz.raabe@mandiant.com\",\n \"michael.hunhoff@mandiant.com\",\n \"anushka.virgaonkar@mandiant.com\"\n \ \ ]\n },\n {\n \"rule_src\": \"rule:\\n meta:\\n name: link function at runtime on Windows\\n namespace: linking/runtime-linking\\\ n authors:\\n - moritz.raabe@mandiant.com\\n scope: function\\n att&ck:\\n - Execution::Shared Modules [T1129]\\n examples:\\n - 9324D1A8AE37A36AE560C37448C9705A:0x404130\\\ n - Practical Malware Analysis Lab 01-04.exe_:0x401350\\n features:\\n - and:\\n - os: windows\\n - or:\\n - api: kernel32.LoadLibrary\\n - api: kernel32.GetModuleHandle\\\ n - api: kernel32.GetModuleHandleEx\\n - api: ntdll.LdrLoadDll\\n - or:\\n - api: kernel32.GetProcAddress\\n - api: ntdll.LdrGetProcedureAddress\\n - optional:\\\ n - characteristic: indirect call\\n\",\n \"format\": \"SIG_FORMAT_CAPA\",\n \"description\": \"linking/runtime-linking\",\n \ \ \"name\": \"link function at runtime on Windows\",\n \"authors\": [\n \"moritz.raabe@mandiant.com\"\n ]\n \ \ },\n {\n \"rule_src\": \"rule:\\n meta:\\n name: packed with UPX\\n namespace: anti-analysis/packer/upx\\n authors:\\n - william.ballenthin@mandiant.com\\\ n scope: file\\n att&ck:\\n - Defense Evasion::Obfuscated Files or Information::Software Packing [T1027.002]\\n mbc:\\n - Anti-Static Analysis::Software Packing::UPX [F0001.008]\\\ n examples:\\n - CD2CBA9E6313E8DF2C1273593E649682\\n - Practical Malware Analysis Lab 01-02.exe_:0x0401000\\n features:\\n - or:\\n - and:\\n - format: pe\\n \ \ - or:\\n - section: UPX0\\n - section: UPX1\\n - and:\\n - format: elf\\n - or:\\n - string: \\\"UPX!\\\"\\n\",\n \"format\"\ : \"SIG_FORMAT_CAPA\",\n \"description\": \"anti-analysis/packer/upx\",\n \"name\": \"packed with UPX\",\n \"authors\": [\n \ \ \"william.ballenthin@mandiant.com\"\n ]\n },\n {\n \"rule_src\": \"rule:\\n meta:\\\ n name: contain a resource (.rsrc) section\\n namespace: executable/pe/section/rsrc\\n authors:\\n - moritz.raabe@mandiant.com\\n scope: file\\n examples:\\n - A933A1A402775CFA94B6BEE0963F4B46:0x41fd25\\\ n features:\\n - section: .rsrc\\n\",\n \"format\": \"SIG_FORMAT_CAPA\",\n \"description\": \"executable/pe/section/rsrc\",\n \ \ \"name\": \"contain a resource (.rsrc) section\",\n \"authors\": [\n \"moritz.raabe@mandiant.com\"\n ]\n \ \ },\n {\n \"rule_src\": \"rule:\\n meta:\\n name: (internal) packer file limitation\\n namespace: internal/limitation/file\\n authors:\\\ n - william.ballenthin@mandiant.com\\n description: |\\n This sample appears to be packed.\\n\\n Packed samples have often been obfuscated to hide their logic.\\n capa cannot\ \ handle obfuscation well. This means the results may be misleading or incomplete.\\n If possible, you should try to unpack this input file before analyzing it with capa.\\n scope: file\\\ n examples:\\n - CD2CBA9E6313E8DF2C1273593E649682\\n features:\\n - or:\\n - match: anti-analysis/packer\\n\",\n \"format\": \"SIG_FORMAT_CAPA\",\n \ \ \"description\": \"This sample appears to be packed.\\n\\nPacked samples have often been obfuscated to hide their logic.\\ncapa cannot handle obfuscation well. This means the\ \ results may be misleading or incomplete.\\nIf possible, you should try to unpack this input file before analyzing it with capa.\\n\",\n \"name\": \"(internal) packer file\ \ limitation\",\n \"authors\": [\n \"william.ballenthin@mandiant.com\"\n ]\n }\n ],\n \ \ \"last_modification_date\": 1676671463,\n \"has_memdump\": false\n },\n \"type\": \"file_behaviour\",\n \"id\": \"edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_CAPA\"\ ,\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/file_behaviours/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_CAPA\"\n }\n\ \ },\n {\n \"attributes\": {\n \"command_executions\": [\n \"\\\"%SAMPLEPATH%\\\\setup-x86_64.exe\\\" \",\n \"\\\"%SAMPLEPATH%\\\ \\edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e.exe\\\" \",\n \"C:\\\\Windows\\\\System32\\\\wuapihost.exe -Embedding\",\n \"\\\"%SAMPLEPATH%\\\ \\file.exe\\\" \"\n ],\n \"ip_traffic\": [\n {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\"\ : \"a83f:8110:e5c0:7cff:e5c0:7cff:e5c0:7cff\",\n \"destination_port\": 53\n },\n {\n \"transport_layer_protocol\"\ : \"TCP\",\n \"destination_ip\": \"23.216.147.76\",\n \"destination_port\": 443\n },\n {\n \ \ \"transport_layer_protocol\": \"TCP\",\n \"destination_ip\": \"20.99.133.109\",\n \"destination_port\": 443\n },\n \ \ {\n \"transport_layer_protocol\": \"TCP\",\n \"destination_ip\": \"23.216.147.64\",\n \"destination_port\": 443\n\ \ },\n {\n \"transport_layer_protocol\": \"TCP\",\n \"destination_ip\": \"20.99.184.37\",\n \ \ \"destination_port\": 443\n },\n {\n \"transport_layer_protocol\": \"TCP\",\n \"destination_ip\": \"13.107.4.50\"\ ,\n \"destination_port\": 80\n },\n {\n \"transport_layer_protocol\": \"TCP\",\n \"destination_ip\"\ : \"104.86.182.43\",\n \"destination_port\": 443\n },\n {\n \"transport_layer_protocol\": \"UDP\",\n \ \ \"destination_ip\": \"a83f:8110:0:0:100:0:1800:0\",\n \"destination_port\": 53\n },\n {\n \"transport_layer_protocol\"\ : \"UDP\",\n \"destination_ip\": \"a83f:8110:2c02:0:0:0:0:0\",\n \"destination_port\": 53\n },\n {\n \ \ \"transport_layer_protocol\": \"TCP\",\n \"destination_ip\": \"23.35.98.25\",\n \"destination_port\": 443\n },\n\ \ {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\": \"a83f:8110:1a1a:1aff:1a1a:1aff:1a1a:1aff\",\n \ \ \"destination_port\": 53\n },\n {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\": \"\ a83f:8110:0:0:1400:1400:2800:3800\",\n \"destination_port\": 53\n },\n {\n \"transport_layer_protocol\": \"TCP\"\ ,\n \"destination_ip\": \"23.40.197.184\",\n \"destination_port\": 443\n },\n {\n \"transport_layer_protocol\"\ : \"UDP\",\n \"destination_ip\": \"a83f:8110:8d00:100:89:9598:0:8b\",\n \"destination_port\": 53\n },\n {\n \ \ \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\": \"192.168.0.14\",\n \"destination_port\": 137\n \ \ },\n {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\": \"a83f:8110:2800:0:2800:0:1800:0\",\n \ \ \"destination_port\": 53\n },\n {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\": \"a83f:8110:6219:d901:71a4:4e8e:6219:d901\"\ ,\n \"destination_port\": 53\n },\n {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\"\ : \"a83f:8110:4c00:5300:4900:2000:4500:6d00\",\n \"destination_port\": 53\n },\n {\n \"transport_layer_protocol\"\ : \"UDP\",\n \"destination_ip\": \"a83f:8110:6c00:6c00:2c00:2d00:3300:3600\",\n \"destination_port\": 53\n },\n \ \ {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\": \"a83f:8110:2800:1800:4000:1800:1800:100\",\n \"destination_port\"\ : 53\n },\n {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\": \"a83f:8110:100:300:4170:7058:3677:366e\"\ ,\n \"destination_port\": 53\n },\n {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\"\ : \"a83f:8110:4600:6900:7200:6500:7700:6100\",\n \"destination_port\": 53\n },\n {\n \"transport_layer_protocol\"\ : \"UDP\",\n \"destination_ip\": \"a83f:8110:3e05:0:0:0:3e05:0\",\n \"destination_port\": 53\n },\n {\n \ \ \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\": \"192.168.0.19\",\n \"destination_port\": 137\n },\n\ \ {\n \"transport_layer_protocol\": \"UDP\",\n \"destination_ip\": \"192.168.0.1\",\n \"destination_port\"\ : 137\n }\n ],\n \"processes_injected\": [\n \"\\\\\\\\?\\\\C:\\\\Windows\\\\system32\\\\wbem\\\\WMIADAP.EXE\"\n \ \ ],\n \"processes_tree\": [\n {\n \"process_id\": \"2888\",\n \"name\": \"%WINDIR%\\\\explorer.exe\",\n \ \ \"children\": [\n {\n \"process_id\": \"3532\",\n \"name\": \"%SAMPLEPATH%\\\\setup-x86_64.exe\"\ \n }\n ]\n }\n ],\n \"has_pcap\": false,\n \"analysis_date\": 1669405151,\n \ \ \"sandbox_name\": \"Microsoft Sysinternals\",\n \"has_html_report\": false,\n \"processes_terminated\": [\n \"C:\\\\Windows\\\\System32\\\ \\wuapihost.exe\"\n ],\n \"behash\": \"5e435041f7d5d1981aa0a0d9419bcd97\",\n \"files_deleted\": [\n \n \"C:\\\\Windows\\\ \\System32\\\\spp\\\\store\\\\2.0\\\\cache\\\\cache.dat\",\n \n ],\n \"files_dropped\": [\n \n ],\n \"has_evtx\"\ : false,\n \"last_modification_date\": 1677046497,\n \"has_memdump\": false,\n \"processes_created\": [\n \"%SAMPLEPATH%\\\\setup-x86_64.exe\"\ ,\n \"%SAMPLEPATH%\\\\edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e.exe\",\n \"C:\\\\Windows\\\\System32\\\\wuapihost.exe\",\n \ \ \"%SAMPLEPATH%\\\\file.exe\"\n ],\n \"modules_loaded\": [\n \"%SAMPLEPATH%\\\\edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e.exe\"\ ,\n \"%SAMPLEPATH%\\\\file.exe\"\n ]\n },\n \"type\": \"file_behaviour\",\n \"id\": \"edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_Microsoft\ \ Sysinternals\",\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/file_behaviours/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_Microsoft\ \ Sysinternals\"\n }\n },\n {\n \"attributes\": {\n \"registry_keys_opened\": [\n \"HKLM\\\\Software\\\\Cygwin\\\\setup\",\n\ \ \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\LanguagePack\\\\DataStore_V1.0\",\n \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\ \\LanguagePack\\\\DataStore_V1.0\\\\Disable\",\n \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\LanguagePack\\\\DataStore_V1.0\\\\DataFilePath\",\n \ \ \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\LanguagePack\\\\SurrogateFallback\",\n \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\ \\LanguagePack\\\\SurrogateFallback\\\\Arial\",\n \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\FontLink\\\\SystemLink\"\n ],\n \ \ \"calls_highlighted\": [\n \"GetTickCount\"\n ],\n \"tags\": [\n \"DIRECT_CPU_CLOCK_ACCESS\",\n \"RUNTIME_MODULES\"\ \n ],\n \"has_pcap\": false,\n \"analysis_date\": 1669405225,\n \"sandbox_name\": \"VirusTotal Jujubox\",\n \"has_html_report\"\ : true,\n \"behash\": \"2563a14030568b9376fcc24af405d1c8\",\n \"has_evtx\": false,\n \"text_highlighted\": [\n \"Cygwin Setup\",\n\ \ \"Cygwin Net Release Setup Program\",\n \"This setup program is used for the initial installation of the Cygwin environment as well as all subsequent updates.\ \ The pages that follow will guide you through the installation.\\n\\nPlease note that we\",\n \"Setup version 2.924 (64 bit)\",\n \"Copyright 2000-2022\",\n\ \ \"https://cygwin.com\",\n \"Finish\",\n \"Help\"\n ],\n \"services_opened\": [\n \"AvSynMgr\"\ \n ],\n \"last_modification_date\": 1669405226,\n \"has_memdump\": false,\n \"modules_loaded\": [\n \"KERNEL32.DLL\"\ ,\n \"ADVAPI32.dll\",\n \"COMCTL32.dll\",\n \"GDI32.dll\",\n \"msvcrt.dll\",\n \"ntdll.dll\",\n \ \ \"ole32.dll\",\n \"PSAPI.DLL\",\n \"SHELL32.dll\",\n \"SHLWAPI.dll\",\n \"USER32.dll\",\n \ \ \"WININET.dll\",\n \"WS2_32.dll\",\n \"C:\\\\Windows\\\\system32\\\\tzres.dll\",\n \"CRYPTBASE.dll\",\n \"\ CLBCatQ.DLL\",\n \"C:\\\\Windows\\\\system32\\\\shell32.dll\",\n \"UxTheme.dll\",\n \"IMM32.dll\",\n \"C:\\\\Windows\\\ \\system32\\\\ole32.dll\"\n ],\n \"files_opened\": [\n \"/etc\\\\system-fips\",\n \"C:\\\\Windows\\\\system32\\\\tzres.dll\",\n\ \ \"C:\\\\Users\\\\\\\\Downloads\\\\setup.rc\",\n \"C:\\\\cygwin64\\\\etc\\\\setup\\\\setup.rc\",\n \"C:\\\\Windows\\\\system32\\\\\ rpcss.dll\",\n \"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\",\n \"C:\\\ \\Windows\\\\WinSxS\\\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\\\COMCTL32.dll.mui\",\n \"C:\\\\Windows\\\\system32\\\ \\en-US\\\\USER32.dll.mui\",\n \"C:\\\\Windows\\\\system32\\\\UxTheme.dll\",\n \"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845\"\ ,\n \"C:\\\\Windows\\\\Fonts\\\\staticcache.dat\"\n ]\n },\n \"type\": \"file_behaviour\",\n \"id\": \"edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_VirusTotal\ \ Jujubox\",\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/file_behaviours/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_VirusTotal\ \ Jujubox\"\n }\n },\n {\n \"attributes\": {\n \"signature_matches\": [\n {\n \"id\": \"825\",\n \ \ \"match_data\": [\n \"More than 3 window changes detected\"\n ],\n \"description\": \"Found graphical\ \ window changes (likely an installer)\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"418\"\ ,\n \"match_data\": [\n \"File size 1381395 > 1048576\"\n ],\n \"description\": \"Submission file\ \ is bigger than most known malware samples\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"\ 509\",\n \"refs\": [\n {\n \"ref\": \"#registry_keys_opened\",\n \"value\": \"HKEY_LOCAL_MACHINE\\\ \\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\Safer\\\\CodeIdentifiers\"\n }\n ],\n \"match_data\": [\n \ \ \"HKEY_LOCAL_MACHINE\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\Safer\\\\CodeIdentifiers\"\n ],\n \"description\": \"Reads software\ \ policies\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"342\",\n \"\ match_data\": [\n \"section name: UPX0\",\n \"section name: UPX1\"\n ],\n \"description\": \"\ Sample is packed with UPX\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"767\",\n \ \ \"match_data\": [\n \"Next >\"\n ],\n \"description\": \"Found GUI installer (many successful clicks)\",\n\ \ \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"206\",\n \"refs\": [\n \ \ {\n \"ref\": \"#dns_lookups\",\n \"value\": \"queries for: cygwin.com\"\n }\n\ \ ],\n \"match_data\": [\n \"queries for: cygwin.com\"\n ],\n \"description\"\ : \"Performs DNS lookups\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"715\",\n \ \ \"match_data\": [\n \"clean0.winEXE@1/1@1/1\"\n ],\n \"description\": \"Classification label\",\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"625\",\n \"match_data\": [\n \ \ \"HTTP traffic on port 49736 -> 443\",\n \"HTTP traffic on port 443 -> 49736\"\n ],\n \"description\"\ : \"Uses HTTPS\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"624\",\n \ \ \"description\": \"Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis\",\n \"severity\": \"\ IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"513\",\n \"match_data\": [\n \"window name:\ \ SysTabControl32\"\n ],\n \"description\": \"Executable creates window controls seldom found in malware\",\n \"severity\": \"\ IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"507\",\n \"match_data\": [\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\InProcServer32\"\n ],\n \"description\": \"Uses an in-process (OLE) Automation\ \ server\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"263\",\n \"refs\"\ : [\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"program.exe, 00000000.00000002.4727768602.00000000001B5000.00000004.00000020.00020000.00000000.sdmp\"\ \n },\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"program.exe, 00000000.00000002.4727292270.0000000000168000.00000004.00000020.00020000.00000000.sdmp\"\ \n }\n ],\n \"match_data\": [\n \"Hyper-V RAW\",\n \"Hyper-V RAW \"\ \n ],\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\",\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"328\",\n \"match_data\": [\n \ \ \"C:\\\\Windows\\\\System32\\\\drivers\\\\etc\\\\hosts\"\n ],\n \"description\": \"Reads the hosts file\",\n \"severity\"\ : \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"768\",\n \"match_data\": [\n \"Number\ \ of UI elements: 16\",\n \"Number of UI elements: 19\",\n \"Number of UI elements: 25\",\n \"Number of UI elements:\ \ 28\",\n \"Number of UI elements: 30\"\n ],\n \"description\": \"Found window with many clickable UI elements (buttons,\ \ textforms, scrollbars etc)\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"433\",\n \ \ \"match_data\": [\n \"Section: UPX1 ZLIB complexity 0.9993296606864275\"\n ],\n \"description\": \"PE file\ \ has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n\ \ {\n \"id\": \"238\",\n \"match_data\": [\n \"ftp://cygwin.osuosl.org\",\n \ \ \"ftp://ftp-stud.hs-esslingen.de/pub/Mirrors/sources.redhat.com/cygwin/https://l\",\n \"ftp://ftp.byfly.by\",\n \"ftp://ftp.eq.uc.pt\",\n\ \ \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://mc.\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://mw\",\n \ \ \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://ftj\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/or\",\n \ \ \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/r\",\n \"ftp://ftp.fau.de/cygwin/\",\n \"ftp://ftp.fau.desl.orgor\",\n \ \ \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/\",\n \"ftp://ftp.ha\",\n \"ftp://ftp.halifax.rwth-aachen.de/cygwin/.net/\"\ ,\n \"ftp://ftp.halifax.rwth-aachen.dehttps:/\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://cyG\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://f\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://l\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://s\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://9\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/n/\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/or\"\ ,\n \"ftp://ftp.inf.tu-dresden.dehttps://\",\n \"ftp://ftp.inf.tu-dresden.deor\",\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/\"\ ,\n \"ftp://ftp.jaist.ac.jpt\",\n \"ftp://ftp.kaist.ac.kr/cygwin/\",\n \"ftp://ftp.kaist.ac.kr/cygwin/https://\"\ ,\n \"ftp://ftp.kaist.ac.kr/cygwin/p\",\n \"ftp://ftp.kaist.ac.kr/cygwin/site\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://c\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://fK)t\",\n \ \ \"ftp://ftp.l\",\n \"ftp://ftp.l(-Z\",\n \"ftp://ftp.lf1\",\n \"ftp://ftp.lip6.fr/pub/cygwin/\"\ ,\n \"ftp://ftp.lip6.fr/pub/cygwin/rror\",\n \"ftp://ftp.mirrorservice.orghttp://mirro\",\n \"ftp://ftp.mirrorservice.orgn\"\ ,\n \"ftp://ftp.mirrorservice.orgygwin/\",\n \"ftp://ftp.mm\",\n \"ftp://ftp.muug.ca\",\n \ \ \"ftp://ftp.muug.ca/mirror/cygwin/\",\n \"ftp://ftp.n\",\n \"ftp://ftp.ntu.edu.tw/pub/cygwin/s\",\n \"ftp://ftp.rnl.tecnico.ulisboa.pt/pub/cygwin/irror\"\ ,\n \"ftp://ftp.snt.utwente.nl/pub/software/cygwin/\",\n \"ftp://ftp.snt.utwente.nlftp\",\n \"ftp://ftp.snt.utwente.nltp\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jp\",\n \"ftp://ftp.yz.yamagata-u.ac.jphttps://ft\",\n \"ftp://linux.rz.ruhr-uni-bochum.de\"\ ,\n \"ftp://linux.rz.ruhr-uni-bochum.dehttp:/Z/\",\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin/gwin\",\n \"ftp://mirror.csclub.uwaterloo.ca/cygwin/ygwin\"\ ,\n \"ftp://mirror.internode.on.net/pub/cygwin/gwin\",\n \"ftp://mirror.internode.on.net/pub/cygwin/http\",\n \"\ ftp://mirror.lagoon.nc\",\n \"ftp://mirror.lagoon.nc/cygwin/\",\n \"ftp://mirror.lagoon.nc/cygwin/.ca\",\n \"ftp://mirror.lagoon.nc/cygwin/https://\"\ ,\n \"ftp://mirror.lagoon.nc/cygwin/https://c:34\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/p\",\n \"ftp://mirrors.netix.net/cygwin/http://f\"\ ,\n \"ftp://mirrors.netix.net/cygwin/http://w\",\n \"ftp://mirrors.sonic.net/cygwin/http://f\",\n \"ftp://mirrors.sonic.net/cygwin/https://9\"\ ,\n \"ftp://mirrors.xmission.com/cygwin/\",\n \"ftp://mirrors.xmission.comwin\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\"\ ,\n \"ftp://sunsite.icm.edu.pl\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://f\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/nt\"\ ,\n \"http://ac.economia.gob.mx/cps.html0\",\n \"http://ac.economia.gob.mx/last.crl0G\",\n \"http://acedicom.edicomgroup.com/doc0\"\ ,\n \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0\",\n \ \ \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://ca.disig.sk/ca/crl/ca_disig.crl0\"\ ,\n \"http://ca.mtin.es/mtin/DPCyPoliticas0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0g\",\n \"http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03\"\ ,\n \"http://ca.mtin.es/mtin/ocsp0\",\n \"http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0\",\n \"http://certificates.starfieldtech.com/repository/1604\"\ ,\n \"http://certs.oati.net/repository/OATICA2.crl0\",\n \"http://certs.oati.net/repository/OATICA2.crt0\",\n \"\ http://certs.oaticerts.com/repository/OATICA2.crl\",\n \"http://certs.oaticerts.com/repository/OATICA2.crt08\",\n \"http://cps.chambersign.org/cps/chambersignroot.html0\"\ ,\n \"http://cps.chambersign.org/cps/chambersroot.html0\",\n \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\"\ ,\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \"http://crl.certigna.fr/certignarootca.crl01\",\n \"http://crl.chambersign.org/chambersignroot.crl0\"\ ,\n \"http://crl.chambersign.org/chambersroot.crl0\",\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \ \ \"http://crl.defence.gov.au/pki0\",\n \"http://crl.dhimyotis.com/certignarootca.crl0\",\n \"http://crl.globalsign.net/root-r2.crl0\",\n\ \ \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\",\n \"http://crl.securetrust.com/SGCA.crl0\"\ ,\n \"http://crl.securetrust.com/STCA.crl0\",\n \"http://crl.ssc.lt/root-a/cacrl.crl0\",\n \"http://crl.ssc.lt/root-b/cacrl.crl0\"\ ,\n \"http://crl.ssc.lt/root-c/cacrl.crl0\",\n \"http://crl.xrampsecurity.com/XGCA.crl0\",\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab\",\n \"http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635\"\ ,\n \"http://cygwin.cathedral-\",\n \"http://cygwin.cathedral-10\",\n \"http://cygwin.cathedral-N/\",\n \ \ \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org$\",\n \"http://cygwin.cathedral-networks.org&\"\ ,\n \"http://cygwin.cathedral-networks.org.noG3\",\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/)\"\ ,\n \"http://cygwin.cathedral-networks.org/-u\",\n \"http://cygwin.cathedral-networks.org/.\",\n \"http://cygwin.cathedral-networks.org/.d\"\ ,\n \"http://cygwin.cathedral-networks.org/.iK\",\n \"http://cygwin.cathedral-networks.org/.n\",\n \"http://cygwin.cathedral-networks.org//\"\ ,\n \"http://cygwin.cathedral-networks.org//%M\",\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org///b\"\ ,\n \"http://cygwin.cathedral-networks.org//5-\",\n \"http://cygwin.cathedral-networks.org//I\",\n \"http://cygwin.cathedral-networks.org//T\"\ ,\n \"http://cygwin.cathedral-networks.org//U\",\n \"http://cygwin.cathedral-networks.org//c\",\n \"http://cygwin.cathedral-networks.org//f\"\ ,\n \"http://cygwin.cathedral-networks.org//fB\",\n \"http://cygwin.cathedral-networks.org//fQ\",\n \"http://cygwin.cathedral-networks.org//l\"\ ,\n \"http://cygwin.cathedral-networks.org/0\",\n \"http://cygwin.cathedral-networks.org/1\",\n \"http://cygwin.cathedral-networks.org/1-\"\ ,\n \"http://cygwin.cathedral-networks.org/3)\",\n \"http://cygwin.cathedral-networks.org/5\",\n \"http://cygwin.cathedral-networks.org/7\"\ ,\n \"http://cygwin.cathedral-networks.org/8\",\n \"http://cygwin.cathedral-networks.org/:/l\",\n \"http://cygwin.cathedral-networks.org/;34\"\ ,\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\",\n \"http://cygwin.cathedral-networks.org/=\"\ ,\n \"http://cygwin.cathedral-networks.org/=M\",\n \"http://cygwin.cathedral-networks.org/?/\",\n \"http://cygwin.cathedral-networks.org/A\"\ ,\n \"http://cygwin.cathedral-networks.org/D\",\n \"http://cygwin.cathedral-networks.org/E3\",\n \"http://cygwin.cathedral-networks.org/F(x\"\ ,\n \"http://cygwin.cathedral-networks.org/J\",\n \"http://cygwin.cathedral-networks.org/J(t\",\n \"http://cygwin.cathedral-networks.org/L-\"\ ,\n \"http://cygwin.cathedral-networks.org/Q.\",\n \"http://cygwin.cathedral-networks.org/T3\",\n \"http://cygwin.cathedral-networks.org/W8Z\"\ ,\n \"http://cygwin.cathedral-networks.org/X\",\n \"http://cygwin.cathedral-networks.org/Z\",\n \"http://cygwin.cathedral-networks.org/_\"\ ,\n \"http://cygwin.cathedral-networks.org/a3\",\n \"http://cygwin.cathedral-networks.org/am\",\n \"http://cygwin.cathedral-networks.org/au\"\ ,\n \"http://cygwin.cathedral-networks.org/b/A3\",\n \"http://cygwin.cathedral-networks.org/cy\",\n \"http://cygwin.cathedral-networks.org/d\"\ ,\n \"http://cygwin.cathedral-networks.org/de\",\n \"http://cygwin.cathedral-networks.org/dh\",\n \"http://cygwin.cathedral-networks.org/e8(\"\ ,\n \"http://cygwin.cathedral-networks.org/et\",\n \"http://cygwin.cathedral-networks.org/eta1\",\n \"http://cygwin.cathedral-networks.org/ez\"\ ,\n \"http://cygwin.cathedral-networks.org/fs\",\n \"http://cygwin.cathedral-networks.org/ft\",\n \"http://cygwin.cathedral-networks.org/ftP-\"\ ,\n \"http://cygwin.cathedral-networks.org/ftp\",\n \"http://cygwin.cathedral-networks.org/hk\",\n \"http://cygwin.cathedral-networks.org/i\"\ ,\n \"http://cygwin.cathedral-networks.org/i&e\",\n \"http://cygwin.cathedral-networks.org/ia\",\n \"http://cygwin.cathedral-networks.org/inF\"\ ,\n \"http://cygwin.cathedral-networks.org/inG\",\n \"http://cygwin.cathedral-networks.org/inm\",\n \"http://cygwin.cathedral-networks.org/ir?\"\ ,\n \"http://cygwin.cathedral-networks.org/k\",\n \"http://cygwin.cathedral-networks.org/k.\",\n \"http://cygwin.cathedral-networks.org/lf1\"\ ,\n \"http://cygwin.cathedral-networks.org/lyT\",\n \"http://cygwin.cathedral-networks.org/m\",\n \"http://cygwin.cathedral-networks.org/m0\"\ ,\n \"http://cygwin.cathedral-networks.org/n\",\n \"http://cygwin.cathedral-networks.org/oB-f\",\n \"http://cygwin.cathedral-networks.org/os\"\ ,\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/p.n\",\n \"http://cygwin.cathedral-networks.org/p1\"\ ,\n \"http://cygwin.cathedral-networks.org/p2\",\n \"http://cygwin.cathedral-networks.org/q\",\n \"http://cygwin.cathedral-networks.org/r.\"\ ,\n \"http://cygwin.cathedral-networks.org/rgm\",\n \"http://cygwin.cathedral-networks.org/rs\",\n \"http://cygwin.cathedral-networks.org/s\"\ ,\n \"http://cygwin.cathedral-networks.org/sI-\",\n \"http://cygwin.cathedral-networks.org/ter.by\",\n \"http://cygwin.cathedral-networks.org/th-aachen.derg9\"\ ,\n \"http://cygwin.cathedral-networks.org/un\",\n \"http://cygwin.cathedral-networks.org/us\",\n \"http://cygwin.cathedral-networks.org/ux#\"\ ,\n \"http://cygwin.cathedral-networks.org/x(j\",\n \"http://cygwin.cathedral-networks.org/x.:(\",\n \"http://cygwin.cathedral-networks.org/y\"\ ,\n \"http://cygwin.cathedral-networks.org/yd2\",\n \"http://cygwin.cathedral-networks.org/z(d\",\n \"http://cygwin.cathedral-networks.org3.\"\ ,\n \"http://cygwin.cathedral-networks.org5\",\n \"http://cygwin.cathedral-networks.org:\",\n \"http://cygwin.cathedral-networks.org://\"\ ,\n \"http://cygwin.cathedral-networks.org://F2\",\n \"http://cygwin.cathedral-networks.org://M\",\n \"http://cygwin.cathedral-networks.orgF\"\ ,\n \"http://cygwin.cathedral-networks.orgF-\",\n \"http://cygwin.cathedral-networks.orgKonk\",\n \"http://cygwin.cathedral-networks.orgP\"\ ,\n \"http://cygwin.cathedral-networks.orga0\",\n \"http://cygwin.cathedral-networks.orgala\",\n \"http://cygwin.cathedral-networks.orgcew\"\ ,\n \"http://cygwin.cathedral-networks.orgck\",\n \"http://cygwin.cathedral-networks.orgcygX2\",\n \"http://cygwin.cathedral-networks.orgetn/\"\ ,\n \"http://cygwin.cathedral-networks.orgf\",\n \"http://cygwin.cathedral-networks.orgf(X\",\n \"http://cygwin.cathedral-networks.orgirr\"\ ,\n \"http://cygwin.cathedral-networks.orgjp\",\n \"http://cygwin.cathedral-networks.orgk\",\n \"http://cygwin.cathedral-networks.orgkBS\"\ ,\n \"http://cygwin.cathedral-networks.orglit\",\n \"http://cygwin.cathedral-networks.orgn\",\n \"http://cygwin.cathedral-networks.orgn/\"\ ,\n \"http://cygwin.cathedral-networks.orgn/:M\",\n \"http://cygwin.cathedral-networks.orgn/qBi\",\n \"http://cygwin.cathedral-networks.orgnf.=6P\"\ ,\n \"http://cygwin.cathedral-networks.orgp.m\",\n \"http://cygwin.cathedral-networks.orgp6\",\n \"http://cygwin.cathedral-networks.orgr\"\ ,\n \"http://cygwin.cathedral-networks.orgree\",\n \"http://cygwin.cathedral-networks.orgror\",\n \"http://cygwin.cathedral-networks.orgt\"\ ,\n \"http://cygwin.cathedral-networks.orgta-I2\",\n \"http://cygwin.cathedral-networks.orgto\",\n \"http://cygwin.cathedral-networks.orgu.\"\ ,\n \"http://cygwin.cathedral-networks.orgv1\",\n \"http://cygwin.cathedral-networks.orgv3\",\n \"http://cygwin.cathedral-networks.orgw\"\ ,\n \"http://cygwin.mbwarez\",\n \"http://cygwin.mbwarez.dk\",\n \"http://cygwin.mbwarez.dk#\",\n \ \ \"http://cygwin.mbwarez.dk(\",\n \"http://cygwin.mbwarez.dk)\",\n \"http://cygwin.mbwarez.dk-bochum.dea.A\",\n \ \ \"http://cygwin.mbwarez.dk-bochum.dee;&\",\n \"http://cygwin.mbwarez.dk-bochum.dein/s\",\n \"http://cygwin.mbwarez.dk.acc.umu.se/miri\"\ ,\n \"http://cygwin.mbwarez.dk.aun/\",\n \"http://cygwin.mbwarez.dk.auwin/\",\n \"http://cygwin.mbwarez.dk.by/pub/mirrors\"\ ,\n \"http://cygwin.mbwarez.dk.byom/cygwin/\",\n \"http://cygwin.mbwarez.dk.de/cygwin/n/\",\n \"http://cygwin.mbwarez.dk.iij.ad.jp\"\ ,\n \"http://cygwin.mbwarez.dk.net/edu.cn\",\n \"http://cygwin.mbwarez.dk.org/mirrors/cy\",\n \"http://cygwin.mbwarez.dk.orgso.netsl.1\"\ ,\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/#f\",\n \"http://cygwin.mbwarez.dk/$\",\n \ \ \"http://cygwin.mbwarez.dk/.ac.nz.tw/pub\",\n \"http://cygwin.mbwarez.dk/.ac.nzn/\",\n \"http://cygwin.mbwarez.dk/.c\"\ ,\n \"http://cygwin.mbwarez.dk/.cathedral-S3\",\n \"http://cygwin.mbwarez.dk/.cn/cygwin/1\",\n \"http://cygwin.mbwarez.dk/.de/pub/Mirrors/sources.redhat.com/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/.deode.on.netd\",\n \"http://cygwin.mbwarez.dk/.iij.ad.jp\",\n \"http://cygwin.mbwarez.dk/.jpcygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/.lip6.frde/mm\",\n \"http://cygwin.mbwarez.dk/.net\",\n \"http://cygwin.mbwarez.dk/.netet23\"\ ,\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk//.cagwin/d.\",\n \"http://cygwin.mbwarez.dk///mirror.isoc.\"\ ,\n \"http://cygwin.mbwarez.dk//MoldovasA\",\n \"http://cygwin.mbwarez.dk//cygw\",\n \"http://cygwin.mbwarez.dk//cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/(/\",\n \"http://cygwin.mbwarez.dk//cygwin//\",\n \"http://cygwin.mbwarez.dk//cygwin///\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/l.\",\n \"http://cygwin.mbwarez.dk//cygwin/la\",\n \"http://cygwin.mbwarez.dk//cygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/nnk\",\n \"http://cygwin.mbwarez.dk//cygwin/or\",\n \"http://cygwin.mbwarez.dk//cygwin/rors.r\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/t1l\",\n \"http://cygwin.mbwarez.dk//gwin/.de\",\n \"http://cygwin.mbwarez.dk//in//u\"\ ,\n \"http://cygwin.mbwarez.dk//pub/cygwin/\",\n \"http://cygwin.mbwarez.dk//win//m\",\n \"http://cygwin.mbwarez.dk//win/2-\"\ ,\n \"http://cygwin.mbwarez.dk//win/n/\",\n \"http://cygwin.mbwarez.dk/0\",\n \"http://cygwin.mbwarez.dk/1%\",\n\ \ \"http://cygwin.mbwarez.dk/1K\",\n \"http://cygwin.mbwarez.dk/://ftp.kr.free\",\n \"http://cygwin.mbwarez.dk/://mirrors.ust)\"\ ,\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\",\n \"http://cygwin.mbwarez.dk/Australi\",\n \ \ \"http://cygwin.mbwarez.dk/Chinas.7/\",\n \"http://cygwin.mbwarez.dk/E\",\n \"http://cygwin.mbwarez.dk/Europek\",\n \ \ \"http://cygwin.mbwarez.dk/I0\",\n \"http://cygwin.mbwarez.dk/P\",\n \"http://cygwin.mbwarez.dk/Q\",\n \ \ \"http://cygwin.mbwarez.dk/a\",\n \"http://cygwin.mbwarez.dk/alasiaB\",\n \"http://cygwin.mbwarez.dk/au.dergmq\",\n \ \ \"http://cygwin.mbwarez.dk/auin//d.org;(\",\n \"http://cygwin.mbwarez.dk/by.ptK3\",\n \"http://cygwin.mbwarez.dk/byfly.by/pub/c\",\n\ \ \"http://cygwin.mbwarez.dk/c.jp\",\n \"http://cygwin.mbwarez.dk/ca.de\",\n \"http://cygwin.mbwarez.dk/chum.den///\"\ ,\n \"http://cygwin.mbwarez.dk/ckdomain.de\",\n \"http://cygwin.mbwarez.dk/comrrahostr3\",\n \"http://cygwin.mbwarez.dk/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/.de\",\n \"http://cygwin.mbwarez.dk/cygwin//\",\n \"http://cygwin.mbwarez.dk/cygwin///\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//in/w&\",\n \"http://cygwin.mbwarez.dk/cygwin/in//F\",\n \"http://cygwin.mbwarez.dk/cygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n/qI%\",\n \"http://cygwin.mbwarez.dk/cygwin/n/v\",\n \"http://cygwin.mbwarez.dk/cygwin/net/t\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/ware.o:\",\n \"http://cygwin.mbwarez.dk/cygwin/win/\",\n \"http://cygwin.mbwarez.dk/cygwin32/\"\ ,\n \"http://cygwin.mbwarez.dk/d\",\n \"http://cygwin.mbwarez.dk/ddos.net/cygwilZ\",\n \"http://cygwin.mbwarez.dk/de\"\ ,\n \"http://cygwin.mbwarez.dk/de/cygwin/\",\n \"http://cygwin.mbwarez.dk/de/cygwin//\",\n \"http://cygwin.mbwarez.dk/degwin//\"\ ,\n \"http://cygwin.mbwarez.dk/e\",\n \"http://cygwin.mbwarez.dk/e/cygw\",\n \"http://cygwin.mbwarez.dk/ei\",\n \ \ \"http://cygwin.mbwarez.dk/en.de\",\n \"http://cygwin.mbwarez.dk/en.de(\",\n \"http://cygwin.mbwarez.dk/en.de.byom\"\ ,\n \"http://cygwin.mbwarez.dk/et/cygwin/\",\n \"http://cygwin.mbwarez.dk/et/cygwin/p0\",\n \"http://cygwin.mbwarez.dk/etcom\"\ ,\n \"http://cygwin.mbwarez.dk/ewin/LIH\",\n \"http://cygwin.mbwarez.dk/eworks.orgq-\",\n \"http://cygwin.mbwarez.dk/fau.dejp\"\ ,\n \"http://cygwin.mbwarez.dk/ft.edu.cn/c\",\n \"http://cygwin.mbwarez.dk/g/cygwin/\",\n \"http://cygwin.mbwarez.dk/g/cygwin/0K\"\ ,\n \"http://cygwin.mbwarez.dk/gata-u\",\n \"http://cygwin.mbwarez.dk/gen.de/\",\n \"http://cygwin.mbwarez.dk/gen.de/n/ooN.v\"\ ,\n \"http://cygwin.mbwarez.dk/gorks.org/\",\n \"http://cygwin.mbwarez.dk/gwin/\",\n \"http://cygwin.mbwarez.dk/gwin/.free\"\ ,\n \"http://cygwin.mbwarez.dk/gwin//\",\n \"http://cygwin.mbwarez.dk/gwin//.i\",\n \"http://cygwin.mbwarez.dk/gwin//gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin//heY\",\n \"http://cygwin.mbwarez.dk/gwin/c.krf3\",\n \"http://cygwin.mbwarez.dk/gwin/in/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/in/n\",\n \"http://cygwin.mbwarez.dk/gwin/na9-\",\n \"http://cygwin.mbwarez.dk/gwin/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/hen.de.org/\",\n \"http://cygwin.mbwarez.dk/hen.de/cygwin/\",\n \"http://cygwin.mbwarez.dk/https://q\"\ ,\n \"http://cygwin.mbwarez.dk/iij.ad.jp/pub/\",\n \"http://cygwin.mbwarez.dk/in.osuosl.org\",\n \"http://cygwin.mbwarez.dk/in/\"\ ,\n \"http://cygwin.mbwarez.dk/in////\",\n \"http://cygwin.mbwarez.dk/in//://li\"\n ],\n \"description\"\ : \"URLs found in memory or binary data\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"90\"\ ,\n \"match_data\": [\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\"\n \ \ ],\n \"description\": \"Creates files inside the user directory\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n \ \ },\n {\n \"id\": \"7058\",\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.11:49736 version:\ \ TLS 1.2\"\n ],\n \"description\": \"Uses secure TLS version for HTTPS connections\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ \n },\n {\n \"id\": \"410\",\n \"match_data\": [\n \"Raw size of UPX1 is bigger than:\ \ 0x100000 < 0x140800\"\n ],\n \"description\": \"PE file has a big raw section\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n\ \ },\n {\n \"description\": \"Uses HTTPS\",\n \"match_data\": [\n \"HTTP traffic on\ \ port 49714 -> 443\",\n \"HTTP traffic on port 443 -> 49714\"\n ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \ \ \"id\": \"625\"\n },\n {\n \"refs\": [\n {\n \"ref\": \"#memory_dumps\"\ ,\n \"value\": \"executable.exe, 00000000.00000002.4737795738.0000000000C7A000.00000004.00000020.00020000.00000000.sdmp\"\n }\n \ \ ],\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\",\n \"match_data\"\ : [\n \"Hyper-V RAW\"\n ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"263\"\n \ \ },\n {\n \"description\": \"URLs found in memory or binary data\",\n \"match_data\": [\n \"\ ftp://ftp-stud.hs-esslingen.dehttp://f\",\n \"ftp://ftp-stud.hs-esslingen.dehttps://f\",\n \"ftp://ftp.#\",\n \"\ ftp://ftp.byfly.by/pub/cygwin/https://\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://l\"\ ,\n \"ftp://ftp.fau.de/cygwin/os\",\n \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/.com/http://m)\",\n \ \ \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/p\",\n \"ftp://ftp.halifax.rwth-aachen.der\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\"\ ,\n \"ftp://ftp.inf.tu-dresden.deor\",\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/\",\n \"ftp://ftp.kaist.ac.kr/cygwin/ar\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://mX\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://L\",\n \ \ \"ftp://ftp.l\",\n \"ftp://ftp.lip6.fr\",\n \"ftp://ftp.lip6.fr/pub/cygwin/\",\n \"ftp://ftp.lip6.fr/pub/cygwin/http://ftp\"\ ,\n \"ftp://ftp.muug.ca/mirror/cygwin/yhttps://\",\n \"ftp://ftp.ntu.edu.tw/pub/cygwin/\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/http://\"\ ,\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/yhttps://\",\n \"ftp://ftp.snt.utwente.nl/pub/software/cygwin/\",\n \"ftp://ftp.snt.utwente.nl/pub/software/cygwin/ite\"\ ,\n \"ftp://ftp.snt.utwente.nle\",\n \"ftp://ftp.snt.utwente.nlhttps://\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/p\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jp/pF\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin//B\",\n \"ftp://mirror.checkdomain.de/cygwin/http://f\"\ ,\n \"ftp://mirror.csclub.uwaterloo.can\",\n \"ftp://mirror.datacenter.by/pub/mirrors/cygwin/https://\",\n \"ftp://mirror.easyname.at.ac.jphttp://f\"\ ,\n \"ftp://mirror.easyname.attp\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/https://\",\n \"ftp://mirrors.dotsrc.orgewin\"\ ,\n \"ftp://mirrors.netix.net/cygwin/\",\n \"ftp://mirrors.netix.net/cygwin/r\",\n \"ftp://mirrors.syringanetworks.net/cygwin/\"\ ,\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://m\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://mz-\",\n \ \ \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://\",\n \"ftp://sunsite.icm.edu.plygwin\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\"\ ,\n \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\",\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\"\ ,\n \"http://cygwin.cathedral-\",\n \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org#\"\ ,\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/-\",\n \"http://cygwin.cathedral-networks.org/.\"\ ,\n \"http://cygwin.cathedral-networks.org/.fh\",\n \"http://cygwin.cathedral-networks.org/.i\",\n \"http://cygwin.cathedral-networks.org/.n\"\ ,\n \"http://cygwin.cathedral-networks.org/.n/\",\n \"http://cygwin.cathedral-networks.org//\",\n \"http://cygwin.cathedral-networks.org///\"\ ,\n \"http://cygwin.cathedral-networks.org//A\",\n \"http://cygwin.cathedral-networks.org//A-\",\n \"http://cygwin.cathedral-networks.org//a\"\ ,\n \"http://cygwin.cathedral-networks.org//f\",\n \"http://cygwin.cathedral-networks.org//l\",\n \"http://cygwin.cathedral-networks.org//wX\"\ ,\n \"http://cygwin.cathedral-networks.org/6\",\n \"http://cygwin.cathedral-networks.org/;;\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/?\",\n \"http://cygwin.cathedral-networks.org/B\",\n \"http://cygwin.cathedral-networks.org/C-\"\ ,\n \"http://cygwin.cathedral-networks.org/H\",\n \"http://cygwin.cathedral-networks.org/L\",\n \"http://cygwin.cathedral-networks.org/L4-1&\"\ ,\n \"http://cygwin.cathedral-networks.org/R\",\n \"http://cygwin.cathedral-networks.org/U\",\n \"http://cygwin.cathedral-networks.org/Z\"\ ,\n \"http://cygwin.cathedral-networks.org/_\",\n \"http://cygwin.cathedral-networks.org/a\",\n \"http://cygwin.cathedral-networks.org/ce\"\ ,\n \"http://cygwin.cathedral-networks.org/cy\",\n \"http://cygwin.cathedral-networks.org/d\",\n \"http://cygwin.cathedral-networks.org/e.\"\ ,\n \"http://cygwin.cathedral-networks.org/ec\",\n \"http://cygwin.cathedral-networks.org/ez\",\n \"http://cygwin.cathedral-networks.org/e~\"\ ,\n \"http://cygwin.cathedral-networks.org/fr\",\n \"http://cygwin.cathedral-networks.org/ft\",\n \"http://cygwin.cathedral-networks.org/gq;\"\ ,\n \"http://cygwin.cathedral-networks.org/h\",\n \"http://cygwin.cathedral-networks.org/i\",\n \"http://cygwin.cathedral-networks.org/in4.\"\ ,\n \"http://cygwin.cathedral-networks.org/l\",\n \"http://cygwin.cathedral-networks.org/m\",\n \"http://cygwin.cathedral-networks.org/n/L\"\ ,\n \"http://cygwin.cathedral-networks.org/om\",\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/p.\"\ ,\n \"http://cygwin.cathedral-networks.org/pux\",\n \"http://cygwin.cathedral-networks.org/r\",\n \"http://cygwin.cathedral-networks.org/r/\"\ ,\n \"http://cygwin.cathedral-networks.org/ro\",\n \"http://cygwin.cathedral-networks.org/s\",\n \"http://cygwin.cathedral-networks.org/s.\"\ ,\n \"http://cygwin.cathedral-networks.org/sdD/\",\n \"http://cygwin.cathedral-networks.org/t\",\n \"http://cygwin.cathedral-networks.org/th\"\ ,\n \"http://cygwin.cathedral-networks.org/u.\",\n \"http://cygwin.cathedral-networks.org/v\",\n \"http://cygwin.cathedral-networks.org/wne\"\ ,\n \"http://cygwin.cathedral-networks.org/x\",\n \"http://cygwin.cathedral-networks.org/yn\",\n \"http://cygwin.cathedral-networks.org4-\"\ ,\n \"http://cygwin.cathedral-networks.org9\",\n \"http://cygwin.cathedral-networks.org://\",\n \"http://cygwin.cathedral-networks.orgB\"\ ,\n \"http://cygwin.cathedral-networks.orgG\",\n \"http://cygwin.cathedral-networks.orgM\",\n \"http://cygwin.cathedral-networks.orgX\"\ ,\n \"http://cygwin.cathedral-networks.orgY\",\n \"http://cygwin.cathedral-networks.orgZ\",\n \"http://cygwin.cathedral-networks.orga\"\ ,\n \"http://cygwin.cathedral-networks.orgdot\",\n \"http://cygwin.cathedral-networks.orge=\",\n \"http://cygwin.cathedral-networks.orgen\"\ ,\n \"http://cygwin.cathedral-networks.orgh\",\n \"http://cygwin.cathedral-networks.orgin/L\",\n \"http://cygwin.cathedral-networks.orgj\"\ ,\n \"http://cygwin.cathedral-networks.orgjp\",\n \"http://cygwin.cathedral-networks.orgn/\",\n \"http://cygwin.cathedral-networks.orgn/W\"\ ,\n \"http://cygwin.cathedral-networks.orgn/c\",\n \"http://cygwin.cathedral-networks.orgni-\",\n \"http://cygwin.cathedral-networks.orgors\"\ ,\n \"http://cygwin.cathedral-networks.orgp\",\n \"http://cygwin.cathedral-networks.orgrs.\",\n \"http://cygwin.cathedral-networks.orgstc\"\ ,\n \"http://cygwin.cathedral-networks.orgtp\",\n \"http://cygwin.cathedral-networks.orgv\",\n \"http://cygwin.mbwarez.dk\"\ ,\n \"http://cygwin.mbwarez.dk#\",\n \"http://cygwin.mbwarez.dk$\",\n \"http://cygwin.mbwarez.dk.dewin/et/X411\"\ ,\n \"http://cygwin.mbwarez.dk.net\",\n \"http://cygwin.mbwarez.dk.net/\",\n \"http://cygwin.mbwarez.dk.org\",\n\ \ \"http://cygwin.mbwarez.dk.orgwin//\",\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/$w\",\n \ \ \"http://cygwin.mbwarez.dk/%\",\n \"http://cygwin.mbwarez.dk/(\",\n \"http://cygwin.mbwarez.dk/.ca/om/q\",\n \ \ \"http://cygwin.mbwarez.dk/.cn/cygwin/n\",\n \"http://cygwin.mbwarez.dk/.jp\",\n \"http://cygwin.mbwarez.dk/.org.ilt\"\ ,\n \"http://cygwin.mbwarez.dk/.twaren.net/Un\",\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk///cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin/.c\",\n \"http://cygwin.mbwarez.dk//cygwin//a\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/:\",\n \"http://cygwin.mbwarez.dk//cygwin/F\",\n \"http://cygwin.mbwarez.dk//cygwin/V\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/g\",\n \"http://cygwin.mbwarez.dk//cygwin/h(&1\",\n \"http://cygwin.mbwarez.dk//cygwin/win/\"\ ,\n \"http://cygwin.mbwarez.dk//gwin/n/\",\n \"http://cygwin.mbwarez.dk//in/\",\n \"http://cygwin.mbwarez.dk//win//\"\ ,\n \"http://cygwin.mbwarez.dk//ygwin/dG\",\n \"http://cygwin.mbwarez.dk/0\",\n \"http://cygwin.mbwarez.dk/9\",\n\ \ \"http://cygwin.mbwarez.dk/:1r.\",\n \"http://cygwin.mbwarez.dk/;\",\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\"\ ,\n \"http://cygwin.mbwarez.dk/B\",\n \"http://cygwin.mbwarez.dk/Bulgaria\",\n \"http://cygwin.mbwarez.dk/China\"\ ,\n \"http://cygwin.mbwarez.dk/China/d:\",\n \"http://cygwin.mbwarez.dk/Europek\",\n \"http://cygwin.mbwarez.dk/I\"\ ,\n \"http://cygwin.mbwarez.dk/X\",\n \"http://cygwin.mbwarez.dk/argasso.net\",\n \"http://cygwin.mbwarez.dk/chum.de\"\ ,\n \"http://cygwin.mbwarez.dk/chum.degwin/\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/j\",\n \"http://cygwin.mbwarez.dk/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/)\",\n \"http://cygwin.mbwarez.dk/cygwin/.ucalg$\",\n \"http://cygwin.mbwarez.dk/cygwin//c\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//in/\",\n \"http://cygwin.mbwarez.dk/cygwin/1\",\n \"http://cygwin.mbwarez.dk/cygwin/X\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/cygwin/z\",\n \"http://cygwin.mbwarez.dk/cygwin32/7\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin32/V\",\n \"http://cygwin.mbwarez.dk/cygwin32/b\",\n \"http://cygwin.mbwarez.dk/d.com\"\ ,\n \"http://cygwin.mbwarez.dk/d.com/cygwin/\",\n \"http://cygwin.mbwarez.dk/de/cygwin/\",\n \"http://cygwin.mbwarez.dk/dehttp://f\"\ ,\n \"http://cygwin.mbwarez.dk/deurces.redha=\",\n \"http://cygwin.mbwarez.dk/e\",\n \"http://cygwin.mbwarez.dk/e=\"\ ,\n \"http://cygwin.mbwarez.dk/earia\",\n \"http://cygwin.mbwarez.dk/ecygwin/\",\n \"http://cygwin.mbwarez.dk/edu.sg/mirror/\"\ ,\n \"http://cygwin.mbwarez.dk/ein/://ft\",\n \"http://cygwin.mbwarez.dk/ernode.on.netE\",\n \"http://cygwin.mbwarez.dk/et/cygwin/x5\"\ ,\n \"http://cygwin.mbwarez.dk/etworks.org\",\n \"http://cygwin.mbwarez.dk/etworks.org/U\",\n \"http://cygwin.mbwarez.dk/etygwin/(5\"\ ,\n \"http://cygwin.mbwarez.dk/f\",\n \"http://cygwin.mbwarez.dk/f1p\",\n \"http://cygwin.mbwarez.dk/g$\",\n \ \ \"http://cygwin.mbwarez.dk/g/cygwin/\",\n \"http://cygwin.mbwarez.dk/gwin.uib.no/\",\n \"http://cygwin.mbwarez.dk/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin//n/;\",\n \"http://cygwin.mbwarez.dk/gwin/n//\",\n \"http://cygwin.mbwarez.dk/gwin/n/fa-\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/win/\",\n \"http://cygwin.mbwarez.dk/ia\",\n \"http://cygwin.mbwarez.dk/iajaist.ac.jp\"\ ,\n \"http://cygwin.mbwarez.dk/iar.freebsd.oa\",\n \"http://cygwin.mbwarez.dk/in/\",\n \"http://cygwin.mbwarez.dk/in//\"\ ,\n \"http://cygwin.mbwarez.dk/in///;\",\n \"http://cygwin.mbwarez.dk/in//n//\",\n \"http://cygwin.mbwarez.dk/in/in/2\"\ ,\n \"http://cygwin.mbwarez.dk/in/l.ca/\",\n \"http://cygwin.mbwarez.dk/in/n/\",\n \"http://cygwin.mbwarez.dk/in/nus.edu?.f1\"\ ,\n \"http://cygwin.mbwarez.dk/in/tp.kr.fK\",\n \"http://cygwin.mbwarez.dk/in/ttp://c&\",\n \"http://cygwin.mbwarez.dk/in/x\"\ ,\n \"http://cygwin.mbwarez.dk/in/ygwin/\",\n \"http://cygwin.mbwarez.dk/inf.tu-dresden0\",\n \"http://cygwin.mbwarez.dk/l1\"\ ,\n \"http://cygwin.mbwarez.dk/mirror.e\",\n \"http://cygwin.mbwarez.dk/n/\",\n \"http://cygwin.mbwarez.dk/n///x\"\ ,\n \"http://cygwin.mbwarez.dk/n/cygwin/\",\n \"http://cygwin.mbwarez.dk/n/n/\",\n \"http://cygwin.mbwarez.dk/n/n/in/\"\ ,\n \"http://cygwin.mbwarez.dk/n/win/\",\n \"http://cygwin.mbwarez.dk/netgwin/\",\n \"http://cygwin.mbwarez.dk/om/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/om/cygwin/O\",\n \"http://cygwin.mbwarez.dk/om/cygwin/n/q\",\n \"http://cygwin.mbwarez.dk/or.rafal.ca\"\ ,\n \"http://cygwin.mbwarez.dk/orgitceware.9-\",\n \"http://cygwin.mbwarez.dk/p\",\n \"http://cygwin.mbwarez.dk/p://mirror-hk.\"\ ,\n \"http://cygwin.mbwarez.dk/ps://mirrors.huaweicloud.com/cygwin/\",\n \"http://cygwin.mbwarez.dk/r.lagoon.ncp\",\n \ \ \"http://cygwin.mbwarez.dk/rafal.ca/Q\",\n \"http://cygwin.mbwarez.dk/re.mirror.garrj\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/\",\n\ \ \"http://cygwin.mbwarez.dk/rg/cygwin/N\",\n \"http://cygwin.mbwarez.dk/rs/sources.red\",\n \"http://cygwin.mbwarez.dk/t/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/t/cygwin//#481\",\n \"http://cygwin.mbwarez.dk/t/cygwin/z\",\n \"http://cygwin.mbwarez.dk/tcygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/ternode.on.net\",\n \"http://cygwin.mbwarez.dk/tp\",\n \"http://cygwin.mbwarez.dk/tworks.org\"\ ,\n \"http://cygwin.mbwarez.dk/tworks.org//f\",\n \"http://cygwin.mbwarez.dk/tworks.org/a\",\n \"http://cygwin.mbwarez.dk/tworks.orgB\"\ ,\n \"http://cygwin.mbwarez.dk/win\",\n \"http://cygwin.mbwarez.dk/win.mbwarez\",\n \"http://cygwin.mbwarez.dk/win/\"\ ,\n \"http://cygwin.mbwarez.dk/win/;\",\n \"http://cygwin.mbwarez.dk/win/in//\",\n \"http://cygwin.mbwarez.dk/win/j\"\ ,\n \"http://cygwin.mbwarez.dk/win/s.org\",\n \"http://cygwin.mbwarez.dk/win/so.net/\",\n \"http://cygwin.mbwarez.dk/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/.net/\",\n \"http://cygwin.mbwarez.dk/ygwin/C\",\n \"http://cygwin.mbwarez.dk/ygwin/i\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/in/\",\n \"http://cygwin.mbwarez.dk/ygwin/in/O\",\n \"http://cygwin.mbwarez.dk/ygwin/in/n\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/j\",\n \"http://cygwin.mbwarez.dk/ygwin/ub/c\",\n \"http://cygwin.mbwarez.dk/ygwin/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/ywin/siatac\",\n \"http://cygwin.mbwarez.dk/yz.yam\",\n \"http://cygwin.mbwarez.dkChina\"\ ,\n \"http://cygwin.mbwarez.dkE\",\n \"http://cygwin.mbwarez.dkV\",\n \"http://cygwin.mbwarez.dka.cam/\",\n \ \ \"http://cygwin.mbwarez.dkac.jpet\",\n \"http://cygwin.mbwarez.dkargasso.netO5\",\n \"http://cygwin.mbwarez.dkbochum.de/-\"\ ,\n \"http://cygwin.mbwarez.dkcn/cygw\",\n \"http://cygwin.mbwarez.dkcomgwin/\",\n \"http://cygwin.mbwarez.dkcygwin/\"\ ,\n \"http://cygwin.mbwarez.dkcygwin/9\",\n \"http://cygwin.mbwarez.dkcygwin/B\",\n \"http://cygwin.mbwarez.dkde/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dkdeerks.org\",\n \"http://cygwin.mbwarez.dkdein/\",\n \"http://cygwin.mbwarez.dkdu.cnin/j\"\ ,\n \"http://cygwin.mbwarez.dkdu.tw/pu\",\n \"http://cygwin.mbwarez.dke/cygwin/n.de\",\n \"http://cygwin.mbwarez.dke/pc/prog/cygwi\"\ ,\n \"http://cygwin.mbwarez.dkerloo.cat/\",\n \"http://cygwin.mbwarez.dket/cygwin//\",\n \"http://cygwin.mbwarez.dket/cygwin/ay\"\ ,\n \"http://cygwin.mbwarez.dkftp\",\n \"http://cygwin.mbwarez.dkg\",\n \"http://cygwin.mbwarez.dkg/cygwin/\",\n\ \ \"http://cygwin.mbwarez.dkg/cygwin//n/$\",\n \"http://cygwin.mbwarez.dkg/cygwin/redha\",\n \"http://cygwin.mbwarez.dkgde/cygwin/oo\"\ ,\n \"http://cygwin.mbwarez.dkgwin/\",\n \"http://cygwin.mbwarez.dkin/\",\n \"http://cygwin.mbwarez.dkirror.datacente\"\ ,\n \"http://cygwin.mbwarez.dkirrors.filigrani\",\n \"http://cygwin.mbwarez.dkm/cygwin/(\",\n \"http://cygwin.mbwarez.dkn/cygwin/t\"\ ,\n \"http://cygwin.mbwarez.dknet\",\n \"http://cygwin.mbwarez.dknet/cygwin/;\",\n \"http://cygwin.mbwarez.dknetworks.org/t\"\ ,\n \"http://cygwin.mbwarez.dkngen.desoftwar\",\n \"http://cygwin.mbwarez.dko/cygwin/\",\n \"http://cygwin.mbwarez.dkogie.frgwin/\"\ ,\n \"http://cygwin.mbwarez.dkorgcygwin/7\",\n \"http://cygwin.mbwarez.dkorgn\",\n \"http://cygwin.mbwarez.dkry.camerica\"\ ,\n \"http://cygwin.mbwarez.dksargasso.net#\",\n \"http://cygwin.mbwarez.dksourcewa\",\n \"http://cygwin.mbwarez.dkt/cygwin/t//\"\ ,\n \"http://cygwin.mbwarez.dkub/cygwin///f\",\n \"http://cygwin.mbwarez.dkub/cygwin///m\",\n \"http://cygwin.mbwarez.dkud.comcygwin/\"\ ,\n \"http://cygwin.mbwarez.dkwin/\",\n \"http://cygwin.mbwarez.dkx\",\n \"http://cygwin.mbwarez.dkygwin/in/\",\n\ \ \"http://cygwin.mbwarez.dkygwin/m/t\",\n \"http://cygwin.mbwarezA\",\n \"http://cygwin.mi\",\n \ \ \"http://cygwin.mirror.constant.com\",\n \"http://cygwin.mirror.constant.com%\",\n \"http://cygwin.mirror.constant.com/\",\n \ \ \"http://cygwin.mirror.constant.com/(\",\n \"http://cygwin.mirror.constant.com/.byde\",\n \"http://cygwin.mirror.constant.com/.org/U-\"\ ,\n \"http://cygwin.mirror.constant.com//\",\n \"http://cygwin.mirror.constant.com///a\",\n \"http://cygwin.mirror.constant.com//C5\"\ ,\n \"http://cygwin.mirror.constant.com//n//7;\",\n \"http://cygwin.mirror.constant.com//net//y\",\n \"http://cygwin.mirror.constant.com//ygwin/\"\ ,\n \"http://cygwin.mirror.constant.com/92\",\n \"http://cygwin.mirror.constant.com/;cygwin.mirror.constant.com;North\",\n \ \ \"http://cygwin.mirror.constant.com/cygwin/\",\n \"http://cygwin.mirror.constant.com/cygwin/V/\",\n \"http://cygwin.mirror.constant.com/e:\"\ ,\n \"http://cygwin.mirror.constant.com/et\",\n \"http://cygwin.mirror.constant.com/et/\",\n \"http://cygwin.mirror.constant.com/et/iO\"\ ,\n \"http://cygwin.mirror.constant.com/gwin/cyH\",\n \"http://cygwin.mirror.constant.com/http://m)\",\n \"http://cygwin.mirror.constant.com/http://mz-\"\ ,\n \"http://cygwin.mirror.constant.com/in///0\",\n \"http://cygwin.mirror.constant.com/o.net//-\",\n \"http://cygwin.mirror.constant.com/o.net/M\"\ ,\n \"http://cygwin.mirror.constant.com/or.ch\",\n \"http://cygwin.mirror.constant.com/r\",\n \"http://cygwin.mirror.constant.com/s.org/\"\ ,\n \"http://cygwin.mirror.constant.com/t\",\n \"http://cygwin.mirror.constant.com/t//\",\n \"http://cygwin.mirror.constant.com/t/p\"\ ,\n \"http://cygwin.mirror.constant.com/tr.i\",\n \"http://cygwin.mirror.constant.com/win/\",\n \"http://cygwin.mirror.constant.com/win/://\"\ ,\n \"http://cygwin.mirror.constant.com/win/K4\",\n \"http://cygwin.mirror.constant.com/win/in/n/\",\n \"http://cygwin.mirror.constant.com/win/n/\"\ ,\n \"http://cygwin.mirror.constant.com/y4\",\n \"http://cygwin.mirror.constant.com/ygwin/x\",\n \"http://cygwin.mirror.constant.comG\"\ ,\n \"http://cygwin.mirror.constant.comJ\",\n \"http://cygwin.mirror.constant.comet\",\n \"http://cygwin.mirror.constant.comn/\"\ ,\n \"http://cygwin.mirror.constant.comn/$\",\n \"http://cygwin.mirror.constant.comn/R4\",\n \"http://cygwin.mirror.constant.comn32/V\"\ ,\n \"http://cygwin.mirror.constant.comnet/\",\n \"http://cygwin.mirror.constant.como/or.\"\n ],\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"238\"\n },\n {\n \"description\": \"Uses secure TLS\ \ version for HTTPS connections\",\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.15:49714 version: TLS 1.2\"\n ],\n\ \ \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"7058\"\n },\n {\n \"severity\": \"\ IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\SystemCertificates\\\\AuthRoot\"\n \ \ ],\n \"id\": \"198\",\n \"description\": \"Monitors certain registry keys / values for changes (often done to protect autostart functionality)\"\ \n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"HTTP traffic\ \ on port 49704 -> 443\",\n \"HTTP traffic on port 443 -> 49704\"\n ],\n \"id\": \"625\",\n \"description\"\ : \"Uses HTTPS\"\n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"refs\": [\n \ \ {\n \"ref\": \"#memory_dumps\",\n \"value\": \"program.exe, 00000000.00000002.4544157087.0000000000D09000.00000004.00000020.00020000.00000000.sdmp,\ \ program.exe, 00000000.00000002.4542476600.0000000000C8A000.00000004.00000020.00020000.00000000.sdmp\"\n },\n {\n \ \ \"ref\": \"#memory_dumps\",\n \"value\": \"program.exe, 00000000.00000002.4542476600.0000000000C8A000.00000004.00000020.00020000.00000000.sdmp\"\n \ \ }\n ],\n \"match_data\": [\n \"Hyper-V RAW\",\n \"Hyper-V RAWh\"\n \ \ ],\n \"id\": \"263\",\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in\ \ memory)\"\n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \ \ \"ftp://cygwin.mirror.rafal.ca/pub/cygwin/\",\n \"ftp://ftp-stud.hs-esslingen.der\",\n \"ftp://ftp.0\",\n \"\ ftp://ftp.P\",\n \"ftp://ftp.acc.umu.se/mirror/cygwin/http$\",\n \"ftp://ftp.fau.de/cygwin/c\",\n \"ftp://ftp.fsn.hu/pub/cygwin//\"\ ,\n \"ftp://ftp.fsn.hu/pub/cygwin/rs\",\n \"ftp://ftp.ha&\",\n \"ftp://ftp.halifax.rwth-aachen.de/cygwin/ygwin\"\ ,\n \"ftp://ftp.halifax.rwth-aachen.der\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://m%Ccpr;\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://G\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/n\",\n \"ftp://ftp.inf.tu-dresden.de\"\ ,\n \"ftp://ftp.inf.tu-dresden.dewin/s\",\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/\",\n \"ftp://ftp.kaist.ac.kr/cygwin/http://m\"\ ,\n \"ftp://ftp.kaist.ac.kr/cygwin/or\",\n \"ftp://ftp.kaist.ac.kr/cygwin/win\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://m\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://\",\n \"ftp://ftp.kr.freebsd.orggwin/https://UA\",\n \ \ \"ftp://ftp.lip6.fr/pub/cygwin/\",\n \"ftp://ftp.lip6.fr/pub/cygwin//http://m%Ccpr;\",\n \"ftp://ftp.lip6.fr/pub/cygwin//https://t\",\n \ \ \"ftp://ftp.lip6.fr/pub/cygwin/http://m\",\n \"ftp://ftp.lip6.fr/pub/cygwin/win/\",\n \"ftp://ftp.lip6.frs\",\n\ \ \"ftp://ftp.n\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/http://\",\n \"ftp://ftp.rnl.tecnico.ulisboa.pt\",\n \ \ \"ftp://ftp.snt.utwente.nlp\",\n \"ftp://ftp.snt.utwente.nltp\",\n \"ftp://ftp.snt.utwente.nlu.edu.cn\",\n \ \ \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/\",\n \"ftp://ftp.yz.yamagata-u.ac.jphttp://f\",\n \"ftp://ftp.yz.yamagata-u.ac.jpp\"\ ,\n \"ftp://mirror.checkdomain.deftp\",\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin/ors\",\n \"ftp://mirror.datacenter.by\"\ ,\n \"ftp://mirror.datacenter.byrrors\",\n \"ftp://mirror.easyname.atin\",\n \"ftp://mirror.i4\",\n \ \ \"ftp://mirror.lagoon.nc/cygwin/https://\",\n \"ftp://mirror.rise.ph/cygwin/cygwin/\",\n \"ftp://mirrors.dotsrc.orgu\",\n \ \ \"ftp://mirrors.netix.net/cygwin/https://\",\n \"ftp://mirrors.netix.net/cygwin/https://y\",\n \"ftp://mirrors.sonic.net/cygwin/https://\"\ ,\n \"ftp://mirrors.sonic.net/cygwin/rs\",\n \"ftp://mirrors.xmission.com\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\"\ ,\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/n\",\n \ \ \"ftp://sunsite.icm.edu.plp\",\n \"http://ac.economia.gob.mx/cps.html0\",\n \"http://ac.economia.gob.mx/last.crl0G\",\n \ \ \"http://acedicom.edicomgroup.com/doc0\",\n \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0\"\ ,\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \ \ \"http://ca.disig.sk/ca/crl/ca_disig.crl0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0g\",\n\ \ \"http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03\",\n \"http://ca.mtin.es/mtin/ocsp0\",\n \"http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0\"\ ,\n \"http://certificates.starfieldtech.com/repository/1604\",\n \"http://certs.oati.net/repository/OATICA2.crl0\",\n \ \ \"http://certs.oati.net/repository/OATICA2.crt0\",\n \"http://certs.oaticerts.com/repository/OATICA2.crl\",\n \"http://certs.oaticerts.com/repository/OATICA2.crt08\"\ ,\n \"http://cps.chambersign.org/cps/chambersignroot.html0\",\n \"http://cps.chambersign.org/cps/chambersroot.html0\",\n \ \ \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\",\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \ \ \"http://crl.certigna.fr/certignarootca.crl01\",\n \"http://crl.chambersign.org/chambersignroot.crl0\",\n \"http://crl.chambersign.org/chambersroot.crl0\"\ ,\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \"http://crl.defence.gov.au/pki0\",\n \"http://crl.dhimyotis.com/certignarootca.crl0\"\ ,\n \"http://crl.globalsign.net/root-r2.crl0\",\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\"\ ,\n \"http://crl.pki.wellsfargo.com/wsprca.crl0\",\n \"http://crl.securetrust.com/SGCA.crl0\",\n \"http://crl.securetrust.com/STCA.crl0\"\ ,\n \"http://crl.ssc.lt/root-a/cacrl.crl0\",\n \"http://crl.ssc.lt/root-b/cacrl.crl0\",\n \"http://crl.ssc.lt/root-c/cacrl.crl0\"\ ,\n \"http://crl.xrampsecurity.com/XGCA.crl0\",\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\",\n \"\ http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab\",\n \"http://ctldl.windowsupdate.com/z\",\n \ \ \"http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635\",\n \"http://cygwin.cathedral-\",\n\ \ \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org#\",\n \"http://cygwin.cathedral-networks.org$\"\ ,\n \"http://cygwin.cathedral-networks.org(\",\n \"http://cygwin.cathedral-networks.org-hk.koddos.net/cygwin/works.org/nB\",\n \ \ \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/$\",\n \"http://cygwin.cathedral-networks.org/%\"\ ,\n \"http://cygwin.cathedral-networks.org/(\",\n \"http://cygwin.cathedral-networks.org/(A\",\n \"http://cygwin.cathedral-networks.org/.\"\ ,\n \"http://cygwin.cathedral-networks.org/.d\",\n \"http://cygwin.cathedral-networks.org/.l\",\n \"http://cygwin.cathedral-networks.org/.lk\"\ ,\n \"http://cygwin.cathedral-networks.org/.v\",\n \"http://cygwin.cathedral-networks.org//\",\n \"http://cygwin.cathedral-networks.org///\"\ ,\n \"http://cygwin.cathedral-networks.org///#\",\n \"http://cygwin.cathedral-networks.org//5\",\n \"http://cygwin.cathedral-networks.org//c\"\ ,\n \"http://cygwin.cathedral-networks.org//f?\",\n \"http://cygwin.cathedral-networks.org//ftp.lip6.fro/p\",\n \"\ http://cygwin.cathedral-networks.org//l\",\n \"http://cygwin.cathedral-networks.org//m\",\n \"http://cygwin.cathedral-networks.org//mN\",\n\ \ \"http://cygwin.cathedral-networks.org//o\",\n \"http://cygwin.cathedral-networks.org/1\",\n \"http://cygwin.cathedral-networks.org/5\"\ ,\n \"http://cygwin.cathedral-networks.org/8\",\n \"http://cygwin.cathedral-networks.org/8C\",\n \"http://cygwin.cathedral-networks.org/:/&\"\ ,\n \"http://cygwin.cathedral-networks.org/:EC\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/Am\",\n \"http://cygwin.cathedral-networks.org/D\",\n \"http://cygwin.cathedral-networks.org/E\"\ ,\n \"http://cygwin.cathedral-networks.org/M\",\n \"http://cygwin.cathedral-networks.org/PC\",\n \"http://cygwin.cathedral-networks.org/R\"\ ,\n \"http://cygwin.cathedral-networks.org/U\",\n \"http://cygwin.cathedral-networks.org/Y\",\n \"http://cygwin.cathedral-networks.org/a\"\ ,\n \"http://cygwin.cathedral-networks.org/c\",\n \"http://cygwin.cathedral-networks.org/d4\",\n \"http://cygwin.cathedral-networks.org/e\"\ ,\n \"http://cygwin.cathedral-networks.org/et\",\n \"http://cygwin.cathedral-networks.org/f.\",\n \"http://cygwin.cathedral-networks.org/ft\"\ ,\n \"http://cygwin.cathedral-networks.org/fts\",\n \"http://cygwin.cathedral-networks.org/g\",\n \"http://cygwin.cathedral-networks.org/g_\"\ ,\n \"http://cygwin.cathedral-networks.org/ia\",\n \"http://cygwin.cathedral-networks.org/in\",\n \"http://cygwin.cathedral-networks.org/ixG\"\ ,\n \"http://cygwin.cathedral-networks.org/kw\",\n \"http://cygwin.cathedral-networks.org/lA\",\n \"http://cygwin.cathedral-networks.org/laqB4pnJ\"\ ,\n \"http://cygwin.cathedral-networks.org/m\",\n \"http://cygwin.cathedral-networks.org/mit\",\n \"http://cygwin.cathedral-networks.org/n/\"\ ,\n \"http://cygwin.cathedral-networks.org/ni)\",\n \"http://cygwin.cathedral-networks.org/om\",\n \"http://cygwin.cathedral-networks.org/ot\"\ ,\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/qN3p-\",\n \"http://cygwin.cathedral-networks.org/qN6p\"\ ,\n \"http://cygwin.cathedral-networks.org/r\",\n \"http://cygwin.cathedral-networks.org/rX\",\n \"http://cygwin.cathedral-networks.org/rb\"\ ,\n \"http://cygwin.cathedral-networks.org/rr\",\n \"http://cygwin.cathedral-networks.org/sc\",\n \"http://cygwin.cathedral-networks.org/t\"\ ,\n \"http://cygwin.cathedral-networks.org/th\",\n \"http://cygwin.cathedral-networks.org/tpr\",\n \"http://cygwin.cathedral-networks.org/ts\"\ ,\n \"http://cygwin.cathedral-networks.org/u/\",\n \"http://cygwin.cathedral-networks.org/um\",\n \"http://cygwin.cathedral-networks.org/unE\"\ ,\n \"http://cygwin.cathedral-networks.org/wi\",\n \"http://cygwin.cathedral-networks.org/y\",\n \"http://cygwin.cathedral-networks.org/ygxZ\"\ ,\n \"http://cygwin.cathedral-networks.org/z\",\n \"http://cygwin.cathedral-networks.org/~L\",\n \"http://cygwin.cathedral-networks.org0\"\ ,\n \"http://cygwin.cathedral-networks.org4\",\n \"http://cygwin.cathedral-networks.org;C\",\n \"http://cygwin.cathedral-networks.orgC\"\ ,\n \"http://cygwin.cathedral-networks.orgTL\",\n \"http://cygwin.cathedral-networks.orgV\",\n \"http://cygwin.cathedral-networks.orgY\"\ ,\n \"http://cygwin.cathedral-networks.orgZMAp1\",\n \"http://cygwin.cathedral-networks.orga\",\n \"http://cygwin.cathedral-networks.orgatedZ\"\ ,\n \"http://cygwin.cathedral-networks.orgb\",\n \"http://cygwin.cathedral-networks.orgcomR\",\n \"http://cygwin.cathedral-networks.orgefi\"\ ,\n \"http://cygwin.cathedral-networks.orget\",\n \"http://cygwin.cathedral-networks.orghumG\",\n \"http://cygwin.cathedral-networks.orgkod\"\ ,\n \"http://cygwin.cathedral-networks.orgli\",\n \"http://cygwin.cathedral-networks.orgmi\",\n \"http://cygwin.cathedral-networks.orgn.me\"\ ,\n \"http://cygwin.cathedral-networks.orgn/\",\n \"http://cygwin.cathedral-networks.orgr.i\",\n \"http://cygwin.cathedral-networks.orgrs.\"\ ,\n \"http://cygwin.cathedral-networks.orguX\",\n \"http://cygwin.cathedral-networks.orguts\",\n \"http://cygwin.cathedral-networks.orgx\"\ ,\n \"http://cygwin.cathedral-networks.org~A\",\n \"http://cygwin.mbwarez.dk\",\n \"http://cygwin.mbwarez.dk.au\"\ ,\n \"http://cygwin.mbwarez.dk.bycygwin/\",\n \"http://cygwin.mbwarez.dk.de$\",\n \"http://cygwin.mbwarez.dk.de/cygwin/r\"\ ,\n \"http://cygwin.mbwarez.dk.fau.de$\",\n \"http://cygwin.mbwarez.dk.ntua.gr/pub/pc-\",\n \"http://cygwin.mbwarez.dk.twaren.net/Uni4\"\ ,\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/.ac.nz.by/pubJ\",\n \"http://cygwin.mbwarez.dk/.ac.nzS\"\ ,\n \"http://cygwin.mbwarez.dk/.acc.umu.se/miw\",\n \"http://cygwin.mbwarez.dk/.ca\",\n \"http://cygwin.mbwarez.dk/.cn/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/.de/cygwin/\",\n \"http://cygwin.mbwarez.dk/.degwin//f\",\n \"http://cygwin.mbwarez.dk/.gr/pub/pc/cy\"\ ,\n \"http://cygwin.mbwarez.dk/.gutscheinraus\",\n \"http://cygwin.mbwarez.dk/.rise.ph/cy\",\n \"http://cygwin.mbwarez.dk/.tech/pub/cyg\"\ ,\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk///mirror.ma\",\n \"http://cygwin.mbwarez.dk//cy\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin//\",\n \"http://cygwin.mbwarez.dk//cygwin/8M~po)\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/etw\",\n \"http://cygwin.mbwarez.dk//cygwin/goon.\",\n \"http://cygwin.mbwarez.dk//cygwin/gw\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/in/\",\n \"http://cygwin.mbwarez.dk//cygwin/n/\",\n \"http://cygwin.mbwarez.dk//cygwin/s://\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/t.edu\",\n \"http://cygwin.mbwarez.dk//cygwin32/\",\n \"http://cygwin.mbwarez.dk//gwin/\"\ ,\n \"http://cygwin.mbwarez.dk//gwin/htt\",\n \"http://cygwin.mbwarez.dk//in/JR\",\n \"http://cygwin.mbwarez.dk//in/win//\"\ ,\n \"http://cygwin.mbwarez.dk//n/\",\n \"http://cygwin.mbwarez.dk//n///\",\n \"http://cygwin.mbwarez.dk//n/gwin/w\"\ ,\n \"http://cygwin.mbwarez.dk//pub/cygwin/G\",\n \"http://cygwin.mbwarez.dk/0\",\n \"http://cygwin.mbwarez.dk/6\"\ ,\n \"http://cygwin.mbwarez.dk/8K\",\n \"http://cygwin.mbwarez.dk/9\",\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\"\ ,\n \"http://cygwin.mbwarez.dk/?\",\n \"http://cygwin.mbwarez.dk/C\",\n \"http://cygwin.mbwarez.dk/China//\",\n \ \ \"http://cygwin.mbwarez.dk/China0\",\n \"http://cygwin.mbwarez.dk/Europe\",\n \"http://cygwin.mbwarez.dk/Fpa\",\n\ \ \"http://cygwin.mbwarez.dk/Hong\",\n \"http://cygwin.mbwarez.dk/I\",\n \"http://cygwin.mbwarez.dk/Moldova\",\n\ \ \"http://cygwin.mbwarez.dk/O\",\n \"http://cygwin.mbwarez.dk/Q\",\n \"http://cygwin.mbwarez.dk/achen.de\",\n \ \ \"http://cygwin.mbwarez.dk/argasso.net/9Z\",\n \"http://cygwin.mbwarez.dk/auin/in//\",\n \"http://cygwin.mbwarez.dk/auirror\"\ ,\n \"http://cygwin.mbwarez.dk/bochum.de/down%\",\n \"http://cygwin.mbwarez.dk/by\",\n \"http://cygwin.mbwarez.dk/byfly.byen.de\"\ ,\n \"http://cygwin.mbwarez.dk/c.jpin/or\",\n \"http://cygwin.mbwarez.dk/c.org.ilc.jp0\",\n \"http://cygwin.mbwarez.dk/checkdomain\"\ ,\n \"http://cygwin.mbwarez.dk/chum.de\",\n \"http://cygwin.mbwarez.dk/chum.de/cygwin=RAp.1\",\n \"http://cygwin.mbwarez.dk/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//\",\n \"http://cygwin.mbwarez.dk/cygwin/://ft\",\n \"http://cygwin.mbwarez.dk/cygwin/F\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/in/ix\",\n \"http://cygwin.mbwarez.dk/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/cygwin/n//ftf\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n/tac\",\n \"http://cygwin.mbwarez.dk/cygwin/p://mi\",\n \"http://cygwin.mbwarez.dk/cygwin/win/l\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/yname.D\",\n \"http://cygwin.mbwarez.dk/cygwin32/c\",\n \"http://cygwin.mbwarez.dk/d.com/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/e\",\n \"http://cygwin.mbwarez.dk/e/cygwin/kod/\",\n \"http://cygwin.mbwarez.dk/edu.cnet\"\ ,\n \"http://cygwin.mbwarez.dk/eetin/\",\n \"http://cygwin.mbwarez.dk/en.de\",\n \"http://cygwin.mbwarez.dk/et.fion/\"\ ,\n \"http://cygwin.mbwarez.dk/et/cygwin//7\",\n \"http://cygwin.mbwarez.dk/et/cygwin/p\",\n \"http://cygwin.mbwarez.dk/etcygwin/.ma\"\ ,\n \"http://cygwin.mbwarez.dk/etworks.orgy\",\n \"http://cygwin.mbwarez.dk/g/cygwin/%Kjp.\",\n \"http://cygwin.mbwarez.dk/garr.itrror.d\"\ ,\n \"http://cygwin.mbwarez.dk/gie.fr\",\n \"http://cygwin.mbwarez.dk/gie.frygwin/\",\n \"http://cygwin.mbwarez.dk/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/.org//\",\n \"http://cygwin.mbwarez.dk/gwin///k\",\n \"http://cygwin.mbwarez.dk/gwin/cygwin/9\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/in/\",\n \"http://cygwin.mbwarez.dk/gwin/n//\",\n \"http://cygwin.mbwarez.dk/h.de\"\ ,\n \"http://cygwin.mbwarez.dk/hen.de.com\",\n \"http://cygwin.mbwarez.dk/https://mirror2Bupa5\",\n \"http://cygwin.mbwarez.dk/ia\"\ ,\n \"http://cygwin.mbwarez.dk/in/\",\n \"http://cygwin.mbwarez.dk/in//\",\n \"http://cygwin.mbwarez.dk/in//win/)\"\ ,\n \"http://cygwin.mbwarez.dk/in/in//X\",\n \"http://cygwin.mbwarez.dk/in/in/n/\",\n \"http://cygwin.mbwarez.dk/in/in32/\"\ ,\n \"http://cygwin.mbwarez.dk/in/n.de\",\n \"http://cygwin.mbwarez.dk/in/n/\",\n \"http://cygwin.mbwarez.dk/in/n/%\"\ ,\n \"http://cygwin.mbwarez.dk/in/win/twin3\",\n \"http://cygwin.mbwarez.dk/in/win32/\",\n \"http://cygwin.mbwarez.dk/in/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/irrors/sourcew\",\n \"http://cygwin.mbwarez.dk/jp1p\",\n \"http://cygwin.mbwarez.dk/m\"\ ,\n \"http://cygwin.mbwarez.dk/m/cygwin/9JpF\",\n \"http://cygwin.mbwarez.dk/min/.\",\n \"http://cygwin.mbwarez.dk/n/\"\ ,\n \"http://cygwin.mbwarez.dk/n/cB\",\n \"http://cygwin.mbwarez.dk/n/cygwin/\",\n \"http://cygwin.mbwarez.dk/n/cygwin/(\"\ ,\n \"http://cygwin.mbwarez.dk/n/in/in/\",\n \"http://cygwin.mbwarez.dk/net//\",\n \"http://cygwin.mbwarez.dk/netm\"\ ,\n \"http://cygwin.mbwarez.dk/netn/in/\",\n \"http://cygwin.mbwarez.dk/ng\",\n \"http://cygwin.mbwarez.dk/om\",\n\ \ \"http://cygwin.mbwarez.dk/om/cygwin/\",\n \"http://cygwin.mbwarez.dk/om/cygwin/B\",\n \"http://cygwin.mbwarez.dk/om/cygwin/c\"\ ,\n \"http://cygwin.mbwarez.dk/om/cygwin/d.o$\",\n \"http://cygwin.mbwarez.dk/om/cygwin/ja\",\n \"http://cygwin.mbwarez.dk/org1\"\ ,\n \"http://cygwin.mbwarez.dk/p\",\n \"http://cygwin.mbwarez.dk/p.inf.tu-dresd\",\n \"http://cygwin.mbwarez.dk/pks.orgmi\"\ ,\n \"http://cygwin.mbwarez.dk/r/cygwin/\",\n \"http://cygwin.mbwarez.dk/rks.org/r\",\n \"http://cygwin.mbwarez.dk/rro\"\ ,\n \"http://cygwin.mbwarez.dk/rror.isoc.oC\",\n \"http://cygwin.mbwarez.dk/st\",\n \"http://cygwin.mbwarez.dk/t/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/t/cygwin//\",\n \"http://cygwin.mbwarez.dk/t/cygwin/t\",\n \"http://cygwin.mbwarez.dk/then.de\"\ ,\n \"http://cygwin.mbwarez.dk/ttp://ftp.f\",\n \"http://cygwin.mbwarez.dk/ttps://\",\n \"http://cygwin.mbwarez.dk/tworks.org/\"\ ,\n \"http://cygwin.mbwarez.dk/u.cn\",\n \"http://cygwin.mbwarez.dk/u.cn/cP\",\n \"http://cygwin.mbwarez.dk/u.edu.cnC\"\ ,\n \"http://cygwin.mbwarez.dk/ub/cygwin/cBVp\",\n \"http://cygwin.mbwarez.dk/ucomP\",\n \"http://cygwin.mbwarez.dk/wente.nlno/tG\"\ ,\n \"http://cygwin.mbwarez.dk/win/\",\n \"http://cygwin.mbwarez.dk/win/3\",\n \"http://cygwin.mbwarez.dk/win/acente\"\ ,\n \"http://cygwin.mbwarez.dk/win/gwin/O\",\n \"http://cygwin.mbwarez.dk/win/in/:\",\n \"http://cygwin.mbwarez.dk/win/it\"\ ,\n \"http://cygwin.mbwarez.dk/win/n/(\",\n \"http://cygwin.mbwarez.dk/win/win/\",\n \"http://cygwin.mbwarez.dk/win/win/p://Z\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/\",\n \"http://cygwin.mbwarez.dk/ygwin/.ncH\",\n \"http://cygwin.mbwarez.dk/ygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/E\",\n \"http://cygwin.mbwarez.dk/ygwin/I\",\n \"http://cygwin.mbwarez.dk/ygwin/cyg\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/cygwin/\",\n \"http://cygwin.mbwarez.dk/ygwin/n/\",\n \"http://cygwin.mbwarez.dk0\"\ ,\n \"http://cygwin.mbwarez.dkI\",\n \"http://cygwin.mbwarez.dkaachen.de;\",\n \"http://cygwin.mbwarez.dkaachen.dewin/\"\ ,\n \"http://cygwin.mbwarez.dkachen\",\n \"http://cygwin.mbwarez.dkare.mirror.garr\",\n \"http://cygwin.mbwarez.dkarez.d\"\ ,\n \"http://cygwin.mbwarez.dkargasso.netkod/\",\n \"http://cygwin.mbwarez.dkauc.nzin/\",\n \"http://cygwin.mbwarez.dkauwin/p://ftp\"\ \n ],\n \"id\": \"238\",\n \"description\": \"URLs found in memory or binary data\"\n },\n \ \ {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\ \\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\"\n ],\n \"id\": \"90\",\n \"description\": \"Creates files inside the user directory\"\ \n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"8.43.85.97:443\ \ -> 192.168.2.9:49704 version: TLS 1.2\"\n ],\n \"id\": \"7058\",\n \"description\": \"Uses secure TLS version for HTTPS connections\"\ \n },\n {\n \"id\": \"625\",\n \"match_data\": [\n \"HTTP traffic on port 443 -> 49720\"\ ,\n \"HTTP traffic on port 49720 -> 443\"\n ],\n \"description\": \"Uses HTTPS\",\n \"severity\":\ \ \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"263\",\n \"refs\": [\n {\n \ \ \"ref\": \"#memory_dumps\",\n \"value\": \"file.exe, 00000001.00000002.4863440201.000000000013E000.00000004.00000020.00020000.00000000.sdmp\"\ \n },\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"file.exe, 00000001.00000002.4863975444.0000000000185000.00000004.00000020.00020000.00000000.sdmp,\ \ file.exe, 00000001.00000002.4862480485.00000000000B8000.00000004.00000020.00020000.00000000.sdmp\"\n }\n ],\n \"match_data\"\ : [\n \"Hyper-V RAW ^\",\n \"Hyper-V RAW\"\n ],\n \"description\": \"May try to detect the virtual\ \ machine to hinder analysis (VM artifact strings found in memory)\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \ \ \"id\": \"238\",\n \"match_data\": [\n \"ftp://cygwin.mirror.rafal.cap\",\n \"ftp://ftp.acc.umu.se/mirror/cygwin/http\"\ ,\n \"ftp://ftp.byfly.by/pub/cygwin/in\",\n \"ftp://ftp.byfly.by/pub/cygwin/win/\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://\"\ ,\n \"ftp://ftp.fau.de/cygwin/.can\",\n \"ftp://ftp.fau.de/cygwin/c\",\n \"ftp://ftp.fs\",\n \ \ \"ftp://ftp.fsn.hu/pub/cygwin/irror\",\n \"ftp://ftp.fsn.hu/pub/cygwin/r\",\n \"ftp://ftp.fsn.hu/pub/cygwin/s\",\n \ \ \"ftp://ftp.fsn.hu/pub/cygwin/ygwin\",\n \"ftp://ftp.fsn.huhttps:/\",\n \"ftp://ftp.funet.fi\",\n \"\ ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/gwin/https://\",\n \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/org\",\n \ \ \"ftp://ftp.halifax.rwth-aachen.de/cygwin/http://m\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://m~\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://S\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://V\",\n \"ftp://ftp.inf.tu-dresden.de/software/windows/cygwin32/kdomain\"\ ,\n \"ftp://ftp.kaist.ac.kr/cygwin/in/arr.itgen.denet\",\n \"ftp://ftp.kr.freebsd.org\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://cr\"\ ,\n \"ftp://ftp.kr.freebsd.orghttps://\",\n \"ftp://ftp.kr.freebsd.orgygwin/https://\",\n \"ftp://ftp.lip6.fr/pub/cygwin/\"\ ,\n \"ftp://ftp.lip6.fr/pub/cygwin/in/https://U\",\n \"ftp://ftp.lip6.fr/pub/cygwin/p\",\n \"ftp://ftp.mirrorservice.org/sites/sourceware.org/pub/cygwin/\"\ ,\n \"ftp://ftp.mirrorservice.org/sites/sourceware.org/pub/cygwin/gwin\",\n \"ftp://ftp.n\",\n \"ftp://ftp.nP\",\n\ \ \"ftp://ftp.ntua.gr/pub/pc/cygwin/\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/https://U\",\n \"ftp://ftp.ntua.grhttps:\"\ ,\n \"ftp://ftp.rn\",\n \"ftp://ftp.rnl.tecnico.ulisboa.pt/pub/cygwin/http://m\",\n \"ftp://ftp.snt.utwente.nl\"\ ,\n \"ftp://ftp.snt.utwente.nlt\",\n \"ftp://ftp.x\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/\",\n \ \ \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/c\",\n \"ftp://linux.rz.ruhr-uni-bochum.de/cygwin/https://\",\n \"ftp://mirror.checkdomain.de/cygwin/https://ftp.i\"\ ,\n \"ftp://mirror.easyname.athttp://c\",\n \"ftp://mirror.internode.on.net/pub/cygwin/\",\n \"ftp://mirror.internode.on.netrs\"\ ,\n \"ftp://mirror.lagoon.nc/cygwin/http://fV\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/in/\",\n \"ftp://mirrors.dotsrc.orggn.dehttp://f=\"\ ,\n \"ftp://mirrors.dotsrc.orgn.deom\",\n \"ftp://mirrors.xmission.com/cygwin/com/http://fL\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\"\ ,\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin///http://m\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://m\",\n \ \ \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://\",\n \"http://ac.economia.gob.mx/cps.html0\",\n \"http://ac.economia.gob.mx/last.crl0G\"\ ,\n \"http://acedicom.edicomgroup.com/doc0\",\n \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0\"\ ,\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \ \ \"http://ca.disig.sk/ca/crl/ca_disig.crl0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0g\",\n\ \ \"http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03\",\n \"http://ca.mtin.es/mtin/ocsp0\",\n \"http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0\"\ ,\n \"http://certificates.starfieldtech.com/repository/1604\",\n \"http://certs.oati.net/repository/OATICA2.crl0\",\n \ \ \"http://certs.oati.net/repository/OATICA2.crt0\",\n \"http://certs.oaticerts.com/repository/OATICA2.crl\",\n \"http://certs.oaticerts.com/repository/OATICA2.crt08\"\ ,\n \"http://cps.chambersign.org/cps/chambersignroot.html0\",\n \"http://cps.chambersign.org/cps/chambersroot.html0\",\n \ \ \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\",\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \ \ \"http://crl.certigna.fr/certignarootca.crl01\",\n \"http://crl.chambersign.org/chambersignroot.crl0\",\n \"http://crl.chambersign.org/chambersroot.crl0\"\ ,\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \"http://crl.defence.gov.au/pki0\",\n \"http://crl.dhimyotis.com/certignarootca.crl0\"\ ,\n \"http://crl.globalsign.net/root-r2.crl0\",\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\"\ ,\n \"http://crl.pki.wellsfargo.com/wsprca.crl0\",\n \"http://crl.securetrust.com/SGCA.crl0\",\n \"http://crl.securetrust.com/STCA.crl0\"\ ,\n \"http://crl.ssc.lt/root-a/cacrl.crl0\",\n \"http://crl.ssc.lt/root-b/cacrl.crl0\",\n \"http://crl.ssc.lt/root-c/cacrl.crl0\"\ ,\n \"http://crl.xrampsecurity.com/XGCA.crl0\",\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\",\n \"\ http://ctldl.windowsupdate.com/R\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\",\n \ \ \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en031b9\"\ ,\n \"http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635\",\n \"http://cygwin.cathedral-\"\ ,\n \"http://cygwin.cathedral-.\",\n \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org%\"\ ,\n \"http://cygwin.cathedral-networks.org-itU\",\n \"http://cygwin.cathedral-networks.org.\",\n \"http://cygwin.cathedral-networks.org/\"\ ,\n \"http://cygwin.cathedral-networks.org/#\",\n \"http://cygwin.cathedral-networks.org/%\",\n \"http://cygwin.cathedral-networks.org/(\"\ ,\n \"http://cygwin.cathedral-networks.org/)\",\n \"http://cygwin.cathedral-networks.org/-m\",\n \"http://cygwin.cathedral-networks.org/.eS\"\ ,\n \"http://cygwin.cathedral-networks.org/.o\",\n \"http://cygwin.cathedral-networks.org/.s\",\n \"http://cygwin.cathedral-networks.org//\"\ ,\n \"http://cygwin.cathedral-networks.org//&\",\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org///E\"\ ,\n \"http://cygwin.cathedral-networks.org///g\",\n \"http://cygwin.cathedral-networks.org//U\",\n \"http://cygwin.cathedral-networks.org//f\"\ ,\n \"http://cygwin.cathedral-networks.org//l\",\n \"http://cygwin.cathedral-networks.org//m\",\n \"http://cygwin.cathedral-networks.org//mX\"\ ,\n \"http://cygwin.cathedral-networks.org//o\",\n \"http://cygwin.cathedral-networks.org/5\",\n \"http://cygwin.cathedral-networks.org/:\"\ ,\n \"http://cygwin.cathedral-networks.org/:/-\",\n \"http://cygwin.cathedral-networks.org/;\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/B\",\n \"http://cygwin.cathedral-networks.org/D\",\n \"http://cygwin.cathedral-networks.org/E\"\ ,\n \"http://cygwin.cathedral-networks.org/Europe\",\n \"http://cygwin.cathedral-networks.org/K\",\n \"http://cygwin.cathedral-networks.org/L\"\ ,\n \"http://cygwin.cathedral-networks.org/M\",\n \"http://cygwin.cathedral-networks.org/R\",\n \"http://cygwin.cathedral-networks.org/a\"\ ,\n \"http://cygwin.cathedral-networks.org/a=\",\n \"http://cygwin.cathedral-networks.org/c\",\n \"http://cygwin.cathedral-networks.org/cy\"\ ,\n \"http://cygwin.cathedral-networks.org/du\",\n \"http://cygwin.cathedral-networks.org/e/\",\n \"http://cygwin.cathedral-networks.org/ed\"\ ,\n \"http://cygwin.cathedral-networks.org/f\",\n \"http://cygwin.cathedral-networks.org/ftg\",\n \"http://cygwin.cathedral-networks.org/gwN\"\ ,\n \"http://cygwin.cathedral-networks.org/h\",\n \"http://cygwin.cathedral-networks.org/in\",\n \"http://cygwin.cathedral-networks.org/irD\"\ ,\n \"http://cygwin.cathedral-networks.org/k\",\n \"http://cygwin.cathedral-networks.org/l(\",\n \"http://cygwin.cathedral-networks.org/la\"\ ,\n \"http://cygwin.cathedral-networks.org/li\",\n \"http://cygwin.cathedral-networks.org/m\",\n \"http://cygwin.cathedral-networks.org/mT\"\ ,\n \"http://cygwin.cathedral-networks.org/mi\",\n \"http://cygwin.cathedral-networks.org/n/\",\n \"http://cygwin.cathedral-networks.org/nl\"\ ,\n \"http://cygwin.cathedral-networks.org/o.\",\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/p:\"\ ,\n \"http://cygwin.cathedral-networks.org/pl\",\n \"http://cygwin.cathedral-networks.org/pu_\",\n \"http://cygwin.cathedral-networks.org/r\"\ ,\n \"http://cygwin.cathedral-networks.org/rs\",\n \"http://cygwin.cathedral-networks.org/s.\",\n \"http://cygwin.cathedral-networks.org/t\"\ ,\n \"http://cygwin.cathedral-networks.org/t.\",\n \"http://cygwin.cathedral-networks.org/t.z\",\n \"http://cygwin.cathedral-networks.org/te\"\ ,\n \"http://cygwin.cathedral-networks.org/tp\",\n \"http://cygwin.cathedral-networks.org/tv\",\n \"http://cygwin.cathedral-networks.org/uw\"\ ,\n \"http://cygwin.cathedral-networks.org/w\",\n \"http://cygwin.cathedral-networks.org/x\",\n \"http://cygwin.cathedral-networks.org0\"\ ,\n \"http://cygwin.cathedral-networks.org1\",\n \"http://cygwin.cathedral-networks.org2\",\n \"http://cygwin.cathedral-networks.orgG\"\ ,\n \"http://cygwin.cathedral-networks.orgM\",\n \"http://cygwin.cathedral-networks.orga\",\n \"http://cygwin.cathedral-networks.orge\"\ ,\n \"http://cygwin.cathedral-networks.orget\",\n \"http://cygwin.cathedral-networks.orgf\",\n \"http://cygwin.cathedral-networks.orgftp\"\ ,\n \"http://cygwin.cathedral-networks.orggwi\",\n \"http://cygwin.cathedral-networks.orgk\",\n \"http://cygwin.cathedral-networks.orgl\"\ ,\n \"http://cygwin.cathedral-networks.orgn\",\n \"http://cygwin.cathedral-networks.orgn.ct\",\n \"http://cygwin.cathedral-networks.orgn.v\"\ ,\n \"http://cygwin.cathedral-networks.orgn/\",\n \"http://cygwin.cathedral-networks.orgnf.\",\n \"http://cygwin.cathedral-networks.orgny\"\ ,\n \"http://cygwin.cathedral-networks.orgr\",\n \"http://cygwin.cathedral-networks.orgs:/\",\n \"http://cygwin.cathedral-networks.orgtp\"\ ,\n \"http://cygwin.cathedral-networks.orgtp:\",\n \"http://cygwin.cathedral-networks.orgttp\",\n \"http://cygwin.cathedral-networks.orgwaren.net\"\ ,\n \"http://cygwin.cathedral-networks.orgygw\",\n \"http://cygwin.mbwarez\",\n \"http://cygwin.mbwarez.dk\",\n \ \ \"http://cygwin.mbwarez.dk%\",\n \"http://cygwin.mbwarez.dk)\",\n \"http://cygwin.mbwarez.dk-bochum.detwar\",\n\ \ \"http://cygwin.mbwarez.dk.ac.jp\",\n \"http://cygwin.mbwarez.dk.com/cygwin/\",\n \"http://cygwin.mbwarez.dk.com/cygwin/K\"\ ,\n \"http://cygwin.mbwarez.dk.de\",\n \"http://cygwin.mbwarez.dk.de/cygwin/\",\n \"http://cygwin.mbwarez.dk.deom/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk.fau.de/cygwin/\",\n \"http://cygwin.mbwarez.dk.garr.it/n/t\",\n \"http://cygwin.mbwarez.dk.garr.itet/\"\ ,\n \"http://cygwin.mbwarez.dk.neto.\",\n \"http://cygwin.mbwarez.dk.org/mirror-hk\",\n \"http://cygwin.mbwarez.dk.orge-\"\ ,\n \"http://cygwin.mbwarez.dk.twaren.netome\",\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/#\"\ ,\n \"http://cygwin.mbwarez.dk/$\",\n \"http://cygwin.mbwarez.dk/%8\",\n \"http://cygwin.mbwarez.dk/-\",\n \ \ \"http://cygwin.mbwarez.dk/.ac.nz/\",\n \"http://cygwin.mbwarez.dk/.com/win/:\",\n \"http://cygwin.mbwarez.dk/.de.netynZ\"\ ,\n \"http://cygwin.mbwarez.dk/.de/\",\n \"http://cygwin.mbwarez.dk/.de/cygwin/t\",\n \"http://cygwin.mbwarez.dk/.fsn.hue\"\ ,\n \"http://cygwin.mbwarez.dk/.jpygwin/1\",\n \"http://cygwin.mbwarez.dk/.lip6.fr\",\n \"http://cygwin.mbwarez.dk/.n\"\ ,\n \"http://cygwin.mbwarez.dk/.net\",\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk///\",\n \ \ \"http://cygwin.mbwarez.dk///cygwin/\",\n \"http://cygwin.mbwarez.dk///ygwin/K\",\n \"http://cygwin.mbwarez.dk///ygwin32/1\"\ ,\n \"http://cygwin.mbwarez.dk//1\",\n \"http://cygwin.mbwarez.dk//cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin//\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/in/\",\n \"http://cygwin.mbwarez.dk//cygwin/n$\",\n \"http://cygwin.mbwarez.dk//cygwin/n/o\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/ps://\",\n \"http://cygwin.mbwarez.dk//cygwin/win/\",\n \"http://cygwin.mbwarez.dk//gwin/\"\ ,\n \"http://cygwin.mbwarez.dk//gwin/Z\",\n \"http://cygwin.mbwarez.dk//in/\",\n \"http://cygwin.mbwarez.dk//mirror.easyna\"\ ,\n \"http://cygwin.mbwarez.dk//pub/cygwin/Z\",\n \"http://cygwin.mbwarez.dk//win//A\",\n \"http://cygwin.mbwarez.dk/0\"\ ,\n \"http://cygwin.mbwarez.dk/1\",\n \"http://cygwin.mbwarez.dk/3\",\n \"http://cygwin.mbwarez.dk/5\",\n \ \ \"http://cygwin.mbwarez.dk/:\",\n \"http://cygwin.mbwarez.dk/;\",\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\"\ ,\n \"http://cygwin.mbwarez.dk/AM\",\n \"http://cygwin.mbwarez.dk/C\",\n \"http://cygwin.mbwarez.dk/Japan\",\n \ \ \"http://cygwin.mbwarez.dk/K\",\n \"http://cygwin.mbwarez.dk/O\",\n \"http://cygwin.mbwarez.dk/U\",\n \ \ \"http://cygwin.mbwarez.dk/V\",\n \"http://cygwin.mbwarez.dk/a8\",\n \"http://cygwin.mbwarez.dk/ac.jpneusoft.\",\n \ \ \"http://cygwin.mbwarez.dk/ad.jp\",\n \"http://cygwin.mbwarez.dk/bochum.de://m\",\n \"http://cygwin.mbwarez.dk/c.jp\"\ ,\n \"http://cygwin.mbwarez.dk/c.jpygwin/.c\",\n \"http://cygwin.mbwarez.dk/cnico.ulisb\",\n \"http://cygwin.mbwarez.dk/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//\",\n \"http://cygwin.mbwarez.dk/cygwin//t\",\n \"http://cygwin.mbwarez.dk/cygwin/K\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/e\",\n \"http://cygwin.mbwarez.dk/cygwin/l\",\n \"http://cygwin.mbwarez.dk/cygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/ree\",\n \"http://cygwin.mbwarez.dk/cygwin32/\",\n \"http://cygwin.mbwarez.dk/d.comwin/\"\ ,\n \"http://cygwin.mbwarez.dk/de/cygwin/n/D\",\n \"http://cygwin.mbwarez.dk/derks.org/j\",\n \"http://cygwin.mbwarez.dk/e\"\ ,\n \"http://cygwin.mbwarez.dk/e/cygwin/s://\",\n \"http://cygwin.mbwarez.dk/edu.cnwin/\",\n \"http://cygwin.mbwarez.dk/en.dein/l\"\ ,\n \"http://cygwin.mbwarez.dk/er.it\",\n \"http://cygwin.mbwarez.dk/et\",\n \"http://cygwin.mbwarez.dk/et/cygwin/e\"\ ,\n \"http://cygwin.mbwarez.dk/etm.deZ\",\n \"http://cygwin.mbwarez.dk/etum.de\",\n \"http://cygwin.mbwarez.dk/gie.frygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/\",\n \"http://cygwin.mbwarez.dk/gwin/-\",\n \"http://cygwin.mbwarez.dk/gwin//\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/2\",\n \"http://cygwin.mbwarez.dk/gwin/4\",\n \"http://cygwin.mbwarez.dk/gwin/aet/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/in/\",\n \"http://cygwin.mbwarez.dk/gwin/p\",\n \"http://cygwin.mbwarez.dk/gwin/s\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/u\",\n \"http://cygwin.mbwarez.dk/gwin/win/\",\n \"http://cygwin.mbwarez.dk/h\"\ ,\n \"http://cygwin.mbwarez.dk/h.de\",\n \"http://cygwin.mbwarez.dk/hen.de\",\n \"http://cygwin.mbwarez.dk/hen.dein/w\"\ ,\n \"http://cygwin.mbwarez.dk/hen.den/\",\n \"http://cygwin.mbwarez.dk/https://\",\n \"http://cygwin.mbwarez.dk/in/\"\ ,\n \"http://cygwin.mbwarez.dk/in/&\",\n \"http://cygwin.mbwarez.dk/in//\",\n \"http://cygwin.mbwarez.dk/in/9G\"\ ,\n \"http://cygwin.mbwarez.dk/in/:\",\n \"http://cygwin.mbwarez.dk/in/ch\",\n \"http://cygwin.mbwarez.dk/in/chhinas\"\ ,\n \"http://cygwin.mbwarez.dk/in/cygwin/D\",\n \"http://cygwin.mbwarez.dk/in/gwin/\",\n \"http://cygwin.mbwarez.dk/in/gwin/e\"\ ,\n \"http://cygwin.mbwarez.dk/in/ttp://mQ\",\n \"http://cygwin.mbwarez.dk/in/usoft.e\",\n \"http://cygwin.mbwarez.dk/in/ygwin/.\"\ ,\n \"http://cygwin.mbwarez.dk/irrors.ustc\",\n \"http://cygwin.mbwarez.dk/ites/sourceware.org/pub/cygwin/ygwin/yz.yamagata-u.ac.jp3\",\n \ \ \"http://cygwin.mbwarez.dk/loo.cagwin/\",\n \"http://cygwin.mbwarez.dk/m\",\n \"http://cygwin.mbwarez.dk/m8\",\n\ \ \"http://cygwin.mbwarez.dk/n/\",\n \"http://cygwin.mbwarez.dk/n/cygwin/\",\n \"http://cygwin.mbwarez.dk/n/cygwin/edu.\"\ ,\n \"http://cygwin.mbwarez.dk/n/gwin32/4\",\n \"http://cygwin.mbwarez.dk/n/in/\",\n \"http://cygwin.mbwarez.dk/n/n/Y\"\ ,\n \"http://cygwin.mbwarez.dk/n/win/p\",\n \"http://cygwin.mbwarez.dk/net\",\n \"http://cygwin.mbwarez.dk/netso.net/\"\ ,\n \"http://cygwin.mbwarez.dk/no/cygwin/\",\n \"http://cygwin.mbwarez.dk/o/cygwin/ats\",\n \"http://cygwin.mbwarez.dk/om/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/om/cygwin/lftp.twaren.net\",\n \"http://cygwin.mbwarez.dk/or.internode.o\",\n \"http://cygwin.mbwarez.dk/p6.frV\"\ ,\n \"http://cygwin.mbwarez.dk/p://ftp.1\",\n \"http://cygwin.mbwarez.dk/pub/cygwin/\",\n \"http://cygwin.mbwarez.dk/pub/cygwin/c\"\ ,\n \"http://cygwin.mbwarez.dk/rg\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/y\"\ ,\n \"http://cygwin.mbwarez.dk/riapub/cygq\",\n \"http://cygwin.mbwarez.dk/rs.163.com\",\n \"http://cygwin.mbwarez.dk/rth\"\ ,\n \"http://cygwin.mbwarez.dk/st\",\n \"http://cygwin.mbwarez.dk/st.comn/\",\n \"http://cygwin.mbwarez.dk/t/cygwin/;\"\ ,\n \"http://cygwin.mbwarez.dk/thttps://\",\n \"http://cygwin.mbwarez.dk/twin/stc.edu\",\n \"http://cygwin.mbwarez.dk/u.cawin/\"\ ,\n \"http://cygwin.mbwarez.dk/u.cnitr/cygw\",\n \"http://cygwin.mbwarez.dk/win//in/\",\n \"http://cygwin.mbwarez.dk/win/c\"\ ,\n \"http://cygwin.mbwarez.dk/win/gwin/\",\n \"http://cygwin.mbwarez.dk/win/in/k\",\n \"http://cygwin.mbwarez.dk/win/kdomai\"\ ,\n \"http://cygwin.mbwarez.dk/win/n/\",\n \"http://cygwin.mbwarez.dk/win/n/win\",\n \"http://cygwin.mbwarez.dk/win/rope\"\ ,\n \"http://cygwin.mbwarez.dk/win/ygwin/m\",\n \"http://cygwin.mbwarez.dk/x/sourceware.o\",\n \"http://cygwin.mbwarez.dk/y/pub/mirrors/\"\ ,\n \"http://cygwin.mbwarez.dk/y2\",\n \"http://cygwin.mbwarez.dk/ygwin/\",\n \"http://cygwin.mbwarez.dk/ygwin///\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/2/\",\n \"http://cygwin.mbwarez.dk/ygwin/6\",\n \"http://cygwin.mbwarez.dk/ygwin/H\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/N\",\n \"http://cygwin.mbwarez.dk/ygwin/g.ca\",\n \"http://cygwin.mbwarez.dk/ygwin/in/-\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/n/\",\n \"http://cygwin.mbwarez.dk/ygwin/r\",\n \"http://cygwin.mbwarez.dk/ygwin/rors\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/t\",\n \"http://cygwin.mbwarez.dk/ygwin/tn/\",\n \"http://cygwin.mbwarez.dk/ygwin/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dkD\",\n \"http://cygwin.mbwarez.dkG\",\n \"http://cygwin.mbwarez.dkK\",\n \ \ \"http://cygwin.mbwarez.dkMoldova3\",\n \"http://cygwin.mbwarez.dkP\",\n \"http://cygwin.mbwarez.dkQ8\"\n \ \ ],\n \"description\": \"URLs found in memory or binary data\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n \ \ {\n \"id\": \"7058\",\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.14:49720 version: TLS 1.2\"\n \ \ ],\n \"description\": \"Uses secure TLS version for HTTPS connections\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n \ \ },\n {\n \"description\": \"Monitors certain registry keys / values for changes (often done to protect autostart functionality)\",\n \ \ \"match_data\": [\n \"HKEY_CURRENT_USER_Classes\"\n ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \ \ \"id\": \"198\"\n },\n {\n \"description\": \"Uses HTTPS\",\n \"match_data\": [\n \ \ \"HTTP traffic on port 443 -> 49738\",\n \"HTTP traffic on port 49738 -> 443\"\n ],\n \"severity\": \"\ IMPACT_SEVERITY_INFO\",\n \"id\": \"625\"\n },\n {\n \"refs\": [\n {\n \ \ \"ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000000.00000002.4632916603.0000000000181000.00000004.00000020.00020000.00000000.sdmp\"\ \n },\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000000.00000002.4632393130.0000000000128000.00000004.00000020.00020000.00000000.sdmp\"\ \n }\n ],\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\"\ ,\n \"match_data\": [\n \"Hyper-V RAW\",\n \"Hyper-V RAWl\"\n ],\n \"severity\"\ : \"IMPACT_SEVERITY_INFO\",\n \"id\": \"263\"\n },\n {\n \"description\": \"URLs found in memory or binary data\"\ ,\n \"match_data\": [\n \"ftp://ftp-stud.hs-esslingen.dein\",\n \"ftp://ftp.byfly.by/pub/cygwin/ror\",\n \ \ \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin//or\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://c\",\n \"\ ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/n\",\n \"ftp://ftp.fs%CJ\",\n\ \ \"ftp://ftp.fsn.hu/pub/cygwin/tp\",\n \"ftp://ftp.fsn.huy\",\n \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/s\"\ ,\n \"ftp://ftp.halifax.rwth-aachen.de\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://m\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/n\",\n \"ftp://ftp.inf.tu-dresden.de\"\ ,\n \"ftp://ftp.inf.tu-dresden.dejphttp://maq#\",\n \"ftp://ftp.inf.tu-dresden.demirror\",\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/\"\ ,\n \"ftp://ftp.kaist.ac.kr/cygwin/ftp\",\n \"ftp://ftp.kaist.ac.kr/cygwin/https://\",\n \"ftp://ftp.kaist.ac.kr/cygwin/or\"\ ,\n \"ftp://ftp.kaist.ac.kr/cygwin/ror\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/or\"\ ,\n \"ftp://ftp.kr.freebsd.orgchen.dep\",\n \"ftp://ftp.kr.freebsd.orgetg\",\n \"ftp://ftp.kr.freebsd.orggwin/\"\ ,\n \"ftp://ftp.l\",\n \"ftp://ftp.lip6.fr/pub/cygwin/\",\n \"ftp://ftp.muug.ca\",\n \"\ ftp://ftp.n\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/\",\n \"ftp://ftp.nu\",\n \"ftp://ftp.rnl.tecnico.ulisboa.pt\"\ ,\n \"ftp://ftp.rnl.tecnico.ulisboa.ptn\",\n \"ftp://ftp.snt.utwente.nlst\",\n \"ftp://ftp.snt.utwente.nlygwin/http://f\"\ ,\n \"ftp://ftp.snt.utwente.nlz\",\n \"ftp://ftp.twaren.net/Unix/sourceware.org/cygwin/https:\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/https://\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/n\",\n \"ftp://ftp.yz.yamagata-u.ac.jphttps://\",\n \"ftp://ftp.yz.yamagata-u.ac.jpin/\"\ ,\n \"ftp://linux.rz.ruhr-uni-bochum.de\",\n \"ftp://linux.rz.ruhr-uni-bochum.de/cygwin/n/\",\n \"ftp://mirror.checkdomain.demirror\"\ ,\n \"ftp://mirror.checkdomain.deygwin/\",\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin/ygwin/\",\n \"ftp://mirror.csclub.uwaterloo.ca/cygwin/\"\ ,\n \"ftp://mirror.csclub.uwaterloo.ca/cygwin/.dk//https://\",\n \"ftp://mirror.csclub.uwaterloo.ca/cygwin/http://\",\n \ \ \"ftp://mirror.easyname.at/cygwin//\",\n \"ftp://mirror.easyname.athttp://mirror.)\",\n \"ftp://mirror.internode.on.net/pub/cygwin/http\"\ ,\n \"ftp://mirror.internode.on.net/pub/cygwin/n/\",\n \"ftp://mirror.internode.on.net/pub/cygwin/win/https://\",\n \ \ \"ftp://mirror.internode.on.netin/\",\n \"ftp://mirror.lagoon.nc/cygwin/\",\n \"ftp://mirror.lagoon.nc/cygwin/r\",\n \ \ \"ftp://mirror.rise.ph/cygwin/cygwin/http\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/.net/\",\n \"ftp://mirrors.sonic.net/cygwin/\"\ ,\n \"ftp://mirrors.syringanetworks.net\",\n \"ftp://mirrors.syringanetworks.net/cygwin/\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\"\ ,\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://mmVT\",\n \ \ \"http://ac.economia.gob.mx/cps.html0\",\n \"http://ac.economia.gob.mx/last.crl0G\",\n \"http://acedicom.edicomgroup.com/doc0\",\n \ \ \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\"\ ,\n \"http://apps.identrust.com/roots/dstrootcax3\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"\ http://ca.disig.sk/ca/crl/ca_disig.crl0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0g\",\n \ \ \"http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03\",\n \"http://ca.mtin.es/mtin/ocsp0\",\n \"http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0\"\ ,\n \"http://certificates.starfieldtech.com/repository/1604\",\n \"http://certs.oati.net/repository/OATICA2.crl0\",\n \ \ \"http://certs.oati.net/repository/OATICA2.crt0\",\n \"http://certs.oaticerts.com/repository/OATICA2.crl\",\n \"http://certs.oaticerts.com/repository/OATICA2.crt08\"\ ,\n \"http://cps.chambersign.org/cps/chambersignroot.html0\",\n \"http://cps.chambersign.org/cps/chambersroot.html0\",\n \ \ \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\",\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \ \ \"http://crl.certigna.fr/certignarootca.crl01\",\n \"http://crl.chambersign.org/chambersignroot.crl0\",\n \"http://crl.chambersign.org/chambersroot.crl0\"\ ,\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \"http://crl.defence.gov.au/pki0\",\n \"http://crl.dhimyotis.com/certignarootca.crl0\"\ ,\n \"http://crl.globalsign.net/root-r2.crl0\",\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\"\ ,\n \"http://crl.pki.wellsfargo.com/wsprca.crl0\",\n \"http://crl.securetrust.com/SGCA.crl0\",\n \"http://crl.securetrust.com/STCA.crl0\"\ ,\n \"http://crl.ssc.lt/root-a/cacrl.crl0\",\n \"http://crl.ssc.lt/root-b/cacrl.crl0\",\n \"http://crl.ssc.lt/root-c/cacrl.crl0\"\ ,\n \"http://crl.xrampsecurity.com/XGCA.crl0\",\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\",\n \"\ http://ctldl.windowsupdate.com/Jg-AJ\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\",\n \ \ \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enEM32\"\ ,\n \"http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635\",\n \"http://cygwin.cathedral-\"\ ,\n \"http://cygwin.cathedral-7T\",\n \"http://cygwin.cathedral-networks\",\n \"http://cygwin.cathedral-networks.org\"\ ,\n \"http://cygwin.cathedral-networks.org$h\",\n \"http://cygwin.cathedral-networks.org-f\",\n \"http://cygwin.cathedral-networks.org.ed-\"\ ,\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/&G\",\n \"http://cygwin.cathedral-networks.org/(v\"\ ,\n \"http://cygwin.cathedral-networks.org/.\",\n \"http://cygwin.cathedral-networks.org/.i\",\n \"http://cygwin.cathedral-networks.org/.j\"\ ,\n \"http://cygwin.cathedral-networks.org//\",\n \"http://cygwin.cathedral-networks.org//-v\",\n \"http://cygwin.cathedral-networks.org///\"\ ,\n \"http://cygwin.cathedral-networks.org///.X\",\n \"http://cygwin.cathedral-networks.org//=j\",\n \"http://cygwin.cathedral-networks.org//NU6\"\ ,\n \"http://cygwin.cathedral-networks.org//Pj&\",\n \"http://cygwin.cathedral-networks.org//SP$\",\n \"http://cygwin.cathedral-networks.org//fPV\"\ ,\n \"http://cygwin.cathedral-networks.org//m\",\n \"http://cygwin.cathedral-networks.org/0M\",\n \"http://cygwin.cathedral-networks.org/://\"\ ,\n \"http://cygwin.cathedral-networks.org/;D\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/C\",\n \"http://cygwin.cathedral-networks.org/Ev5\",\n \"http://cygwin.cathedral-networks.org/FX\"\ ,\n \"http://cygwin.cathedral-networks.org/Hk/\",\n \"http://cygwin.cathedral-networks.org/Ih/\",\n \"http://cygwin.cathedral-networks.org/Ji/\"\ ,\n \"http://cygwin.cathedral-networks.org/Jj\",\n \"http://cygwin.cathedral-networks.org/Ld\",\n \"http://cygwin.cathedral-networks.org/Ti%\"\ ,\n \"http://cygwin.cathedral-networks.org/Uf%\",\n \"http://cygwin.cathedral-networks.org/Uk\",\n \"http://cygwin.cathedral-networks.org/W\"\ ,\n \"http://cygwin.cathedral-networks.org/_\",\n \"http://cygwin.cathedral-networks.org/_C\",\n \"http://cygwin.cathedral-networks.org/_f#\"\ ,\n \"http://cygwin.cathedral-networks.org/ad/l\",\n \"http://cygwin.cathedral-networks.org/al\",\n \"http://cygwin.cathedral-networks.org/an\"\ ,\n \"http://cygwin.cathedral-networks.org/c\",\n \"http://cygwin.cathedral-networks.org/cy\",\n \"http://cygwin.cathedral-networks.org/d\"\ ,\n \"http://cygwin.cathedral-networks.org/eD\",\n \"http://cygwin.cathedral-networks.org/f\",\n \"http://cygwin.cathedral-networks.org/fr\"\ ,\n \"http://cygwin.cathedral-networks.org/ftXS\",\n \"http://cygwin.cathedral-networks.org/ftnWT\",\n \"http://cygwin.cathedral-networks.org/hp\"\ ,\n \"http://cygwin.cathedral-networks.org/ia\",\n \"http://cygwin.cathedral-networks.org/ih\",\n \"http://cygwin.cathedral-networks.org/in\"\ ,\n \"http://cygwin.cathedral-networks.org/j/\",\n \"http://cygwin.cathedral-networks.org/jU\",\n \"http://cygwin.cathedral-networks.org/jX\"\ ,\n \"http://cygwin.cathedral-networks.org/kf\",\n \"http://cygwin.cathedral-networks.org/lisboa.pth.de/mirror/cygwin/\",\n \ \ \"http://cygwin.cathedral-networks.org/mRX\",\n \"http://cygwin.cathedral-networks.org/ma\",\n \"http://cygwin.cathedral-networks.org/mi\"\ ,\n \"http://cygwin.cathedral-networks.org/nCh\",\n \"http://cygwin.cathedral-networks.org/o\",\n \"http://cygwin.cathedral-networks.org/oniC\"\ ,\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/p.%j\",\n \"http://cygwin.cathedral-networks.org/reLg/\"\ ,\n \"http://cygwin.cathedral-networks.org/s:\",\n \"http://cygwin.cathedral-networks.org/ss\",\n \"http://cygwin.cathedral-networks.org/st\"\ ,\n \"http://cygwin.cathedral-networks.org/t\",\n \"http://cygwin.cathedral-networks.org/t-\",\n \"http://cygwin.cathedral-networks.org/ti\"\ ,\n \"http://cygwin.cathedral-networks.org/tp\",\n \"http://cygwin.cathedral-networks.org/tpdXb\",\n \"http://cygwin.cathedral-networks.org/tt\"\ ,\n \"http://cygwin.cathedral-networks.org/ur\",\n \"http://cygwin.cathedral-networks.org/uy\",\n \"http://cygwin.cathedral-networks.org/xk8AU\"\ ,\n \"http://cygwin.cathedral-networks.org/y\",\n \"http://cygwin.cathedral-networks.org/yaT\",\n \"http://cygwin.cathedral-networks.org/ygj\"\ ,\n \"http://cygwin.cathedral-networks.org6j\",\n \"http://cygwin.cathedral-networks.org://\",\n \"http://cygwin.cathedral-networks.org://2g\"\ ,\n \"http://cygwin.cathedral-networks.orgAU;\",\n \"http://cygwin.cathedral-networks.orgPR%\",\n \"http://cygwin.cathedral-networks.orgTl(\"\ ,\n \"http://cygwin.cathedral-networks.org_f#\",\n \"http://cygwin.cathedral-networks.orgag\",\n \"http://cygwin.cathedral-networks.orgal-\"\ ,\n \"http://cygwin.cathedral-networks.orgboc\",\n \"http://cygwin.cathedral-networks.orgd.o6\",\n \"http://cygwin.cathedral-networks.orgdos\"\ ,\n \"http://cygwin.cathedral-networks.orgdxQ\",\n \"http://cygwin.cathedral-networks.orgd~\",\n \"http://cygwin.cathedral-networks.orge\"\ ,\n \"http://cygwin.cathedral-networks.orge1U\",\n \"http://cygwin.cathedral-networks.orgebs\",\n \"http://cygwin.cathedral-networks.orgeti\"\ ,\n \"http://cygwin.cathedral-networks.orgft\",\n \"http://cygwin.cathedral-networks.orggwi;f\",\n \"http://cygwin.cathedral-networks.orgl-\"\ ,\n \"http://cygwin.cathedral-networks.orgmT\",\n \"http://cygwin.cathedral-networks.orgn/\",\n \"http://cygwin.cathedral-networks.orgn/Oj7\"\ ,\n \"http://cygwin.cathedral-networks.orgomLh\",\n \"http://cygwin.cathedral-networks.orgps\",\n \"http://cygwin.cathedral-networks.orgr-h\"\ ,\n \"http://cygwin.cathedral-networks.orgr.c\",\n \"http://cygwin.cathedral-networks.orgror\",\n \"http://cygwin.cathedral-networks.orgt\"\ ,\n \"http://cygwin.cathedral-networks.orgtp\",\n \"http://cygwin.cathedral-networks.orgtp.\",\n \"http://cygwin.cathedral-networks.orgw\"\ ,\n \"http://cygwin.cathedral-networks.orgwin\",\n \"http://cygwin.mbwarez.dk\",\n \"http://cygwin.mbwarez.dk.ac.jpin/~d\"\ ,\n \"http://cygwin.mbwarez.dk.aun/om/\",\n \"http://cygwin.mbwarez.dk.de\",\n \"http://cygwin.mbwarez.dk.de/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk.de/cygwin/n/\",\n \"http://cygwin.mbwarez.dk.de/cygwin/nq\",\n \"http://cygwin.mbwarez.dk.dk/ygwin/omtZ\"\ ,\n \"http://cygwin.mbwarez.dk.fau.den.dem$W\",\n \"http://cygwin.mbwarez.dk.net\",\n \"http://cygwin.mbwarez.dk.net.de/cygw\"\ ,\n \"http://cygwin.mbwarez.dk.orgmin/n/\",\n \"http://cygwin.mbwarez.dk.orgygwin/8k\",\n \"http://cygwin.mbwarez.dk.tech//in/\"\ ,\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/$\",\n \"http://cygwin.mbwarez.dk/(u$\",\n \ \ \"http://cygwin.mbwarez.dk/.\",\n \"http://cygwin.mbwarez.dk/.cawin/in/gk\",\n \"http://cygwin.mbwarez.dk/.cn//win/\"\ ,\n \"http://cygwin.mbwarez.dk/.cn/cygwin/2QQ\",\n \"http://cygwin.mbwarez.dk/.com\",\n \"http://cygwin.mbwarez.dk/.de/pub/cygwi\"\ ,\n \"http://cygwin.mbwarez.dk/.edu.cn\",\n \"http://cygwin.mbwarez.dk/.edu.cnr\",\n \"http://cygwin.mbwarez.dk/.edu.cntp://l\"\ ,\n \"http://cygwin.mbwarez.dk/.lagoon.nc\",\n \"http://cygwin.mbwarez.dk/.netin/\",\n \"http://cygwin.mbwarez.dk/.org/pub/cyQi\"\ ,\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk///in//\",\n \"http://cygwin.mbwarez.dk//0\",\n \ \ \"http://cygwin.mbwarez.dk//cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin//\",\n \"http://cygwin.mbwarez.dk//cygwin//;k\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin//Kon\",\n \"http://cygwin.mbwarez.dk//cygwin/an\",\n \"http://cygwin.mbwarez.dk//cygwin/etrceware.mirror.gar\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/tvD\",\n \"http://cygwin.mbwarez.dk//cygwin32/\",\n \"http://cygwin.mbwarez.dk//cygwin32/;\"\ ,\n \"http://cygwin.mbwarez.dk//in/\",\n \"http://cygwin.mbwarez.dk//in/S\",\n \"http://cygwin.mbwarez.dk//in/n/ftYR\"\ ,\n \"http://cygwin.mbwarez.dk//n/in//\",\n \"http://cygwin.mbwarez.dk//n/n/://\",\n \"http://cygwin.mbwarez.dk//n/or.dat\"\ ,\n \"http://cygwin.mbwarez.dk//pub/cygwin/&Dz\",\n \"http://cygwin.mbwarez.dk//pub/cygwin/Er\",\n \"http://cygwin.mbwarez.dk//pub/cygwingS\"\ ,\n \"http://cygwin.mbwarez.dk//q\",\n \"http://cygwin.mbwarez.dk//so.net/\",\n \"http://cygwin.mbwarez.dk//win/\"\ ,\n \"http://cygwin.mbwarez.dk//win/2/SL\",\n \"http://cygwin.mbwarez.dk/0\",\n \"http://cygwin.mbwarez.dk/1\",\n\ \ \"http://cygwin.mbwarez.dk/3.compj\",\n \"http://cygwin.mbwarez.dk/5\",\n \"http://cygwin.mbwarez.dk/9E\",\n \ \ \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\",\n \"http://cygwin.mbwarez.dk/;k\",\n \"http://cygwin.mbwarez.dk/Asiayq\"\ ,\n \"http://cygwin.mbwarez.dk/D\",\n \"http://cygwin.mbwarez.dk/Q\",\n \"http://cygwin.mbwarez.dk/Taiwan/dq\",\n\ \ \"http://cygwin.mbwarez.dk/UD\",\n \"http://cygwin.mbwarez.dk/achen.de\",\n \"http://cygwin.mbwarez.dk/agata-u.ac.jp\"\ ,\n \"http://cygwin.mbwarez.dk/are.mirror.gar\",\n \"http://cygwin.mbwarez.dk/argasso.net/=x\",\n \"http://cygwin.mbwarez.dk/b-\"\ ,\n \"http://cygwin.mbwarez.dk/b/cygwin/com\",\n \"http://cygwin.mbwarez.dk/b/cygwin/ogad/l\",\n \"http://cygwin.mbwarez.dk/boa.pt/u\"\ ,\n \"http://cygwin.mbwarez.dk/caks\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/L_\"\ ,\n \"http://cygwin.mbwarez.dk/com/cygwin/\",\n \"http://cygwin.mbwarez.dk/cyg\",\n \"http://cygwin.mbwarez.dk/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/-D\",\n \"http://cygwin.mbwarez.dk/cygwin/.Q\",\n \"http://cygwin.mbwarez.dk/cygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/2/\",\n \"http://cygwin.mbwarez.dk/cygwin/SY\",\n \"http://cygwin.mbwarez.dk/cygwin/d_\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/eA\",\n \"http://cygwin.mbwarez.dk/cygwin/gwin/gm\",\n \"http://cygwin.mbwarez.dk/cygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n//wd\",\n \"http://cygwin.mbwarez.dk/cygwin/n/t_L\",\n \"http://cygwin.mbwarez.dk/cygwin/s\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/ttp\",\n \"http://cygwin.mbwarez.dk/cygwin32/\",\n \"http://cygwin.mbwarez.dk/d.comin/f/\"\ ,\n \"http://cygwin.mbwarez.dk/d.coms.org//\",\n \"http://cygwin.mbwarez.dk/deso.net//Vj(\",\n \"http://cygwin.mbwarez.dk/domain.de/cygw\"\ ,\n \"http://cygwin.mbwarez.dk/e\",\n \"http://cygwin.mbwarez.dk/e/cygwin/\",\n \"http://cygwin.mbwarez.dk/e/cygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/e/cygwin/tnlHf\",\n \"http://cygwin.mbwarez.dk/easyname.at\",\n \"http://cygwin.mbwarez.dk/ebsd.orgn.nc/yZ\"\ ,\n \"http://cygwin.mbwarez.dk/ecygwin//\",\n \"http://cygwin.mbwarez.dk/edu.cn\",\n \"http://cygwin.mbwarez.dk/einrausch.de\"\ ,\n \"http://cygwin.mbwarez.dk/et/cygwin//esW\",\n \"http://cygwin.mbwarez.dk/et/cygwin//wL\",\n \"http://cygwin.mbwarez.dk/et/cygwin/or/cygwin/n///GY\"\ ,\n \"http://cygwin.mbwarez.dk/et/cygwin/z.d\",\n \"http://cygwin.mbwarez.dk/etom/m\",\n \"http://cygwin.mbwarez.dk/etworks.org/Y\"\ ,\n \"http://cygwin.mbwarez.dk/etworks.org0i\",\n \"http://cygwin.mbwarez.dk/g/cygwin/\",\n \"http://cygwin.mbwarez.dk/g/cygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/g/cygwin//Yt\",\n \"http://cygwin.mbwarez.dk/gata-u\",\n \"http://cygwin.mbwarez.dk/gie.fr\"\ ,\n \"http://cygwin.mbwarez.dk/goon.nc/\",\n \"http://cygwin.mbwarez.dk/gwin/in/\",\n \"http://cygwin.mbwarez.dk/gwin/m/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/n/\",\n \"http://cygwin.mbwarez.dk/gwin/win/\",\n \"http://cygwin.mbwarez.dk/h.de\"\ ,\n \"http://cygwin.mbwarez.dk/ia$\",\n \"http://cygwin.mbwarez.dk/in/\",\n \"http://cygwin.mbwarez.dk/in/.freebs\"\ ,\n \"http://cygwin.mbwarez.dk/in/.hutLZ\",\n \"http://cygwin.mbwarez.dk/in//\",\n \"http://cygwin.mbwarez.dk/in//n/s\"\ ,\n \"http://cygwin.mbwarez.dk/in/=A\",\n \"http://cygwin.mbwarez.dk/in/enter.\",\n \"http://cygwin.mbwarez.dk/in/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/in/in/\",\n \"http://cygwin.mbwarez.dk/in/in/GY\",\n \"http://cygwin.mbwarez.dk/in/n//\"\ ,\n \"http://cygwin.mbwarez.dk/in/n///miTW4\",\n \"http://cygwin.mbwarez.dk/in/n/h_P\",\n \"http://cygwin.mbwarez.dk/in/ong\"\ ,\n \"http://cygwin.mbwarez.dk/in/rror.chi\",\n \"http://cygwin.mbwarez.dk/in/ttp://siC\",\n \"http://cygwin.mbwarez.dk/in/ygwin///wqCX\"\ ,\n \"http://cygwin.mbwarez.dk/ina\",\n \"http://cygwin.mbwarez.dk/l/pub/cygwi\",\n \"http://cygwin.mbwarez.dk/mirror.dogado..C\"\ ,\n \"http://cygwin.mbwarez.dk/n.uib.no//\",\n \"http://cygwin.mbwarez.dk/n/\",\n \"http://cygwin.mbwarez.dk/n/cygwin/a/\"\ ,\n \"http://cygwin.mbwarez.dk/n/gwin/\",\n \"http://cygwin.mbwarez.dk/n/win/kY0\",\n \"http://cygwin.mbwarez.dk/n/win32/\"\ ,\n \"http://cygwin.mbwarez.dk/no/\",\n \"http://cygwin.mbwarez.dk/nu\",\n \"http://cygwin.mbwarez.dk/o\",\n \ \ \"http://cygwin.mbwarez.dk/om/cygwin/\",\n \"http://cygwin.mbwarez.dk/omin/gwin/\",\n \"http://cygwin.mbwarez.dk/orks.netn//kpAm\"\ ,\n \"http://cygwin.mbwarez.dk/p\",\n \"http://cygwin.mbwarez.dk/pub/software/c\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/rgasso.net/\",\n \"http://cygwin.mbwarez.dk/rgasso.net/e2h\",\n \"http://cygwin.mbwarez.dk/rgasso.net/fZj\"\ ,\n \"http://cygwin.mbwarez.dk/rks.orgboc\",\n \"http://cygwin.mbwarez.dk/ror/cygwin//\"\n ],\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"238\"\n },\n {\n \"description\": \"Uses secure TLS version\ \ for HTTPS connections\",\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.9:49738 version: TLS 1.2\"\n ],\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"7058\"\n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ ,\n \"match_data\": [\n \"HTTP traffic on port 49712 -> 443\",\n \"HTTP traffic on port 443 -> 49712\"\n \ \ ],\n \"id\": \"625\",\n \"description\": \"Uses HTTPS\"\n },\n {\n \"severity\"\ : \"IMPACT_SEVERITY_INFO\",\n \"refs\": [\n {\n \"ref\": \"#memory_dumps\",\n \"value\"\ : \"executable.exe, 00000000.00000002.4517172722.0000000000D79000.00000004.00000020.00020000.00000000.sdmp, executable.exe, 00000000.00000002.4516435918.0000000000D18000.00000004.00000020.00020000.00000000.sdmp\"\ \n }\n ],\n \"match_data\": [\n \"Hyper-V RAW\"\n ],\n \ \ \"id\": \"263\",\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\"\n },\n \ \ {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\"\ ,\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\"\ ,\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\",\n \"http://cygwin.mirror.constant.com/;cygwin.mirror.constant.com;North\"\ ,\n \"http://cygwin.mirror.globo.tech/;cygwin.mirror.globo.tech;North\",\n \"http://cygwin.mirror.rafal.ca/;cygwin.mirror.rafal.ca;North\",\n\ \ \"http://cygwin.mirror.uk.sargasso.net/;cygwin.mirror.uk.sargasso.net;Europe;UK;noshow\",\n \"http://cygwin.mirrors.hoobly.com/;cygwin.mirrors.hoobly.com;North\"\ ,\n \"http://cygwin.osuosl.org/;cygwin.osuosl.org;North\",\n \"http://cygwin.uib.no/;cygwin.uib.no;Europe;Norway;noshow\",\n \ \ \"http://cygwin.viem-it.no/;cygwin.viem-it.no;Europe;Norway;noshow\",\n \"http://download.nus.edu.sg/mirror/cygwin/;download.nus.edu.sg;Asia;Singapore;noshow\"\ ,\n \"http://ftp-stud.hs-esslingen.de/pub/Mirrors/sources.redhat.com/cygwin/;ftp-stud.hs-esslingen.de;Euro\",\n \"http://ftp.acc.umu.se/mirror/cygwin/;ftp.acc.umu.se;Europe;Sweden;noshow\"\ ,\n \"http://ftp.byfly.by/pub/cygwin/;ftp.byfly.by;Europe;Belarus;noshow\",\n \"http://ftp.eq.uc.pt/software/pc/prog/cygwin/;ftp.eq.uc.pt;Europe;Portugal;noshow\"\ ,\n \"http://ftp.fau.de/cygwin/;ftp.fau.de;Europe;Germany;noshow\",\n \"http://ftp.fsn.hu/pub/cygwin/;ftp.fsn.hu;Europe;Hungary;noshow\",\n\ \ \"http://ftp.iij.ad.jp/pub/cygwin/;ftp.iij.ad.jp;Asia;Japan;noshow\",\n \"http://ftp.inf.tu-dresden.de/software/windows/cygwin32/;ftp.inf.tu-dresden.de;Europe;Germany;noshow\"\ ,\n \"http://ftp.is.co.za/mirrors/cygwin/;ftp.is.co.za;Africa;South\",\n \"http://ftp.jaist.ac.jp/pub/cygwin/;ftp.jaist.ac.jp;Asia;Japan;noshow\"\ ,\n \"http://ftp.lip6.fr/pub/cygwin/;ftp.lip6.fr;Europe;France;noshow\",\n \"http://ftp.ntu.edu.tw/pub/cygwin/;ftp.ntu.edu.tw;Asia;Taiwan;noshow\"\ ,\n \"http://ftp.ntua.gr/pub/pc/cygwin/;ftp.ntua.gr;Europe;Greece\",\n \"http://ftp.rnl.tecnico.ulisboa.pt/pub/cygwin/;ftp.rnl.tecnico.ulisboa.pt;Europe;Portugal;noshow\"\ ,\n \"http://ftp.snt.utwente.nl/pub/software/cygwin/;ftp.snt.utwente.nl;Europe;Netherlands;noshow\",\n \"http://ftp.twaren.net/Unix/sourceware.org/cygwin/;ftp.twaren.net;Asia;Taiwan\"\ ,\n \"http://ftp.yz.yamagata-u.ac.jp/pub/cygwin/;ftp.yz.yamagata-u.ac.jp;Asia;Japan;noshow\",\n \"http://linorg.usp.br/cygwin/;linorg.usp.br;Latin\"\ ,\n \"http://linux.rz.ruhr-uni-bochum.de/download/cygwin/;linux.rz.ruhr-uni-bochum.de;Europe;Germany;nosho\",\n \"http://mirror-hk.koddos.net/cygwin/;mirror-hk.koddos.net;Asia;Hong\"\ ,\n \"http://mirror.aarnet.edu.au/pub/sourceware/cygwin/;mirror.aarnet.edu.au;Australasia;Australia;noshow\",\n \"http://mirror.checkdomain.de/cygwin/;mirror.checkdomain.de;Europe;Germany;noshow\"\ ,\n \"http://mirror.clarkson.edu/cygwin/;mirror.clarkson.edu;North\",\n \"http://mirror.cs.vt.edu/pub/cygwin/cygwin/;mirror.cs.vt.edu;North\"\ ,\n \"http://mirror.csclub.uwaterloo.ca/cygwin/;mirror.csclub.uwaterloo.ca;North\",\n \"http://mirror.datacenter.by/pub/mirrors/cygwin/;mirror.datacenter.by;Europe;Belarus;noshow\"\ ,\n \"http://mirror.easyname.at/cygwin/;mirror.easyname.at;Europe;Austria;noshow\",\n \"http://mirror.internode.on.net/pub/cygwin/;mirror.internode.on.net;Australasia;Australia\"\ ,\n \"http://mirror.isoc.org.il/pub/cygwin/;mirror.isoc.org.il;Asia;Israel;noshow\",\n \"http://mirror.koddos.net/cygwin/;mirror.koddos.net;Europe;Netherlands;noshow\"\ ,\n \"http://mirror.lagoon.nc/cygwin/;mirror.lagoon.nc;Australasia;New\",\n \"http://mirror.rise.ph/cygwin/cygwin/;mirror.rise.ph;Asia;Philippines\"\ ,\n \"http://mirror.steadfast.net/cygwin/;mirror.steadfast.net;North\",\n \"http://mirror.team-cymru.com/cygwin/;mirror.team-cymru.com;North\"\ ,\n \"http://mirror.terrahost.no/cygwin/;mirror.terrahost.no;Europe;Norway;noshow\",\n \"http://mirrors.163.com/cygwin/;mirrors.163.com;Asia;China;noshow\"\ ,\n \"http://mirrors.dotsrc.org/cygwin/;mirrors.dotsrc.org;Europe;Denmark;noshow\",\n \"http://mirrors.kernel.org/sourceware/cygwin/;mirrors.kernel.org;North\"\ ,\n \"http://mirrors.netix.net/cygwin/;mirrors.netix.net;Europe;Bulgaria;noshow\",\n \"http://mirrors.neusoft.edu.cn/cygwin/;mirrors.neusoft.edu.cn;Asia;China;noshow\"\ ,\n \"http://mirrors.sonic.net/cygwin/;mirrors.sonic.net;North\",\n \"http://mirrors.syringanetworks.net/cygwin/;mirrors.syringanetworks.net;North\"\ ,\n \"http://mirrors.ustc.edu.cn/cygwin/;mirrors.ustc.edu.cn;Asia;China;noshow\",\n \"http://mirrors.xmission.com/cygwin/;mirrors.xmission.com;North\"\ ,\n \"http://muug.ca/mirror/cygwin/;muug.ca;North\",\n \"http://r3.i.lencr.org\",\n \"http://r3.i.lencr.org/0M\"\ ,\n \"http://r3.o.lencr.org0\",\n \"http://sourceware.mirror.garr.it/cygwin/;sourceware.mirror.garr.it;Europe;Italy;noshow\",\n \ \ \"http://ucmirror.canterbury.ac.nz/cygwin/;ucmirror.canterbury.ac.nz;Australasia;New\",\n \"http://www.gtlib.gatech.edu/pub/cygwin/;www.gtlib.gatech.edu;North\"\ ,\n \"http://www.gutscheinrausch.de/mirror/cygwin/;www.gutscheinrausch.de;Europe;Germany;noshow\",\n \"http://www.mirrorservice.org/sites/sourceware.org/pub/cygwin/;www.mirrorservice.org;Europe;UK;noshow\"\ ,\n \"http://x1.c.lencr.org/0\",\n \"http://x1.i.lencr.org/0\",\n \"https://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway\"\ ,\n \"https://cygwin.com\",\n \"https://cygwin.com/W\",\n \"https://cygwin.com/mirrors.lst\",\n \ \ \"https://cygwin.com/mirrors.lst4\",\n \"https://cygwin.com/mirrors.lst8\",\n \"https://cygwin.com/mirrors.lstDefaulting\",\n \ \ \"https://cygwin.com/mirrors.lstce\",\n \"https://cygwin.com/mirrors.lstdll\",\n \"https://cygwin.com/mirrors.lstlF\"\ ,\n \"https://cygwin.com/mirrors.lstll\",\n \"https://cygwin.com/mirrors.lstystem32\",\n \"https://cygwin.com/setup-%s.exe\"\ ,\n \"https://cygwin.com/setup-%s.exeThe\",\n \"https://cygwin.com/setup-%s.exe_self-destructlibsolv-self-destruct-pkg()basic_string::append-srczstx\"\ ,\n \"https://cygwin.com/t\",\n \"https://cygwin.com9\",\n \"https://cygwin.comzstxzbz2inibasic_string::_M_construct\"\ ,\n \"https://cygwin.itefix.net/;cygwin.itefix.net;Europe;Germany\",\n \"https://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark\",\n \ \ \"https://cygwin.mirror.constant.com/;cygwin.mirror.constant.com;North\",\n \"https://cygwin.mirror.globo.tech/;cygwin.mirror.globo.tech;North\"\ ,\n \"https://cygwin.mirror.uk.sargasso.net/;cygwin.mirror.uk.sargasso.net;Europe;UK\",\n \"https://cygwin.mirrors.hoobly.com/;cygwin.mirrors.hoobly.com;North\"\ ,\n \"https://cygwin.osuosl.org/;cygwin.osuosl.org;North\",\n \"https://cygwin.uib.no/;cygwin.uib.no;Europe;Norway\",\n \ \ \"https://cygwin.viem-it.no/;cygwin.viem-it.no;Europe;Norway\",\n \"https://download.nus.edu.sg/mirror/cygwin/;download.nus.edu.sg;Asia;Singapore\",\n \ \ \"https://ftp-stud.hs-esslingen.de/pub/Mirrors/sources.redhat.com/cygwin/;ftp-stud.hs-esslingen.de;Eur\",\n \"https://ftp.acc.umu.se/mirror/cygwin/;ftp.acc.umu.se;Europe;Sweden\"\ ,\n \"https://ftp.byfly.by/pub/cygwin/;ftp.byfly.by;Europe;Belarus\",\n \"https://ftp.eq.uc.pt/software/pc/prog/cygwin/;ftp.eq.uc.pt;Europe;Portugal\"\ ,\n \"https://ftp.fau.de/cygwin/;ftp.fau.de;Europe;Germany\",\n \"https://ftp.fsn.hu/pub/cygwin/;ftp.fsn.hu;Europe;Hungary\",\n \ \ \"https://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/;ftp.funet.fi;Europe;Finland\",\n \"https://ftp.halifax.rwth-aachen.de/cygwin/;ftp.halifax.rwth-aachen.de;Europe;Germany\"\ ,\n \"https://ftp.iij.ad.jp/pub/cygwin/;ftp.iij.ad.jp;Asia;Japan\",\n \"https://ftp.inf.tu-dresden.de/software/windows/cygwin32/;ftp.inf.tu-dresden.de;Europe;Germany\"\ ,\n \"https://ftp.jaist.ac.jp/pub/cygwin/;ftp.jaist.ac.jp;Asia;Japan\",\n \"https://ftp.kaist.ac.kr/cygwin/;ftp.kaist.ac.kr;Asia;Korea\",\n\ \ \"https://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/;ftp.kr.freebsd.org;Asia;Korea\",\n \"https://ftp.lip6.fr/pub/cygwin/;ftp.lip6.fr;Europe;France\"\ ,\n \"https://ftp.ntu.edu.tw/pub/cygwin/;ftp.ntu.edu.tw;Asia;Taiwan\",\n \"https://ftp.rnl.tecnico.ulisboa.pt/pub/cygwin/;ftp.rnl.tecnico.ulisboa.pt;Europe;Portugal\"\ ,\n \"https://ftp.snt.utwente.nl/pub/software/cygwin/;ftp.snt.utwente.nl;Europe;Netherlands\",\n \"https://ftp.yz.yamagata-u.ac.jp/pub/cygwin/;ftp.yz.yamagata-u.ac.jp;Asia;Japan\"\ ,\n \"https://gnu.org/licenses/\",\n \"https://gnu.org/licenses/gpl.html\",\n \"https://linorg.usp.br/cygwin/;linorg.usp.br;Latin\"\ ,\n \"https://linux.rz.ruhr-uni-bochum.de/download/cygwin/;linux.rz.ruhr-uni-bochum.de;Europe;Germany\",\n \"https://mirror-hk.koddos.net/cygwin/;mirror-hk.koddos.net;Asia;Hong\"\ ,\n \"https://mirror.aarnet.edu.au/pub/sourceware/cygwin/;mirror.aarnet.edu.au;Australasia;Australia\",\n \"https://mirror.checkdomain.de/cygwin/;mirror.checkdomain.de;Europe;Germany\"\ ,\n \"https://mirror.clarkson.edu/cygwin/;mirror.clarkson.edu;North\",\n \"https://mirror.clientvps.com/cygwin/;mirror.clientvps.com;Europe;Germany\"\ ,\n \"https://mirror.csclub.uwaterloo.ca/cygwin/;mirror.csclub.uwaterloo.ca;North\",\n \"https://mirror.datacenter.by/pub/mirrors/cygwin/;mirror.datacenter.by;Europe;Belarus\"\ ,\n \"https://mirror.dogado.de/cygwin/;mirror.dogado.de;Europe;Germany\",\n \"https://mirror.easyname.at/cygwin/;mirror.easyname.at;Europe;Austria\"\ ,\n \"https://mirror.isoc.org.il/pub/cygwin/;mirror.isoc.org.il;Asia;Israel\",\n \"https://mirror.koddos.net/cygwin/;mirror.koddos.net;Europe;Netherlands\"\ ,\n \"https://mirror.lagoon.nc/cygwin/;mirror.lagoon.nc;Australasia;New\",\n \"https://mirror.mangohost.net/cygwin/;mirror.mangohost.net;Europe;Moldova\"\ ,\n \"https://mirror.steadfast.net/cygwin/;mirror.steadfast.net;North\",\n \"https://mirror.terrahost.no/cygwin/;mirror.terrahost.no;Europe;Norway\"\ ,\n \"https://mirrors.163.com/cygwin/;mirrors.163.com;Asia;China\",\n \"https://mirrors.163.comhttps://mirrors.aliyun.comhttps://mirror.clientvps.comhttps://cygwin.mirror.c\"\ ,\n \"https://mirrors.aliyun.com/cygwin/;mirrors.aliyun.com;Asia;China\",\n \"https://mirrors.aliyun.comhttps://mirror.clientvps.comhttps://cygwin.mirror.constant.comhttps://poli\"\ ,\n \"https://mirrors.dotsrc.org/cygwin/;mirrors.dotsrc.org;Europe;Denmark\",\n \"https://mirrors.filigrane-technologie.fr/cygwin/;mirrors.filigrane-technologie.fr;Europe;France\"\ ,\n \"https://mirrors.huaweicloud.com/cygwin/;mirrors.huaweicloud.com;Asia;China\",\n \"https://mirrors.kernel.org/sourceware/cygwin/;mirrors.kernel.org;North\"\ ,\n \"https://mirrors.netix.net/cygwin/;mirrors.netix.net;Europe;Bulgaria\",\n \"https://mirrors.neusoft.edu.cn/cygwin/;mirror7\",\n \ \ \"https://mirrors.neusoft.edu.cn/cygwin/;mirrors.neusoft.edu.cn;Asia;China\",\n \"https://mirrors.rit.edu/cygwin/;mirrors.rit.edu;North\",\n \ \ \"https://mirrors.sjtug.sjtu.edu.cn/cygwin/;mirrors.sjtug.sjtu.edu.cn;Asia;China\",\n \"https://mirrors.sonic.net/cygwin/;mirrors.sonic.net;North\"\ ,\n \"https://mirrors.tencent.com/cygwin/;mirrors.tencent.com;Asia;China\",\n \"https://mirrors.ustc.edu.cn/cygwin/;mirrors.ustc.edu.cn;Asia;China\"\ ,\n \"https://mirrors.xmission.com/cygwin/;mirrors.xmission.com;North\",\n \"https://muug.ca/mirror/cygwin/;muug.ca;North\",\n \ \ \"https://polish-mirror.evolution-host.com/cygwin/;polish-mirror.evolution-host.com;Europe;Poland\",\n \"https://sourceware.mirror.garr.it/cygwin/;sourceware.mirror.garr.it;Europe;Italy\"\ ,\n \"https://sunsite.icm.edu.pl/pub/cygnus/cygwin/;sunsite.icm.edu.pl;Europe;Poland\",\n \"https://www.gutscheinrausch.de/mirror/cygwin/;www.gutscheinrausch.de;Europe;Germany\"\ ,\n \"https://www.mirrorservice.org\",\n \"https://www.mirrorservice.org/sites/sourceware.org/pub/cygwin/;www.mirrorservice.org;Europe;UK\"\n\ \ ],\n \"id\": \"238\",\n \"description\": \"URLs found in memory or binary data\"\n },\n \ \ {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.11:49712 version: TLS\ \ 1.2\"\n ],\n \"id\": \"7058\",\n \"description\": \"Uses secure TLS version for HTTPS connections\"\n },\n\ \ {\n \"id\": \"625\",\n \"match_data\": [\n \"HTTP traffic on port 49713 -> 443\",\n \ \ \"HTTP traffic on port 443 -> 49713\"\n ],\n \"description\": \"Uses HTTPS\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ \n },\n {\n \"id\": \"263\",\n \"refs\": [\n {\n \"\ ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000000.00000002.4601502652.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp\"\n \ \ },\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000000.00000002.4601906974.0000000000C85000.00000004.00000020.00020000.00000000.sdmp\"\ \n }\n ],\n \"match_data\": [\n \"Hyper-V RAW0\",\n \"Hyper-V RAW\"\ \n ],\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\",\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"238\",\n \"match_data\": [\n \ \ \"ftp://cygwin.mirror.rafal.cars\",\n \"ftp://ftp-stud.hs-esslingen.dem\",\n \"ftp://ftp.2g?\",\n \"\ ftp://ftp.byfly.by/pub/cyg\",\n \"ftp://ftp.byfly.by/pub/cyg%\",\n \"ftp://ftp.byfly.by/pub/cygwin/\",\n \"ftp://ftp.byfly.by/pub/cygwin/http://dOf\"\ ,\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/p\",\n \"ftp://ftp.fs\",\n \"ftp://ftp.fsn.hu/pub/cygwin/p\"\ ,\n \"ftp://ftp.fsn.hu/pub/cygwin/tp\",\n \"ftp://ftp.fsn.hut\",\n \"ftp://ftp.ha\",\n \ \ \"ftp://ftp.haA\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://mOg\",\n \"\ ftp://ftp.iij.ad.jp/pub/cygwin/http://m_~\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://w\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\",\n\ \ \"ftp://ftp.iij.ad.jp/pub/cygwin/n\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/or\",\n \"ftp://ftp.inf.tu-dresden.de\"\ ,\n \"ftp://ftp.inf.tu-dresden.de.jpor\",\n \"ftp://ftp.inf.tu-dresden.degwin/\",\n \"ftp://ftp.inf.tu-dresden.degwin/http:/\"\ ,\n \"ftp://ftp.kaist.ac.kr/cygwin/\",\n \"ftp://ftp.kaist.ac.kr/cygwin/win\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://m\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://\",\n \"ftp://ftp.kr.freebsd.orgftp\",\n \"ftp://ftp.l\"\ ,\n \"ftp://ftp.lip6.fr/pub/cygwin/\",\n \"ftp://ftp.lip6.fr/pub/cygwin/or\",\n \"ftp://ftp.mirrorservice.orgin/r\"\ ,\n \"ftp://ftp.muug.ca/mirror/cygwin//https://\",\n \"ftp://ftp.muug.ca/mirror/cygwin/e\",\n \"ftp://ftp.n_db\"\ ,\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/https://\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/r\",\n \"ftp://ftp.snt.utwente.nl\"\ ,\n \"ftp://ftp.snt.utwente.nl/pub/software/cygwin/https://\",\n \"ftp://ftp.yz.yamagata-u.ac.jp\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jprs\",\n \"ftp://linux.rz.ruhr-uni-bochum.de\",\n \"ftp://linux.rz.ruhr-uni-bochum.de/cygwin/ustc\"\ ,\n \"ftp://linux.rz.ruhr-uni-bochum.de/http\",\n \"ftp://mirror.checkdomain.de\",\n \"ftp://mirror.checkdomain.de/cygwi(\"\ ,\n \"ftp://mirror.checkdomain.de/cygwin/\",\n \"ftp://mirror.checkdomain.de/cygwin/cygwin\",\n \"ftp://mirror.checkdomain.de/cygwin/p\"\ ,\n \"ftp://mirror.checkdomain.detp\",\n \"ftp://mirror.checkdomain.deunsite\",\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin/\"\ ,\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin/p\",\n \"ftp://mirror.csclub.uwaterloo.ca/cygwin/oc\",\n \"ftp://mirror.datacenter.byirror\"\ ,\n \"ftp://mirror.easyname.attp\",\n \"ftp://mirror.easyname.atygwin/http://f\",\n \"ftp://mirror.internode.on.net/pub/cygwin/\"\ ,\n \"ftp://mirror.internode.on.net/pub/cygwin/gwin/https://\",\n \"ftp://mirror.internode.on.nethttp://dOf\",\n \ \ \"ftp://mirror.internode.on.nethttp://ftp\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/ygwin\"\ ,\n \"ftp://mirrors.netix.net/cygwin/http://fG\",\n \"ftp://mirrors.netix.net/cygwin/http://w\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\"\ ,\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://f\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://m\",\n \ \ \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://w\",\n \"ftp://sunsite.icm.edu.plg/cygwin/\",\n \"ftp://sunsite.icm.edu.plix\"\ ,\n \"ftp://sunsite.icm.edu.plygwin\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://cps.letsencrypt.org0\"\ ,\n \"http://cps.root-x1.letsencrypt.org#\",\n \"http://cps.root-x1.letsencrypt.org0\",\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\"\ ,\n \"http://cygwin.cathedral-\",\n \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org.fs\"\ ,\n \"http://cygwin.cathedral-networks.org.ne\",\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/$z\"\ ,\n \"http://cygwin.cathedral-networks.org/&\",\n \"http://cygwin.cathedral-networks.org/&f\",\n \"http://cygwin.cathedral-networks.org/(\"\ ,\n \"http://cygwin.cathedral-networks.org/.9c\",\n \"http://cygwin.cathedral-networks.org/.f\",\n \"http://cygwin.cathedral-networks.org/.mwi\"\ ,\n \"http://cygwin.cathedral-networks.org/.o6g;\",\n \"http://cygwin.cathedral-networks.org/.t\",\n \"http://cygwin.cathedral-networks.org//\"\ ,\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org///7f\",\n \"http://cygwin.cathedral-networks.org///tbF\"\ ,\n \"http://cygwin.cathedral-networks.org//;\",\n \"http://cygwin.cathedral-networks.org//E\",\n \"http://cygwin.cathedral-networks.org//Feu\"\ ,\n \"http://cygwin.cathedral-networks.org//G\",\n \"http://cygwin.cathedral-networks.org//cU\",\n \"http://cygwin.cathedral-networks.org//do\"\ ,\n \"http://cygwin.cathedral-networks.org//ftp.is.co.za/mirrors/cygwin/et#f\",\n \"http://cygwin.cathedral-networks.org//jJ\",\n \ \ \"http://cygwin.cathedral-networks.org//m\",\n \"http://cygwin.cathedral-networks.org//mFx\",\n \"http://cygwin.cathedral-networks.org//y\"\ ,\n \"http://cygwin.cathedral-networks.org/:\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/;e\",\n \"http://cygwin.cathedral-networks.org/=\",\n \"http://cygwin.cathedral-networks.org/=x\"\ ,\n \"http://cygwin.cathedral-networks.org/?b\",\n \"http://cygwin.cathedral-networks.org/He\",\n \"http://cygwin.cathedral-networks.org/I\"\ ,\n \"http://cygwin.cathedral-networks.org/J\",\n \"http://cygwin.cathedral-networks.org/Jx\",\n \"http://cygwin.cathedral-networks.org/Le\"\ ,\n \"http://cygwin.cathedral-networks.org/N\",\n \"http://cygwin.cathedral-networks.org/P\",\n \"http://cygwin.cathedral-networks.org/Pek\"\ ,\n \"http://cygwin.cathedral-networks.org/Re\",\n \"http://cygwin.cathedral-networks.org/Rh\",\n \"http://cygwin.cathedral-networks.org/U\"\ ,\n \"http://cygwin.cathedral-networks.org/Vq\",\n \"http://cygwin.cathedral-networks.org/W\",\n \"http://cygwin.cathedral-networks.org/Y\"\ ,\n \"http://cygwin.cathedral-networks.org/ac\",\n \"http://cygwin.cathedral-networks.org/bdl\",\n \"http://cygwin.cathedral-networks.org/c\"\ ,\n \"http://cygwin.cathedral-networks.org/co\",\n \"http://cygwin.cathedral-networks.org/cr\",\n \"http://cygwin.cathedral-networks.org/cy\"\ ,\n \"http://cygwin.cathedral-networks.org/cy$b\",\n \"http://cygwin.cathedral-networks.org/dJ\",\n \"http://cygwin.cathedral-networks.org/ed\"\ ,\n \"http://cygwin.cathedral-networks.org/ed3\",\n \"http://cygwin.cathedral-networks.org/ee\",\n \"http://cygwin.cathedral-networks.org/f\"\ ,\n \"http://cygwin.cathedral-networks.org/fgs\",\n \"http://cygwin.cathedral-networks.org/ft\",\n \"http://cygwin.cathedral-networks.org/ht\"\ ,\n \"http://cygwin.cathedral-networks.org/i\",\n \"http://cygwin.cathedral-networks.org/ia\",\n \"http://cygwin.cathedral-networks.org/in\"\ ,\n \"http://cygwin.cathedral-networks.org/inKb\",\n \"http://cygwin.cathedral-networks.org/irrors/cygwin/n/\",\n \ \ \"http://cygwin.cathedral-networks.org/it\",\n \"http://cygwin.cathedral-networks.org/j\",\n \"http://cygwin.cathedral-networks.org/ka\"\ ,\n \"http://cygwin.cathedral-networks.org/ky\",\n \"http://cygwin.cathedral-networks.org/l\",\n \"http://cygwin.cathedral-networks.org/mi\"\ ,\n \"http://cygwin.cathedral-networks.org/n/\",\n \"http://cygwin.cathedral-networks.org/n5g\",\n \"http://cygwin.cathedral-networks.org/ne\"\ ,\n \"http://cygwin.cathedral-networks.org/niJg\",\n \"http://cygwin.cathedral-networks.org/nl\",\n \"http://cygwin.cathedral-networks.org/of\"\ ,\n \"http://cygwin.cathedral-networks.org/olx\",\n \"http://cygwin.cathedral-networks.org/oo\",\n \"http://cygwin.cathedral-networks.org/osHy\"\ ,\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/ps\",\n \"http://cygwin.cathedral-networks.org/r(c\"\ ,\n \"http://cygwin.cathedral-networks.org/ra\",\n \"http://cygwin.cathedral-networks.org/rahost\",\n \"http://cygwin.cathedral-networks.org/rs\"\ ,\n \"http://cygwin.cathedral-networks.org/s.\",\n \"http://cygwin.cathedral-networks.org/s:\",\n \"http://cygwin.cathedral-networks.org/stMy\"\ ,\n \"http://cygwin.cathedral-networks.org/su\",\n \"http://cygwin.cathedral-networks.org/teiy\",\n \"http://cygwin.cathedral-networks.org/tp\"\ ,\n \"http://cygwin.cathedral-networks.org/tpzb\",\n \"http://cygwin.cathedral-networks.org/w\",\n \"http://cygwin.cathedral-networks.org/xeS\"\ ,\n \"http://cygwin.cathedral-networks.org/xzS\",\n \"http://cygwin.cathedral-networks.org/yg\",\n \"http://cygwin.cathedral-networks.org/~\"\ ,\n \"http://cygwin.cathedral-networks.org8\",\n \"http://cygwin.cathedral-networks.orgCe\",\n \"http://cygwin.cathedral-networks.orgI\"\ ,\n \"http://cygwin.cathedral-networks.orgJet\",\n \"http://cygwin.cathedral-networks.orgM\",\n \"http://cygwin.cathedral-networks.orgMi\"\ ,\n \"http://cygwin.cathedral-networks.orgMz\",\n \"http://cygwin.cathedral-networks.orgOeq\",\n \"http://cygwin.cathedral-networks.orgW\"\ ,\n \"http://cygwin.cathedral-networks.orgZ\",\n \"http://cygwin.cathedral-networks.orgate\",\n \"http://cygwin.cathedral-networks.orgbx\"\ ,\n \"http://cygwin.cathedral-networks.orgcygxbR\",\n \"http://cygwin.cathedral-networks.orgd\",\n \"http://cygwin.cathedral-networks.orger.\"\ ,\n \"http://cygwin.cathedral-networks.orgn\",\n \"http://cygwin.cathedral-networks.orgn/\",\n \"http://cygwin.cathedral-networks.orgn/o\"\ ,\n \"http://cygwin.cathedral-networks.orgnetVy\",\n \"http://cygwin.cathedral-networks.orgq\",\n \"http://cygwin.cathedral-networks.orgr.c\"\ ,\n \"http://cygwin.cathedral-networks.orgror\",\n \"http://cygwin.cathedral-networks.orgstc\",\n \"http://cygwin.cathedral-networks.orgt.\"\ ,\n \"http://cygwin.cathedral-networks.orgte.\",\n \"http://cygwin.cathedral-networks.orguts\",\n \"http://cygwin.cathedral-networks.orgvfI\"\ ,\n \"http://cygwin.cathedral-networks.orgx\",\n \"http://cygwin.mbwarez.dk\",\n \"http://cygwin.mbwarez.dk-bochum.de\"\ ,\n \"http://cygwin.mbwarez.dk.byn/c.pteIx\",\n \"http://cygwin.mbwarez.dk.de/cygwin/e\",\n \"http://cygwin.mbwarez.dk.dein/\"\ ,\n \"http://cygwin.mbwarez.dk.den/win//\",\n \"http://cygwin.mbwarez.dk.deork-0\",\n \"http://cygwin.mbwarez.dk.fsn.hufr\"\ ,\n \"http://cygwin.mbwarez.dk.halifax.rwth-a\",\n \"http://cygwin.mbwarez.dk.kaist.ac.krmPz\",\n \"http://cygwin.mbwarez.dk.netom/cygwin\"\ ,\n \"http://cygwin.mbwarez.dk.orgks.org\",\n \"http://cygwin.mbwarez.dk.orgygwin/\",\n \"http://cygwin.mbwarez.dk/\"\ ,\n \"http://cygwin.mbwarez.dk/#\",\n \"http://cygwin.mbwarez.dk/(o\",\n \"http://cygwin.mbwarez.dk/)\",\n \ \ \"http://cygwin.mbwarez.dk/.\",\n \"http://cygwin.mbwarez.dk/.ad.jpjp\",\n \"http://cygwin.mbwarez.dk/.cah.de\",\n \ \ \"http://cygwin.mbwarez.dk/.cnpt$q\",\n \"http://cygwin.mbwarez.dk/.comin/3\",\n \"http://cygwin.mbwarez.dk/.de//:d\"\ ,\n \"http://cygwin.mbwarez.dk/.de/ia\",\n \"http://cygwin.mbwarez.dk/.dede/t/Ve\",\n \"http://cygwin.mbwarez.dk/.degwin//3g\"\ ,\n \"http://cygwin.mbwarez.dk/.desso.net/\",\n \"http://cygwin.mbwarez.dk/.hu/pub/cyg\",\n \"http://cygwin.mbwarez.dk/.il/pu\"\ ,\n \"http://cygwin.mbwarez.dk/.twaren.net\",\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk//.ruhr-uni\"\ ,\n \"http://cygwin.mbwarez.dk///cygwin/\",\n \"http://cygwin.mbwarez.dk///cygwin/4\",\n \"http://cygwin.mbwarez.dk//cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin//\",\n \"http://cygwin.mbwarez.dk//cygwin///\",\n \"http://cygwin.mbwarez.dk//cygwin/=aT\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/T\",\n \"http://cygwin.mbwarez.dk//cygwin/n/\",\n \"http://cygwin.mbwarez.dk//cygwin/win/\"\ ,\n \"http://cygwin.mbwarez.dk//gwin///f5eP\",\n \"http://cygwin.mbwarez.dk//gwin/8g\",\n \"http://cygwin.mbwarez.dk//in/\"\ ,\n \"http://cygwin.mbwarez.dk//in/.com\",\n \"http://cygwin.mbwarez.dk//in/comBy\",\n \"http://cygwin.mbwarez.dk//pub/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk//pub/m\",\n \"http://cygwin.mbwarez.dk//wbx\",\n \"http://cygwin.mbwarez.dk//win//\"\ ,\n \"http://cygwin.mbwarez.dk//ygwin/\",\n \"http://cygwin.mbwarez.dk//ygwin32/C\",\n \"http://cygwin.mbwarez.dk/1\"\ ,\n \"http://cygwin.mbwarez.dk/3\",\n \"http://cygwin.mbwarez.dk/3.com\",\n \"http://cygwin.mbwarez.dk/5\",\n \ \ \"http://cygwin.mbwarez.dk/7\",\n \"http://cygwin.mbwarez.dk/7b\",\n \"http://cygwin.mbwarez.dk/7z\",\n \ \ \"http://cygwin.mbwarez.dk/:\",\n \"http://cygwin.mbwarez.dk/;\",\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\"\ ,\n \"http://cygwin.mbwarez.dk/A\",\n \"http://cygwin.mbwarez.dk/Australi\",\n \"http://cygwin.mbwarez.dk/Chinaft\"\ ,\n \"http://cygwin.mbwarez.dk/D\",\n \"http://cygwin.mbwarez.dk/E\",\n \"http://cygwin.mbwarez.dk/Europe\",\n \ \ \"http://cygwin.mbwarez.dk/H\",\n \"http://cygwin.mbwarez.dk/Moldova\",\n \"http://cygwin.mbwarez.dk/N\",\n \ \ \"http://cygwin.mbwarez.dk/North\",\n \"http://cygwin.mbwarez.dk/P\",\n \"http://cygwin.mbwarez.dk/R\",\n \ \ \"http://cygwin.mbwarez.dk/ac.jpdk\",\n \"http://cygwin.mbwarez.dk/acenter.by\",\n \"http://cygwin.mbwarez.dk/acenter.by/\"\ ,\n \"http://cygwin.mbwarez.dk/aist.ac.kr3c\",\n \"http://cygwin.mbwarez.dk/aliP\",\n \"http://cygwin.mbwarez.dk/ant.com/\"\ ,\n \"http://cygwin.mbwarez.dk/au2\",\n \"http://cygwin.mbwarez.dk/b/cygwin//os\",\n \"http://cygwin.mbwarez.dk/b/cygwin/in\"\ ,\n \"http://cygwin.mbwarez.dk/c.jp/pub/cygwinzw\",\n \"http://cygwin.mbwarez.dk/cn\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cn/cygwin/)l\",\n \"http://cygwin.mbwarez.dk/cygwin/\",\n \"http://cygwin.mbwarez.dk/cygwin/.a\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/.ch\",\n \"http://cygwin.mbwarez.dk/cygwin/.d\",\n \"http://cygwin.mbwarez.dk/cygwin//in/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//n/r\",\n \"http://cygwin.mbwarez.dk/cygwin//pub/cOxw\",\n \"http://cygwin.mbwarez.dk/cygwin/2z\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/H\",\n \"http://cygwin.mbwarez.dk/cygwin/ali\",\n \"http://cygwin.mbwarez.dk/cygwin/in/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/cygwin/n/gf\",\n \"http://cygwin.mbwarez.dk/cygwin/qd\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/~\",\n \"http://cygwin.mbwarez.dk/d\",\n \"http://cygwin.mbwarez.dk/d.comin/Z\"\ ,\n \"http://cygwin.mbwarez.dk/de/cygwin/\",\n \"http://cygwin.mbwarez.dk/de/cygwin/:\",\n \"http://cygwin.mbwarez.dk/de/cygwin/ny\"\ ,\n \"http://cygwin.mbwarez.dk/dein//n/-f\",\n \"http://cygwin.mbwarez.dk/e\",\n \"http://cygwin.mbwarez.dk/e/cygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/e/software/win9f\",\n \"http://cygwin.mbwarez.dk/en.de.orgJ\",\n \"http://cygwin.mbwarez.dk/erloo.caz\"\ ,\n \"http://cygwin.mbwarez.dk/et/cyg\",\n \"http://cygwin.mbwarez.dk/et/cygwin/\",\n \"http://cygwin.mbwarez.dk/et/cygwin/tsr\"\ ,\n \"http://cygwin.mbwarez.dk/etworks.org/\",\n \"http://cygwin.mbwarez.dk/etworks.org/3\",\n \"http://cygwin.mbwarez.dk/fsn.hun.dem\"\ ,\n \"http://cygwin.mbwarez.dk/ftp://linux\",\n \"http://cygwin.mbwarez.dk/g/cygwin/\",\n \"http://cygwin.mbwarez.dk/gwin\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/\",\n \"http://cygwin.mbwarez.dk/gwin/32/g\",\n \"http://cygwin.mbwarez.dk/gwin/A\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/n/nu\",\n \"http://cygwin.mbwarez.dk/gwin/ware/winkg\",\n \"http://cygwin.mbwarez.dk/gwin/win/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/win//Eek\",\n \"http://cygwin.mbwarez.dk/hen.dein/n/)y\",\n \"http://cygwin.mbwarez.dk/ie.fr/\"\ ,\n \"http://cygwin.mbwarez.dk/il\",\n \"http://cygwin.mbwarez.dk/in/\",\n \"http://cygwin.mbwarez.dk/in/.edu.pl\"\ ,\n \"http://cygwin.mbwarez.dk/in/.org.ij\",\n \"http://cygwin.mbwarez.dk/in/63.com\",\n \"http://cygwin.mbwarez.dk/in/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/in/dxP\",\n \"http://cygwin.mbwarez.dk/in/ervice.\",\n \"http://cygwin.mbwarez.dk/in/gwin/Fd\"\ ,\n \"http://cygwin.mbwarez.dk/in/in/\",\n \"http://cygwin.mbwarez.dk/in/in/n/\",\n \"http://cygwin.mbwarez.dk/in/jp\"\ ,\n \"http://cygwin.mbwarez.dk/in/l.ca/cLo\",\n \"http://cygwin.mbwarez.dk/in/n/\",\n \"http://cygwin.mbwarez.dk/in/n///\"\ ,\n \"http://cygwin.mbwarez.dk/in/n/in/s.\",\n \"http://cygwin.mbwarez.dk/in/n/n/\",\n \"http://cygwin.mbwarez.dk/in/n/qy\"\ ,\n \"http://cygwin.mbwarez.dk/in/ropec\",\n \"http://cygwin.mbwarez.dk/in/warez.d\",\n \"http://cygwin.mbwarez.dk/in/win32/O\"\ ,\n \"http://cygwin.mbwarez.dk/in/ygwin/qe\",\n \"http://cygwin.mbwarez.dk/irror\",\n \"http://cygwin.mbwarez.dk/irror-hk\"\ ,\n \"http://cygwin.mbwarez.dk/m/cygwin/\",\n \"http://cygwin.mbwarez.dk/m/cygwin/ata-\",\n \"http://cygwin.mbwarez.dk/mirror\"\ ,\n \"http://cygwin.mbwarez.dk/mirror.dogado.\",\n \"http://cygwin.mbwarez.dk/mirrors.\",\n \"http://cygwin.mbwarez.dk/n\"\ ,\n \"http://cygwin.mbwarez.dk/n.dein/\",\n \"http://cygwin.mbwarez.dk/n.dein/g/\",\n \"http://cygwin.mbwarez.dk/n/\"\ ,\n \"http://cygwin.mbwarez.dk/n//\",\n \"http://cygwin.mbwarez.dk/n/05/\",\n \"http://cygwin.mbwarez.dk/n/7\",\n\ \ \"http://cygwin.mbwarez.dk/n/cygwin/\",\n \"http://cygwin.mbwarez.dk/n/cygwin//\",\n \"http://cygwin.mbwarez.dk/n/cygwin/0f\"\ ,\n \"http://cygwin.mbwarez.dk/n/cygwin/Jhh\",\n \"http://cygwin.mbwarez.dk/n/cygwin/free&g\",\n \"http://cygwin.mbwarez.dk/n/gwin/or\"\ ,\n \"http://cygwin.mbwarez.dk/n/in/\",\n \"http://cygwin.mbwarez.dk/n/in/in/\",\n \"http://cygwin.mbwarez.dk/n/n/E0\"\ ,\n \"http://cygwin.mbwarez.dk/n/ygwin/\",\n \"http://cygwin.mbwarez.dk/n/ygwin/=l\",\n \"http://cygwin.mbwarez.dk/n/ygwin/sn\"\ ,\n \"http://cygwin.mbwarez.dk/ncent.com\",\n \"http://cygwin.mbwarez.dk/netwin/in/\",\n \"http://cygwin.mbwarez.dk/no/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/no/cygwin/Ml\",\n \"http://cygwin.mbwarez.dk/o\",\n \"http://cygwin.mbwarez.dk/om/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/om/cygwin/G\",\n \"http://cygwin.mbwarez.dk/org\",\n \"http://cygwin.mbwarez.dk/org/n/=\"\ ,\n \"http://cygwin.mbwarez.dk/owin/\",\n \"http://cygwin.mbwarez.dk/p\"\n ],\n \"description\"\ : \"URLs found in memory or binary data\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"7058\"\ ,\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.10:49713 version: TLS 1.2\"\n ],\n \"description\"\ : \"Uses secure TLS version for HTTPS connections\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"description\"\ : \"Uses HTTPS\",\n \"match_data\": [\n \"HTTP traffic on port 49728 -> 443\",\n \"HTTP traffic on port 443 -> 49728\"\ \n ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"625\"\n },\n {\n \ \ \"refs\": [\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000001.00000002.4622195069.0000000000D18000.00000004.00000020.00020000.00000000.sdmp,\ \ software.exe, 00000001.00000002.4623016437.0000000000D68000.00000004.00000020.00020000.00000000.sdmp\"\n }\n ],\n \"description\"\ : \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\",\n \"match_data\": [\n \"Hyper-V RAW\"\n \ \ ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"263\"\n },\n {\n \ \ \"description\": \"URLs found in memory or binary data\",\n \"match_data\": [\n \"ftp://cygwin.mirror.rafal.ca/pub/cygwin/en\",\n \ \ \"ftp://cygwin.mirror.rafal.ca/pub/cygwin/st\",\n \"ftp://cygwin.mirror.rafal.cat\",\n \"ftp://ftp.Q\",\n \ \ \"ftp://ftp.byfly.by/pub/cygwin/https://f\",\n \"ftp://ftp.byfly.by/pub/cygwin/in/\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://c\"\ ,\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://;\",\n \ \ \"ftp://ftp.fa\",\n \"ftp://ftp.fau.de/cygwin/gen.dehttp://mm\",\n \"ftp://ftp.fau.de/cygwin/ix\",\n \ \ \"ftp://ftp.fau.de/cygwin/mirror\",\n \"ftp://ftp.fs\",\n \"ftp://ftp.fsj\",\n \"ftp://ftp.fsn.hu/pub/cygwin/http://ftp.\"\ ,\n \"ftp://ftp.halifax.rwth-aachen.de\",\n \"ftp://ftp.halifax.rwth-aachen.de/\",\n \"ftp://ftp.halifax.rwth-aachen.de/cygwin/ygwin/http://m\"\ ,\n \"ftp://ftp.halifax.rwth-aachen.dehttps:/h2\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://fK\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://fu\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://m5\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\"\ ,\n \"ftp://ftp.inf.tu-dresden.deygwin\",\n \"ftp://ftp.kaist.ac.kr/cygwin/https://)\",\n \"ftp://ftp.kaist.ac.kr/cygwin/rror\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://m\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://8\",\n \ \ \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://d\",\n \"ftp://ftp.kr.freebsd.orgderors\",\n \"ftp://ftp.lU/\"\ ,\n \"ftp://ftp.lip6.fr/pub/cygwin/\",\n \"ftp://ftp.lip6.fr/pub/cygwin/p\",\n \"ftp://ftp.lip6.fr/pub/cygwin/win/http:\"\ ,\n \"ftp://ftp.muug.ca/mirror/cygwin/in/\",\n \"ftp://ftp.n\",\n \"ftp://ftp.ntua.gr\",\n \ \ \"ftp://ftp.rnl.tecnico.ulisboa.pt/http:\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/\",\n \"ftp://ftp.yz.yamagata-u.ac.jphttps://)\"\ ,\n \"ftp://linux.rz.ruhr-uni-bochum.de\",\n \"ftp://linux.rz.ruhr-uni-bochum.dehttps:\",\n \"ftp://mirror.checkdomain.de/cygwin/http\"\ ,\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin//http\",\n \"ftp://mirror.csclub.uwaterlo\",\n \"ftp://mirror.datacenter.by/http://ftp.\"\ ,\n \"ftp://mirror.datacenter.bytechor\",\n \"ftp://mirror.easyname.at/cygwin/http://m\",\n \"ftp://mirror.easyname.attp\"\ ,\n \"ftp://mirror.internode.on.net\",\n \"ftp://mirror.internode.on.neters\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/st\"\ ,\n \"ftp://mirrors.netix.net/cygwin/\",\n \"ftp://mirrors.netix.net/cygwin/http://f\",\n \"ftp://mirrors.netix.net/cygwin/https://\"\ ,\n \"ftp://mirrors.syringanetworks.net/cygwin/\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\",\n \ \ \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://l\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/in/https://C\",\n \"ftp://sunsite.icm.edu.plygwin\"\ ,\n \"http://ac.economia.gob.mx/cps.html0\",\n \"http://ac.economia.gob.mx/last.crl0G\",\n \"http://acedicom.edicomgroup.com/doc0\"\ ,\n \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0\",\n \ \ \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://ca.disig.sk/ca/crl/ca_disig.crl0\"\ ,\n \"http://ca.mtin.es/mtin/DPCyPoliticas0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0g\",\n \"http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03\"\ ,\n \"http://ca.mtin.es/mtin/ocsp0\",\n \"http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0\",\n \"http://certificates.starfieldtech.com/repository/1604\"\ ,\n \"http://certs.oati.net/repository/OATICA2.crl0\",\n \"http://certs.oati.net/repository/OATICA2.crt0\",\n \"\ http://certs.oaticerts.com/repository/OATICA2.crl\",\n \"http://certs.oaticerts.com/repository/OATICA2.crt08\",\n \"http://cps.chambersign.org/cps/chambersignroot.html0\"\ ,\n \"http://cps.chambersign.org/cps/chambersroot.html0\",\n \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\"\ ,\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \"http://crl.certigna.fr/certignarootca.crl01\",\n \"http://crl.chambersign.org/chambersignroot.crl0\"\ ,\n \"http://crl.chambersign.org/chambersroot.crl0\",\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \ \ \"http://crl.defence.gov.au/pki0\",\n \"http://crl.dhimyotis.com/certignarootca.crl0\",\n \"http://crl.globalsign.net/root-r2.crl0\",\n\ \ \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\",\n \"http://crl.pki.wellsfargo.com/wsprca.crl0\"\ ,\n \"http://crl.securetrust.com/SGCA.crl0\",\n \"http://crl.securetrust.com/STCA.crl0\",\n \"http://crl.ssc.lt/root-a/cacrl.crl0\"\ ,\n \"http://crl.ssc.lt/root-b/cacrl.crl0\",\n \"http://crl.ssc.lt/root-c/cacrl.crl0\",\n \"http://crl.xrampsecurity.com/XGCA.crl0\"\ ,\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab\"\ ,\n \"http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635\",\n \"http://cygwin.cathedral-g3\"\ ,\n \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org)\",\n \"http://cygwin.cathedral-networks.org.haz&\"\ ,\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/)\",\n \"http://cygwin.cathedral-networks.org/-6\"\ ,\n \"http://cygwin.cathedral-networks.org/.S\",\n \"http://cygwin.cathedral-networks.org/.dc\",\n \"http://cygwin.cathedral-networks.org/.i\"\ ,\n \"http://cygwin.cathedral-networks.org/.o\",\n \"http://cygwin.cathedral-networks.org//\",\n \"http://cygwin.cathedral-networks.org///\"\ ,\n \"http://cygwin.cathedral-networks.org///E/\",\n \"http://cygwin.cathedral-networks.org//J-X\",\n \"http://cygwin.cathedral-networks.org//S&7\"\ ,\n \"http://cygwin.cathedral-networks.org//V\",\n \"http://cygwin.cathedral-networks.org//f\",\n \"http://cygwin.cathedral-networks.org//fA\"\ ,\n \"http://cygwin.cathedral-networks.org//lV(\",\n \"http://cygwin.cathedral-networks.org//m\",\n \"http://cygwin.cathedral-networks.org//mirror0\"\ ,\n \"http://cygwin.cathedral-networks.org//p-V\",\n \"http://cygwin.cathedral-networks.org//w\",\n \"http://cygwin.cathedral-networks.org//wm&\"\ ,\n \"http://cygwin.cathedral-networks.org/9\",\n \"http://cygwin.cathedral-networks.org/;$\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/?\",\n \"http://cygwin.cathedral-networks.org/?;\",\n \"http://cygwin.cathedral-networks.org/Am.\"\ ,\n \"http://cygwin.cathedral-networks.org/H\",\n \"http://cygwin.cathedral-networks.org/H)\",\n \"http://cygwin.cathedral-networks.org/H3\"\ ,\n \"http://cygwin.cathedral-networks.org/L\",\n \"http://cygwin.cathedral-networks.org/L&\",\n \"http://cygwin.cathedral-networks.org/U\"\ ,\n \"http://cygwin.cathedral-networks.org/W\",\n \"http://cygwin.cathedral-networks.org/Y3\",\n \"http://cygwin.cathedral-networks.org/a3\"\ ,\n \"http://cygwin.cathedral-networks.org/buu\",\n \"http://cygwin.cathedral-networks.org/cB\",\n \"http://cygwin.cathedral-networks.org/cy\"\ ,\n \"http://cygwin.cathedral-networks.org/d\",\n \"http://cygwin.cathedral-networks.org/d3\",\n \"http://cygwin.cathedral-networks.org/e\"\ ,\n \"http://cygwin.cathedral-networks.org/ha\",\n \"http://cygwin.cathedral-networks.org/i\",\n \"http://cygwin.cathedral-networks.org/ia\"\ ,\n \"http://cygwin.cathedral-networks.org/in\",\n \"http://cygwin.cathedral-networks.org/j\",\n \"http://cygwin.cathedral-networks.org/k\"\ ,\n \"http://cygwin.cathedral-networks.org/l\",\n \"http://cygwin.cathedral-networks.org/ly\",\n \"http://cygwin.cathedral-networks.org/m\"\ ,\n \"http://cygwin.cathedral-networks.org/mi\",\n \"http://cygwin.cathedral-networks.org/nc(\",\n \"http://cygwin.cathedral-networks.org/ni\"\ ,\n \"http://cygwin.cathedral-networks.org/o)Y\",\n \"http://cygwin.cathedral-networks.org/on\",\n \"http://cygwin.cathedral-networks.org/p/\"\ ,\n \"http://cygwin.cathedral-networks.org/p1\",\n \"http://cygwin.cathedral-networks.org/pl9\",\n \"http://cygwin.cathedral-networks.org/q\"\ ,\n \"http://cygwin.cathedral-networks.org/q.\",\n \"http://cygwin.cathedral-networks.org/r-v&\",\n \"http://cygwin.cathedral-networks.org/r0\"\ ,\n \"http://cygwin.cathedral-networks.org/ro-\",\n \"http://cygwin.cathedral-networks.org/rz\",\n \"http://cygwin.cathedral-networks.org/s/\"\ ,\n \"http://cygwin.cathedral-networks.org/s/t\",\n \"http://cygwin.cathedral-networks.org/st&\",\n \"http://cygwin.cathedral-networks.org/t$\"\ ,\n \"http://cygwin.cathedral-networks.org/tc\",\n \"http://cygwin.cathedral-networks.org/te_\",\n \"http://cygwin.cathedral-networks.org/tp\"\ ,\n \"http://cygwin.cathedral-networks.org/u\",\n \"http://cygwin.cathedral-networks.org/unS\",\n \"http://cygwin.cathedral-networks.org/wn\"\ ,\n \"http://cygwin.cathedral-networks.org/y1\",\n \"http://cygwin.cathedral-networks.org/ygB\",\n \"http://cygwin.cathedral-networks.org/~6\"\ ,\n \"http://cygwin.cathedral-networks.org6\",\n \"http://cygwin.cathedral-networks.org://\",\n \"http://cygwin.cathedral-networks.orgA&\"\ ,\n \"http://cygwin.cathedral-networks.orgS\",\n \"http://cygwin.cathedral-networks.orgT\",\n \"http://cygwin.cathedral-networks.orgb/c\"\ ,\n \"http://cygwin.cathedral-networks.orgb6\",\n \"http://cygwin.cathedral-networks.orgd\",\n \"http://cygwin.cathedral-networks.orgi\"\ ,\n \"http://cygwin.cathedral-networks.orgl\",\n \"http://cygwin.cathedral-networks.orgn/\",\n \"http://cygwin.cathedral-networks.orgn/V\"\ ,\n \"http://cygwin.cathedral-networks.orgn/X\",\n \"http://cygwin.cathedral-networks.orgn/w3\",\n \"http://cygwin.cathedral-networks.orgomH\"\ ,\n \"http://cygwin.cathedral-networks.orgon\",\n \"http://cygwin.cathedral-networks.orgown\",\n \"http://cygwin.cathedral-networks.orgp6\"\ ,\n \"http://cygwin.cathedral-networks.orgtsc\",\n \"http://cygwin.cathedral-networks.orgwin\",\n \"http://cygwin.cathedral-networks.orgwnl\"\ ,\n \"http://cygwin.cathedral-networks.orgx\",\n \"http://cygwin.cathedral-networks.orgygw\",\n \"http://cygwin.cathedral-s-W\"\ ,\n \"http://cygwin.mbwarez\",\n \"http://cygwin.mbwarez.dk\",\n \"http://cygwin.mbwarez.dk.\",\n \ \ \"http://cygwin.mbwarez.dk.ac.jp/N%\",\n \"http://cygwin.mbwarez.dk.ac.jpin/aren.net\",\n \"http://cygwin.mbwarez.dk.aur/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk.byn//7\",\n \"http://cygwin.mbwarez.dk.de/cygwin/\",\n \"http://cygwin.mbwarez.dk.deorks.orga\"\ ,\n \"http://cygwin.mbwarez.dk.net\",\n \"http://cygwin.mbwarez.dk.netwin/s://e\",\n \"http://cygwin.mbwarez.dk.orgcygwin/yg\"\ ,\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/#\",\n \"http://cygwin.mbwarez.dk/#p.fau.de\",\n\ \ \"http://cygwin.mbwarez.dk/$\",\n \"http://cygwin.mbwarez.dk/$$\",\n \"http://cygwin.mbwarez.dk/%\",\n \ \ \"http://cygwin.mbwarez.dk/.ac.nz\",\n \"http://cygwin.mbwarez.dk/.at/cygwin//;.\",\n \"http://cygwin.mbwarez.dk/.cn/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/.cn/cygwin///e\",\n \"http://cygwin.mbwarez.dk/.cnygwin/\",\n \"http://cygwin.mbwarez.dk/.iij.ad.jpjpQ\"\ ,\n \"http://cygwin.mbwarez.dk/.nc\",\n \"http://cygwin.mbwarez.dk/.nete\",\n \"http://cygwin.mbwarez.dk/.netgwin/\"\ ,\n \"http://cygwin.mbwarez.dk///cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin/.gar\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin//\",\n \"http://cygwin.mbwarez.dk//cygwin//sd\",\n \"http://cygwin.mbwarez.dk//cygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk//gwin//g\",\n \"http://cygwin.mbwarez.dk//n/\",\n \"http://cygwin.mbwarez.dk/1\",\n\ \ \"http://cygwin.mbwarez.dk/5A\",\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\",\n \"\ http://cygwin.mbwarez.dk/Asia/\",\n \"http://cygwin.mbwarez.dk/E\",\n \"http://cygwin.mbwarez.dk/Europe\",\n \"http://cygwin.mbwarez.dk/F\"\ ,\n \"http://cygwin.mbwarez.dk/Hong\",\n \"http://cygwin.mbwarez.dk/achen.deo\",\n \"http://cygwin.mbwarez.dk/agata-u.ac.jp\"\ ,\n \"http://cygwin.mbwarez.dk/bygwin/\",\n \"http://cygwin.mbwarez.dk/c.jp\",\n \"http://cygwin.mbwarez.dk/chum.degwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cn/cygwin/\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/.e\",\n \"http://cygwin.mbwarez.dk/cnso.net/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/\",\n \"http://cygwin.mbwarez.dk/cygwin//\",\n \"http://cygwin.mbwarez.dk/cygwin/I\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/K\",\n \"http://cygwin.mbwarez.dk/cygwin/R2\",\n \"http://cygwin.mbwarez.dk/cygwin/W\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/et\",\n \"http://cygwin.mbwarez.dk/cygwin/gwin/N\",\n \"http://cygwin.mbwarez.dk/cygwin/in/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/in//\",\n \"http://cygwin.mbwarez.dk/cygwin/n\",\n \"http://cygwin.mbwarez.dk/cygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n/N\",\n \"http://cygwin.mbwarez.dk/cygwin/win/\",\n \"http://cygwin.mbwarez.dk/d.com/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/d.com/gwin/\",\n \"http://cygwin.mbwarez.dk/d.comn/\",\n \"http://cygwin.mbwarez.dk/de\"\ ,\n \"http://cygwin.mbwarez.dk/de/cygwin//\",\n \"http://cygwin.mbwarez.dk/de/cygwin/EuropeH0\",\n \"http://cygwin.mbwarez.dk/derror.easyna\"\ ,\n \"http://cygwin.mbwarez.dk/e/cygwin/\",\n \"http://cygwin.mbwarez.dk/e:\",\n \"http://cygwin.mbwarez.dk/ea.ptttps://\"\ ,\n \"http://cygwin.mbwarez.dk/ebsd.orgc.jp\",\n \"http://cygwin.mbwarez.dk/egwin/win/\",\n \"http://cygwin.mbwarez.dk/et/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/etn//\",\n \"http://cygwin.mbwarez.dk/fly.by.nc\",\n \"http://cygwin.mbwarez.dk/g/cygwin/F-c\"\ ,\n \"http://cygwin.mbwarez.dk/g/cygwin/i\",\n \"http://cygwin.mbwarez.dk/g/cygwin/mq\",\n \"http://cygwin.mbwarez.dk/g/cygwin/w\"\ ,\n \"http://cygwin.mbwarez.dk/g/cygwin/~\",\n \"http://cygwin.mbwarez.dk/gie.frpt/soft_\",\n \"http://cygwin.mbwarez.dk/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin//\",\n \"http://cygwin.mbwarez.dk/gwin//win/\",\n \"http://cygwin.mbwarez.dk/gwin/W\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/cn/cyd\",\n \"http://cygwin.mbwarez.dk/gwin/n/C/B\",\n \"http://cygwin.mbwarez.dk/gwin/n/liZ-o\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/n32/\",\n \"http://cygwin.mbwarez.dk/gwin/ope\",\n \"http://cygwin.mbwarez.dk/gwin/p://cy/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/win/b\",\n \"http://cygwin.mbwarez.dk/h.de\",\n \"http://cygwin.mbwarez.dk/hen.de\"\ ,\n \"http://cygwin.mbwarez.dk/hen.deorg/\",\n \"http://cygwin.mbwarez.dk/in.uib.no/\",\n \"http://cygwin.mbwarez.dk/in/\"\ ,\n \"http://cygwin.mbwarez.dk/in//\",\n \"http://cygwin.mbwarez.dk/in//$\",\n \"http://cygwin.mbwarez.dk/in/cygwin/e8\"\ ,\n \"http://cygwin.mbwarez.dk/in/cygwin/ft\",\n \"http://cygwin.mbwarez.dk/in/gwin/l\",\n \"http://cygwin.mbwarez.dk/in/in//7\"\ ,\n \"http://cygwin.mbwarez.dk/in/in/ac\",\n \"http://cygwin.mbwarez.dk/in/in/n/\",\n \"http://cygwin.mbwarez.dk/in/in/r.\"\ ,\n \"http://cygwin.mbwarez.dk/in/n/\",\n \"http://cygwin.mbwarez.dk/in/ong\",\n \"http://cygwin.mbwarez.dk/in/siaN2\"\ ,\n \"http://cygwin.mbwarez.dk/in/tp://su\",\n \"http://cygwin.mbwarez.dk/in/win/\",\n \"http://cygwin.mbwarez.dk/in/ygwin\"\ ,\n \"http://cygwin.mbwarez.dk/inade\",\n \"http://cygwin.mbwarez.dk/irror.easynr-\",\n \"http://cygwin.mbwarez.dk/jp\"\ ,\n \"http://cygwin.mbwarez.dk/ly.coml\",\n \"http://cygwin.mbwarez.dk/ly.comn/r\",\n \"http://cygwin.mbwarez.dk/m.de/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/m/cygwin/\",\n \"http://cygwin.mbwarez.dk/mgwin/rrors./\",\n \"http://cygwin.mbwarez.dk/n.itefix.nef\"\ ,\n \"http://cygwin.mbwarez.dk/n/\",\n \"http://cygwin.mbwarez.dk/n/al.ca/\",\n \"http://cygwin.mbwarez.dk/n/cygw\"\ ,\n \"http://cygwin.mbwarez.dk/n/gwin/du\",\n \"http://cygwin.mbwarez.dk/n/win//\",\n \"http://cygwin.mbwarez.dk/n/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/net//63.com\",\n \"http://cygwin.mbwarez.dk/net/il\",\n \"http://cygwin.mbwarez.dk/ngwin/cente\"\ ,\n \"http://cygwin.mbwarez.dk/no/cygwin/\",\n \"http://cygwin.mbwarez.dk/nter.byuni$\",\n \"http://cygwin.mbwarez.dk/o/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/o/cygwin/A\",\n \"http://cygwin.mbwarez.dk/o/cygwin/t\",\n \"http://cygwin.mbwarez.dk/ochum.depe\"\ ,\n \"http://cygwin.mbwarez.dk/ochum.deps://p\",\n \"http://cygwin.mbwarez.dk/om/cygwin/$/\",\n \"http://cygwin.mbwarez.dk/om/cygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/orgcom\",\n \"http://cygwin.mbwarez.dk/p.fau.dein\",\n \"http://cygwin.mbwarez.dk/pub/softwarV\"\ ,\n \"http://cygwin.mbwarez.dk/r.datacente1\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/\",\n \"http://cygwin.mbwarez.dk/rgasso.net\"\ ,\n \"http://cygwin.mbwarez.dk/rggwin/t//\",\n \"http://cygwin.mbwarez.dk/rlands\",\n \"http://cygwin.mbwarez.dk/st.comin/\"\ ,\n \"http://cygwin.mbwarez.dk/t/cygwin/\",\n \"http://cygwin.mbwarez.dk/t/cygwin/O\",\n \"http://cygwin.mbwarez.dk/t/cygwin/an\"\ ,\n \"http://cygwin.mbwarez.dk/t/cygwin/ygw\",\n \"http://cygwin.mbwarez.dk/te.nlchen.%\",\n \"http://cygwin.mbwarez.dk/tworks.org\"\ ,\n \"http://cygwin.mbwarez.dk/u.cn/cygwin/.\",\n \"http://cygwin.mbwarez.dk/ub/cygwin/%\",\n \"http://cygwin.mbwarez.dk/unsite.icm.:\"\ ,\n \"http://cygwin.mbwarez.dk/win.uib.no///\",\n \"http://cygwin.mbwarez.dk/win/\",\n \"http://cygwin.mbwarez.dk/win/B\"\ ,\n \"http://cygwin.mbwarez.dk/win/ac.jp\",\n \"http://cygwin.mbwarez.dk/win/gwin/\",\n \"http://cygwin.mbwarez.dk/win/in/\"\ ,\n \"http://cygwin.mbwarez.dk/win/in//\",\n \"http://cygwin.mbwarez.dk/win/in/sl\",\n \"http://cygwin.mbwarez.dk/win/inam.l\"\ ,\n \"http://cygwin.mbwarez.dk/win/n/\",\n \"http://cygwin.mbwarez.dk/win/n//\",\n \"http://cygwin.mbwarez.dk/win/n/in/\"\ ,\n \"http://cygwin.mbwarez.dk/win/om\",\n \"http://cygwin.mbwarez.dk/win/tps://\",\n \"http://cygwin.mbwarez.dk/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/.net\",\n \"http://cygwin.mbwarez.dk/ygwin//\",\n \"http://cygwin.mbwarez.dk/ygwin///\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin///_\",\n \"http://cygwin.mbwarez.dk/ygwin//rcf\",\n \"http://cygwin.mbwarez.dk/ygwin/P\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/a/O\",\n \"http://cygwin.mbwarez.dk/ygwin/gwin/f\",\n \"http://cygwin.mbwarez.dk/ygwin/in/://%\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/no//\",\n \"http://cygwin.mbwarez.dk/ygwin/tp://ft\"\n ],\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"238\"\n },\n {\n \"description\": \"Uses secure TLS version\ \ for HTTPS connections\",\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.12:49728 version: TLS 1.2\"\n ],\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"7058\"\n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ ,\n \"refs\": [\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000000.00000002.4957179451.00000000001D6000.00000004.00000020.00020000.00000000.sdmp,\ \ software.exe, 00000000.00000002.4956225446.000000000016C000.00000004.00000020.00020000.00000000.sdmp\"\n }\n ],\n \"match_data\"\ : [\n \"Hyper-V RAW\"\n ],\n \"id\": \"263\",\n \"description\": \"May try to detect the virtual machine\ \ to hinder analysis (VM artifact strings found in memory)\"\n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \ \ \"match_data\": [\n \"ftp://ftp.=\",\n \"ftp://ftp.byfly.by/pub/cygwin/http://f\",\n \"ftp://ftp.byfly.by/pub/cygwin/ub/cygwin/cacygwin\"\ ,\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://cG\",\n \ \ \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/win\",\n \"ftp://ftp.fsn.hu/pub/cygwin/p\",\n \"ftp://ftp.fsn.hu/pub/cygwin/ror\"\ ,\n \"ftp://ftp.fsn.hu/pub/cygwin/ygwin/https://)\",\n \"ftp://ftp.fsn.hur\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://d\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://f\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\",\n \"ftp://ftp.inf.tu-dresden.deftp\"\ ,\n \"ftp://ftp.inf.tu-dresden.dehttp://ftp.f\",\n \"ftp://ftp.inf.tu-dresden.dein\",\n \"ftp://ftp.inf.tu-dresden.deygwin\"\ ,\n \"ftp://ftp.kr.freebsd.org\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://c\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://f\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://0\",\n \ \ \"ftp://ftp.l\",\n \"ftp://ftp.lip6.fr/pub/cygwin//https://\",\n \"ftp://ftp.m2\",\n \"ftp://ftp.muug.ca/mirror/cygwin//or\"\ ,\n \"ftp://ftp.n\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/http:/\",\n \ \ \"ftp://ftp.rnl.tecnico.ulisboa.pt\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/http://c\",\n \"ftp://linux.rz.ruhr-uni-bochum.de/cygwin/http://c\"\ ,\n \"ftp://mirror.checkdomain.de/cygwin/\",\n \"ftp://mirror.checkdomain.de/cygwin/http\",\n \"ftp://mirror.checkdomain.de/cygwin/httpA\"\ ,\n \"ftp://mirror.checkdomain.de/cygwin/https://\",\n \"ftp://mirror.checkdomain.dehttp://w\",\n \"ftp://mirror.checkdomain.dein\"\ ,\n \"ftp://mirror.csclub.uwaterloo.car\",\n \"ftp://mirror.datacenter.bymirror\",\n \"ftp://mirror.datacenter.byon.ncr\"\ ,\n \"ftp://mirror.easyname.at/cygwin/r\",\n \"ftp://mirror.easyname.atomygwin\",\n \"ftp://mirror.lagoon.nc/cygwin/http://f\"\ ,\n \"ftp://mirror.lagoon.nc/cygwin/http://m\",\n \"ftp://mirror.lagoon.nc/cygwin/ror\",\n \"ftp://mirrors.dotsrc.org.nethttps://V\"\ ,\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/http://muug.ca/\",\n \"ftp://mirrors.netix.net/cygwin/http://fL\",\n \ \ \"ftp://mirrors.netix.net/cygwin/https://\",\n \"ftp://mirrors.netix.net/cygwin/https://z\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://\"\ ,\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://_\",\n \"ftp://sunsite.icm.edu.plftp\",\n \"http://ac.economia.gob.mx/cps.html0\"\ ,\n \"http://ac.economia.gob.mx/last.crl0G\",\n \"http://acedicom.edicomgroup.com/doc0\",\n \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\"\ ,\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\",\n \ \ \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://ca.disig.sk/ca/crl/ca_disig.crl0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0\"\ ,\n \"http://ca.mtin.es/mtin/DPCyPoliticas0g\",\n \"http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03\",\n \"http://ca.mtin.es/mtin/ocsp0\"\ ,\n \"http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0\",\n \"http://certificates.starfieldtech.com/repository/1604\",\n \ \ \"http://certs.oati.net/repository/OATICA2.crl0\",\n \"http://certs.oati.net/repository/OATICA2.crt0\",\n \"http://certs.oaticerts.com/repository/OATICA2.crl\"\ ,\n \"http://certs.oaticerts.com/repository/OATICA2.crt08\",\n \"http://cps.chambersign.org/cps/chambersignroot.html0\",\n \ \ \"http://cps.chambersign.org/cps/chambersroot.html0\",\n \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\"\ ,\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \"http://crl.certigna.fr/certignarootca.crl01\",\n \"http://crl.chambersign.org/chambersignroot.crl0\"\ ,\n \"http://crl.chambersign.org/chambersroot.crl0\",\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \ \ \"http://crl.defence.gov.au/pki0\",\n \"http://crl.dhimyotis.com/certignarootca.crl0\",\n \"http://crl.globalsign.net/root-r2.crl0\",\n\ \ \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\",\n \"http://crl.pki.wellsfargo.com/wsprca.crl0\"\ ,\n \"http://crl.securetrust.com/SGCA.crl0\",\n \"http://crl.securetrust.com/STCA.crl0\",\n \"http://crl.ssc.lt/root-a/cacrl.crl0\"\ ,\n \"http://crl.ssc.lt/root-b/cacrl.crl0\",\n \"http://crl.ssc.lt/root-c/cacrl.crl0\",\n \"http://crl.xrampsecurity.com/XGCA.crl0\"\ ,\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enR(\"\ ,\n \"http://ctldl.windowsupdate.com:80\",\n \"http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635\"\ ,\n \"http://cygwin.cathedral-\",\n \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org.ne\"\ ,\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/#\",\n \"http://cygwin.cathedral-networks.org/$\"\ ,\n \"http://cygwin.cathedral-networks.org/%\",\n \"http://cygwin.cathedral-networks.org/&\",\n \"http://cygwin.cathedral-networks.org/)\"\ ,\n \"http://cygwin.cathedral-networks.org/.\",\n \"http://cygwin.cathedral-networks.org/.cN\",\n \"http://cygwin.cathedral-networks.org/.m\"\ ,\n \"http://cygwin.cathedral-networks.org//\",\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org//:\"\ ,\n \"http://cygwin.cathedral-networks.org//c\",\n \"http://cygwin.cathedral-networks.org//e\",\n \"http://cygwin.cathedral-networks.org//f\"\ ,\n \"http://cygwin.cathedral-networks.org//j\",\n \"http://cygwin.cathedral-networks.org//m\",\n \"http://cygwin.cathedral-networks.org//o\"\ ,\n \"http://cygwin.cathedral-networks.org/1\",\n \"http://cygwin.cathedral-networks.org/4\",\n \"http://cygwin.cathedral-networks.org/6\"\ ,\n \"http://cygwin.cathedral-networks.org/8\",\n \"http://cygwin.cathedral-networks.org/9\",\n \"http://cygwin.cathedral-networks.org/:\"\ ,\n \"http://cygwin.cathedral-networks.org/:/\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/=\",\n \"http://cygwin.cathedral-networks.org/A\",\n \"http://cygwin.cathedral-networks.org/F\"\ ,\n \"http://cygwin.cathedral-networks.org/G\",\n \"http://cygwin.cathedral-networks.org/L\",\n \"http://cygwin.cathedral-networks.org/O\"\ ,\n \"http://cygwin.cathedral-networks.org/T\",\n \"http://cygwin.cathedral-networks.org/U\",\n \"http://cygwin.cathedral-networks.org/Y\"\ ,\n \"http://cygwin.cathedral-networks.org/Z\",\n \"http://cygwin.cathedral-networks.org/a\",\n \"http://cygwin.cathedral-networks.org/ar\"\ ,\n \"http://cygwin.cathedral-networks.org/cygwin/s.org/\",\n \"http://cygwin.cathedral-networks.org/e\",\n \"http://cygwin.cathedral-networks.org/et\"\ ,\n \"http://cygwin.cathedral-networks.org/f\",\n \"http://cygwin.cathedral-networks.org/ft\",\n \"http://cygwin.cathedral-networks.org/ft9\"\ ,\n \"http://cygwin.cathedral-networks.org/ine\",\n \"http://cygwin.cathedral-networks.org/k\",\n \"http://cygwin.cathedral-networks.org/l\"\ ,\n \"http://cygwin.cathedral-networks.org/li~\",\n \"http://cygwin.cathedral-networks.org/m\",\n \"http://cygwin.cathedral-networks.org/mi\"\ ,\n \"http://cygwin.cathedral-networks.org/n/u\",\n \"http://cygwin.cathedral-networks.org/ne8\",\n \"http://cygwin.cathedral-networks.org/ni\"\ ,\n \"http://cygwin.cathedral-networks.org/o\",\n \"http://cygwin.cathedral-networks.org/ore\",\n \"http://cygwin.cathedral-networks.org/ork\"\ ,\n \"http://cygwin.cathedral-networks.org/ps\",\n \"http://cygwin.cathedral-networks.org/q\",\n \"http://cygwin.cathedral-networks.org/slo\"\ ,\n \"http://cygwin.cathedral-networks.org/su\",\n \"http://cygwin.cathedral-networks.org/t\",\n \"http://cygwin.cathedral-networks.org/tp\"\ ,\n \"http://cygwin.cathedral-networks.org/ul\",\n \"http://cygwin.cathedral-networks.org/w\",\n \"http://cygwin.cathedral-networks.org/wi\"\ ,\n \"http://cygwin.cathedral-networks.org/x\",\n \"http://cygwin.cathedral-networks.org/z\",\n \"http://cygwin.cathedral-networks.org0\"\ ,\n \"http://cygwin.cathedral-networks.org1\",\n \"http://cygwin.cathedral-networks.org://\",\n \"http://cygwin.cathedral-networks.orgB\"\ ,\n \"http://cygwin.cathedral-networks.orgI\",\n \"http://cygwin.cathedral-networks.orgM\",\n \"http://cygwin.cathedral-networks.orgP\"\ ,\n \"http://cygwin.cathedral-networks.orgR\",\n \"http://cygwin.cathedral-networks.orgT\",\n \"http://cygwin.cathedral-networks.org_\"\ ,\n \"http://cygwin.cathedral-networks.orgala\",\n \"http://cygwin.cathedral-networks.orgb\",\n \"http://cygwin.cathedral-networks.orgdu.\"\ ,\n \"http://cygwin.cathedral-networks.orgjpo\",\n \"http://cygwin.cathedral-networks.orgm\",\n \"http://cygwin.cathedral-networks.orgme\"\ ,\n \"http://cygwin.cathedral-networks.orgn\",\n \"http://cygwin.cathedral-networks.orgn/\",\n \"http://cygwin.cathedral-networks.orgn/#\"\ ,\n \"http://cygwin.cathedral-networks.orgnet\",\n \"http://cygwin.cathedral-networks.orgom.\",\n \"http://cygwin.cathedral-networks.orgr.tD\"\ ,\n \"http://cygwin.cathedral-networks.orgs\",\n \"http://cygwin.cathedral-networks.orgtp:\",\n \"http://cygwin.cathedral-networks.orgwen?\"\ ,\n \"http://cygwin.cathedral-networks.orgz\",\n \"http://cygwin.mbwarez\",\n \"http://cygwin.mbwarez.dk\",\n \ \ \"http://cygwin.mbwarez.dk#W\",\n \"http://cygwin.mbwarez.dk$\",\n \"http://cygwin.mbwarez.dk.ac.jpn/in/\",\n \ \ \"http://cygwin.mbwarez.dk.byygwin/\",\n \"http://cygwin.mbwarez.dk.de/n/\",\n \"http://cygwin.mbwarez.dk.kr.freebsd.orgi\"\ ,\n \"http://cygwin.mbwarez.dk.net.it\",\n \"http://cygwin.mbwarez.dk.netA\",\n \"http://cygwin.mbwarez.dk.netgw\"\ ,\n \"http://cygwin.mbwarez.dk.orgygwin/\",\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/#Y\",\n\ \ \"http://cygwin.mbwarez.dk/.de/\",\n \"http://cygwin.mbwarez.dk/.deon.net\",\n \"http://cygwin.mbwarez.dk/.edu.cn/\"\ ,\n \"http://cygwin.mbwarez.dk/.hu/pub/cygwin\",\n \"http://cygwin.mbwarez.dk/.jpygwin/\",\n \"http://cygwin.mbwarez.dk//\"\ ,\n \"http://cygwin.mbwarez.dk///\",\n \"http://cygwin.mbwarez.dk///mirror.easyn\",\n \"http://cygwin.mbwarez.dk//?\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin/or\",\n \"http://cygwin.mbwarez.dk//cygwin32/\"\ ,\n \"http://cygwin.mbwarez.dk//n/\",\n \"http://cygwin.mbwarez.dk//n/ropeZ\",\n \"http://cygwin.mbwarez.dk//pub/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk//pub/cygwin/P\",\n \"http://cygwin.mbwarez.dk/3.com\",\n \"http://cygwin.mbwarez.dk/4\"\ ,\n \"http://cygwin.mbwarez.dk/7\",\n \"http://cygwin.mbwarez.dk/:\",\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\"\ ,\n \"http://cygwin.mbwarez.dk/D\",\n \"http://cygwin.mbwarez.dk/E\",\n \"http://cygwin.mbwarez.dk/Europe\",\n \ \ \"http://cygwin.mbwarez.dk/F\",\n \"http://cygwin.mbwarez.dk/G\",\n \"http://cygwin.mbwarez.dk/Hong\",\n \ \ \"http://cygwin.mbwarez.dk/P\",\n \"http://cygwin.mbwarez.dk/Q\",\n \"http://cygwin.mbwarez.dk/achen.derg/\",\n \ \ \"http://cygwin.mbwarez.dk/argasso.net/\",\n \"http://cygwin.mbwarez.dk/b\",\n \"http://cygwin.mbwarez.dk/boa.pt\",\n\ \ \"http://cygwin.mbwarez.dk/c\",\n \"http://cygwin.mbwarez.dk/c.jpn//\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cn/cygwin/A\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/u\",\n \"http://cygwin.mbwarez.dk/cyg\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/\",\n \"http://cygwin.mbwarez.dk/cygwin//s\",\n \"http://cygwin.mbwarez.dk/cygwin/:\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/gwin/\",\n \"http://cygwin.mbwarez.dk/cygwin/ia://\",\n \"http://cygwin.mbwarez.dk/cygwin/mir\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/cygwin/n/A\",\n \"http://cygwin.mbwarez.dk/d.com\"\ ,\n \"http://cygwin.mbwarez.dk/d.comwin/\",\n \"http://cygwin.mbwarez.dk/ddos.net/cygwia\",\n \"http://cygwin.mbwarez.dk/ent.co\"\ ,\n \"http://cygwin.mbwarez.dk/er.by/pub/m7\",\n \"http://cygwin.mbwarez.dk/et\",\n \"http://cygwin.mbwarez.dk/et.fi0\"\ ,\n \"http://cygwin.mbwarez.dk/et/cygwin/D\",\n \"http://cygwin.mbwarez.dk/et/cygwin/u\",\n \"http://cygwin.mbwarez.dk/etcygwin/B\"\ ,\n \"http://cygwin.mbwarez.dk/etoml\",\n \"http://cygwin.mbwarez.dk/etworks.org\",\n \"http://cygwin.mbwarez.dk/etworks.org/\"\ ,\n \"http://cygwin.mbwarez.dk/etworks.org/n\",\n \"http://cygwin.mbwarez.dk/g/cygwin/\",\n \"http://cygwin.mbwarez.dk/g/cygwin/P\"\ ,\n \"http://cygwin.mbwarez.dk/g/cygwin/cns/cygwin/\",\n \"http://cygwin.mbwarez.dk/gwin/\",\n \"http://cygwin.mbwarez.dk/gwin/.net/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin//\",\n \"http://cygwin.mbwarez.dk/gwin/2/\",\n \"http://cygwin.mbwarez.dk/gwin/Y\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/h\",\n \"http://cygwin.mbwarez.dk/gwin/in/\",\n \"http://cygwin.mbwarez.dk/gwin/ror.c\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/s://\",\n \"http://cygwin.mbwarez.dk/gwin/ygwin/m\",\n \"http://cygwin.mbwarez.dk/i\"\ ,\n \"http://cygwin.mbwarez.dk/in/\",\n \"http://cygwin.mbwarez.dk/in/.cnn/\",\n \"http://cygwin.mbwarez.dk/in//n/B\"\ ,\n \"http://cygwin.mbwarez.dk/in//win/D\",\n \"http://cygwin.mbwarez.dk/in/2\",\n \"http://cygwin.mbwarez.dk/in/in/\"\ ,\n \"http://cygwin.mbwarez.dk/in/in/Y\",\n \"http://cygwin.mbwarez.dk/in/n\",\n \"http://cygwin.mbwarez.dk/in/n/\"\ ,\n \"http://cygwin.mbwarez.dk/in/n/://\",\n \"http://cygwin.mbwarez.dk/in/win//\",\n \"http://cygwin.mbwarez.dk/in/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/inan/n//t\",\n \"http://cygwin.mbwarez.dk/inf.tu-dresden\",\n \"http://cygwin.mbwarez.dk/inrausch\"\ ,\n \"http://cygwin.mbwarez.dk/loo.ca\",\n \"http://cygwin.mbwarez.dk/m/cygwin/\",\n \"http://cygwin.mbwarez.dk/m/cygwin//U\"\ ,\n \"http://cygwin.mbwarez.dk/m/cygwin/byfl\",\n \"http://cygwin.mbwarez.dk/m/cygwin/in/-\",\n \"http://cygwin.mbwarez.dk/mirror\"\ ,\n \"http://cygwin.mbwarez.dk/n/.netrg\",\n \"http://cygwin.mbwarez.dk/n///\",\n \"http://cygwin.mbwarez.dk/n//gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/n/Asiame.1\",\n \"http://cygwin.mbwarez.dk/n/cygwin/=\",\n \"http://cygwin.mbwarez.dk/n/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/n/in/c\",\n \"http://cygwin.mbwarez.dk/n/win/\",\n \"http://cygwin.mbwarez.dk/net/n/\"\ ,\n \"http://cygwin.mbwarez.dk/nin/\",\n \"http://cygwin.mbwarez.dk/o/cygwin/\",\n \"http://cygwin.mbwarez.dk/om.com/B\"\ ,\n \"http://cygwin.mbwarez.dk/om/cygwin/\",\n \"http://cygwin.mbwarez.dk/omom/cygwin/\",\n \"http://cygwin.mbwarez.dk/org/in/b\"\ ,\n \"http://cygwin.mbwarez.dk/orggwin/\",\n \"http://cygwin.mbwarez.dk/orgrs\",\n \"http://cygwin.mbwarez.dk/ost.noz.dkV\"\ ,\n \"http://cygwin.mbwarez.dk/p\",\n \"http://cygwin.mbwarez.dk/ps://mirror-hk\",\n \"http://cygwin.mbwarez.dk/pub/cygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/r.cP\",\n \"http://cygwin.mbwarez.dk/rafal.ca/\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/rg/sites/sourcC\",\n \"http://cygwin.mbwarez.dk/rgP\",\n \"http://cygwin.mbwarez.dk/rgasso.net\"\ ,\n \"http://cygwin.mbwarez.dk/rgasso.net/\",\n \"http://cygwin.mbwarez.dk/rks.netn//\",\n \"http://cygwin.mbwarez.dk/ropeusch.de/m\"\ ,\n \"http://cygwin.mbwarez.dk/s/cygwin/\",\n \"http://cygwin.mbwarez.dk/s:/p\",\n \"http://cygwin.mbwarez.dk/st.comt\"\ ,\n \"http://cygwin.mbwarez.dk/t\",\n \"http://cygwin.mbwarez.dk/t/cygwin//\",\n \"http://cygwin.mbwarez.dk/t/cygwin/p\"\ ,\n \"http://cygwin.mbwarez.dk/tc.edu.cnY\",\n \"http://cygwin.mbwarez.dk/tin//in/\",\n \"http://cygwin.mbwarez.dk/twaren.net\"\ ,\n \"http://cygwin.mbwarez.dk/tworks.org/k\",\n \"http://cygwin.mbwarez.dk/u.cn/cygwin/$\",\n \"http://cygwin.mbwarez.dk/u.cnn/\"\ ,\n \"http://cygwin.mbwarez.dk/u.cns.orgn/V\",\n \"http://cygwin.mbwarez.dk/ua.gr/pub/pc/cn\",\n \"http://cygwin.mbwarez.dk/win/\"\ ,\n \"http://cygwin.mbwarez.dk/win/.redhas\",\n \"http://cygwin.mbwarez.dk/win//n/2\",\n \"http://cygwin.mbwarez.dk/win/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/win/in/Y\",\n \"http://cygwin.mbwarez.dk/win/inaUn\",\n \"http://cygwin.mbwarez.dk/win/n/\"\ ,\n \"http://cygwin.mbwarez.dk/win/n/n/\",\n \"http://cygwin.mbwarez.dk/win/rg/\",\n \"http://cygwin.mbwarez.dk/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin//\",\n \"http://cygwin.mbwarez.dk/ygwin//b\",\n \"http://cygwin.mbwarez.dk/ygwin//~\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/4\",\n \"http://cygwin.mbwarez.dk/ygwin/I\",\n \"http://cygwin.mbwarez.dk/ygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/ygwin/r-hk\",\n \"http://cygwin.mbwarez.dk://mirrors.ustc\",\n \"http://cygwin.mbwarez.dkAsia\"\ ,\n \"http://cygwin.mbwarez.dkI\",\n \"http://cygwin.mbwarez.dkM\",\n \"http://cygwin.mbwarez.dkare.org/pub/cyg\"\ ,\n \"http://cygwin.mbwarez.dkb/cygwin//\",\n \"http://cygwin.mbwarez.dkb/cygwin/n/2/\",\n \"http://cygwin.mbwarez.dkc\"\ ,\n \"http://cygwin.mbwarez.dkchen.dee\",\n \"http://cygwin.mbwarez.dkcn/cygwin/\",\n \"http://cygwin.mbwarez.dkcygwin/\"\ ,\n \"http://cygwin.mbwarez.dke\",\n \"http://cygwin.mbwarez.dken.den/\",\n \"http://cygwin.mbwarez.dkeq.uc.pt/softwa\"\ ,\n \"http://cygwin.mbwarez.dkett.ca\",\n \"http://cygwin.mbwarez.dketworks.orgx\",\n \"http://cygwin.mbwarez.dkg\"\ ,\n \"http://cygwin.mbwarez.dkg/cygwin/\",\n \"http://cygwin.mbwarez.dkgwin.uib.no/\",\n \"http://cygwin.mbwarez.dkgwin/\"\ ,\n \"http://cygwin.mbwarez.dkgwin/gwin/\",\n \"http://cygwin.mbwarez.dkgwin/n//\",\n \"http://cygwin.mbwarez.dkgwin/omn//\"\ ,\n \"http://cygwin.mbwarez.dkh.deks.org/1\",\n \"http://cygwin.mbwarez.dkhina\",\n \"http://cygwin.mbwarez.dkin/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dkinraus\",\n \"http://cygwin.mbwarez.dkirrors.163.com\",\n \"http://cygwin.mbwarez.dkl.jpygwin/\"\ ,\n \"http://cygwin.mbwarez.dklt.comorg/V\",\n \"http://cygwin.mbwarez.dkm/cygwin/\",\n \"http://cygwin.mbwarez.dkmcom/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dkmirror\",\n \"http://cygwin.mbwarez.dkn.net\"\n ],\n \"id\": \"\ 238\",\n \"description\": \"URLs found in memory or binary data\"\n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ ,\n \"match_data\": [\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\"\n \ \ ],\n \"id\": \"90\",\n \"description\": \"Creates files inside the user directory\"\n },\n \ \ {\n \"id\": \"198\",\n \"match_data\": [\n \"HKEY_CURRENT_USER_Classes\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Microsoft\\\\SystemCertificates\\\\AuthRoot\"\n ],\n \"description\": \"Monitors certain registry keys / values for changes (often done\ \ to protect autostart functionality)\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"625\",\n\ \ \"match_data\": [\n \"HTTP traffic on port 443 -> 49717\",\n \"HTTP traffic on port 49717 -> 443\"\n \ \ ],\n \"description\": \"Uses HTTPS\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \ \ \"id\": \"263\",\n \"refs\": [\n {\n \"ref\": \"#memory_dumps\",\n \ \ \"value\": \"file.exe, 00000000.00000002.4637826316.0000000000CCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.4638844961.0000000000D36000.00000004.00000020.00020000.00000000.sdmp\"\ \n }\n ],\n \"match_data\": [\n \"Hyper-V RAW\"\n ],\n \ \ \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n \ \ },\n {\n \"id\": \"238\",\n \"match_data\": [\n \"ftp://cygwin.mirror.rafal.ca\",\n\ \ \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://f?\",\n \ \ \"ftp://ftp.fa\",\n \"ftp://ftp.fsn.hu/pub/cygwin/win/\",\n \"ftp://ftp.fsn.hu/pub/cygwin/ygwin/https://\",\n \ \ \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/gwin/https://\",\n \"ftp://ftp.halifax.rwth-aachen.de\",\n \"ftp://ftp.halifax.rwth-aachen.de/cygwin/\"\ ,\n \"ftp://ftp.halifax.rwth-aachen.der\",\n \"ftp://ftp.halifax.rwth-aachen.des\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://f\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://m\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://#\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/ors\",\n \"ftp://ftp.inf.tu-dresden.dehttps://\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://f\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://l\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://\",\n \ \ \"ftp://ftp.kr.freebsd.orgx\",\n \"ftp://ftp.kr.freebsd.orgygwin\",\n \"ftp://ftp.mirrorservice.org/sites/sourceware.org/pub/cygwin/\"\ ,\n \"ftp://ftp.n\",\n \"ftp://ftp.n1\",\n \"ftp://ftp.ntua.gr\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/r\"\ ,\n \"ftp://ftp.snt.utwente.nl\",\n \"ftp://ftp.snt.utwente.nlix\",\n \"ftp://ftp.snt.utwente.nlom\",\n \ \ \"ftp://ftp.snt.utwente.nlwin/win\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/ygwin//http\",\n \"ftp://ftp.yz.yamagata-u.ac.jphttp://m\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jpin/http:/\",\n \"ftp://ftp.yz.yamagata-u.ac.jpp\",\n \"ftp://ftp.yz.yamagata-u.ac.jpphttps://c\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jprror\",\n \"ftp://linux.rz.ruhr-uni-bochum.de/cygwin/gwin//n/\",\n \"ftp://mirror.checkdomain.dehttp://ftp.f\"\ ,\n \"ftp://mirror.checkdomain.dehttps://\",\n \"ftp://mirror.csclub.uwaterloo.ca\",\n \"ftp://mirror.datacenter.by/pub/mirrors/cygwin/in/\"\ ,\n \"ftp://mirror.datacenter.bywin/http://f\",\n \"ftp://mirror.easyname.atel\",\n \"ftp://mirror.easyname.atftp\"\ ,\n \"ftp://mirror.internode.on.net/pub/cygwin/http\",\n \"ftp://mirror.lagoon.nc/cygwin/r\",\n \"ftp://mirror.rise.ph/cygwin/cygwin/http\"\ ,\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/https://\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/https://mirror\",\n \ \ \"ftp://mirrors.dotsrc.org/mirrors/cygwin/win/httpsC\",\n \"ftp://mirrors.netix.net/cygwin/http://f\",\n \"ftp://mirrors.netix.net/cygwin/http://m\"\ ,\n \"ftp://mirrors.syringanetworks.net/cygwin/https://\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\",\n \ \ \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/in/http://w\",\n \ \ \"ftp://sunsite.icm.edu.plp\",\n \"http://acedicom.edicomgroup.com/doc0\",\n \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\",\n \ \ \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://ca.disig.sk/ca/crl/ca_disig.crl0\"\ ,\n \"http://certificates.starfieldtech.com/repository/1604\",\n \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\"\ ,\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \"\ http://crl.defence.gov.au/pki0\",\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\",\n \ \ \"http://crl.securetrust.com/STCA.crl0\",\n \"http://crl.ssc.lt/root-a/cacrl.crl0\",\n \"http://crl.ssc.lt/root-c/cacrl.crl0\"\ ,\n \"http://crl.xrampsecurity.com/XGCA.crl0\",\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\",\n \"\ http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enI\",\n \"http://ctldl.windowsupdate.com:80\",\n \ \ \"http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635\",\n \"http://cygwin.cathedral-networks.org\",\n \ \ \"http://cygwin.cathedral-networks.org.ed\",\n \"http://cygwin.cathedral-networks.org.sj\",\n \"http://cygwin.cathedral-networks.org/\"\ ,\n \"http://cygwin.cathedral-networks.org/#5\",\n \"http://cygwin.cathedral-networks.org/$\",\n \"http://cygwin.cathedral-networks.org/)5\"\ ,\n \"http://cygwin.cathedral-networks.org/-\",\n \"http://cygwin.cathedral-networks.org/-u\",\n \"http://cygwin.cathedral-networks.org/.i\"\ ,\n \"http://cygwin.cathedral-networks.org//\",\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org//;\"\ ,\n \"http://cygwin.cathedral-networks.org//J7\",\n \"http://cygwin.cathedral-networks.org//V\",\n \"http://cygwin.cathedral-networks.org//c4\"\ ,\n \"http://cygwin.cathedral-networks.org//f\",\n \"http://cygwin.cathedral-networks.org//fU\",\n \"http://cygwin.cathedral-networks.org//m\"\ ,\n \"http://cygwin.cathedral-networks.org/0\",\n \"http://cygwin.cathedral-networks.org/5\",\n \"http://cygwin.cathedral-networks.org/57I\"\ ,\n \"http://cygwin.cathedral-networks.org/6\",\n \"http://cygwin.cathedral-networks.org/9\",\n \"http://cygwin.cathedral-networks.org/:\"\ ,\n \"http://cygwin.cathedral-networks.org/;\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/=\",\n \"http://cygwin.cathedral-networks.org/A\",\n \"http://cygwin.cathedral-networks.org/B6\"\ ,\n \"http://cygwin.cathedral-networks.org/D\",\n \"http://cygwin.cathedral-networks.org/G\",\n \"http://cygwin.cathedral-networks.org/I\"\ ,\n \"http://cygwin.cathedral-networks.org/I5\",\n \"http://cygwin.cathedral-networks.org/I6\",\n \"http://cygwin.cathedral-networks.org/K\"\ ,\n \"http://cygwin.cathedral-networks.org/M\",\n \"http://cygwin.cathedral-networks.org/N\",\n \"http://cygwin.cathedral-networks.org/N;\"\ ,\n \"http://cygwin.cathedral-networks.org/S\",\n \"http://cygwin.cathedral-networks.org/Un\",\n \"http://cygwin.cathedral-networks.org/W0\"\ ,\n \"http://cygwin.cathedral-networks.org/X\",\n \"http://cygwin.cathedral-networks.org/Y\",\n \"http://cygwin.cathedral-networks.org/Z\"\ ,\n \"http://cygwin.cathedral-networks.org/a\",\n \"http://cygwin.cathedral-networks.org/aN\",\n \"http://cygwin.cathedral-networks.org/aren.net\"\ ,\n \"http://cygwin.cathedral-networks.org/d\",\n \"http://cygwin.cathedral-networks.org/d4t\",\n \"http://cygwin.cathedral-networks.org/de\"\ ,\n \"http://cygwin.cathedral-networks.org/dk\",\n \"http://cygwin.cathedral-networks.org/ec\",\n \"http://cygwin.cathedral-networks.org/edV\"\ ,\n \"http://cygwin.cathedral-networks.org/en;\",\n \"http://cygwin.cathedral-networks.org/er\",\n \"http://cygwin.cathedral-networks.org/fr\"\ ,\n \"http://cygwin.cathedral-networks.org/ft\",\n \"http://cygwin.cathedral-networks.org/ftz\",\n \"http://cygwin.cathedral-networks.org/g\"\ ,\n \"http://cygwin.cathedral-networks.org/ha\",\n \"http://cygwin.cathedral-networks.org/i\",\n \"http://cygwin.cathedral-networks.org/i-s\"\ ,\n \"http://cygwin.cathedral-networks.org/ii\",\n \"http://cygwin.cathedral-networks.org/in-\",\n \"http://cygwin.cathedral-networks.org/k\"\ ,\n \"http://cygwin.cathedral-networks.org/lb\",\n \"http://cygwin.cathedral-networks.org/li\",\n \"http://cygwin.cathedral-networks.org/m\"\ ,\n \"http://cygwin.cathedral-networks.org/mam\",\n \"http://cygwin.cathedral-networks.org/mi\",\n \"http://cygwin.cathedral-networks.org/n/\"\ ,\n \"http://cygwin.cathedral-networks.org/no\",\n \"http://cygwin.cathedral-networks.org/ork\",\n \"http://cygwin.cathedral-networks.org/p\"\ ,\n \"http://cygwin.cathedral-networks.org/p.k3x\",\n \"http://cygwin.cathedral-networks.org/q\",\n \"http://cygwin.cathedral-networks.org/ra\"\ ,\n \"http://cygwin.cathedral-networks.org/ren.net0\",\n \"http://cygwin.cathedral-networks.org/rk\",\n \"http://cygwin.cathedral-networks.org/s\"\ ,\n \"http://cygwin.cathedral-networks.org/s/l3\",\n \"http://cygwin.cathedral-networks.org/sr\",\n \"http://cygwin.cathedral-networks.org/t\"\ ,\n \"http://cygwin.cathedral-networks.org/t$\",\n \"http://cygwin.cathedral-networks.org/te\",\n \"http://cygwin.cathedral-networks.org/th\"\ ,\n \"http://cygwin.cathedral-networks.org/tt\",\n \"http://cygwin.cathedral-networks.org/unU\",\n \"http://cygwin.cathedral-networks.org/us\"\ ,\n \"http://cygwin.cathedral-networks.org/w\",\n \"http://cygwin.cathedral-networks.org/wa\",\n \"http://cygwin.cathedral-networks.org/x\"\ ,\n \"http://cygwin.cathedral-networks.org/ygX\",\n \"http://cygwin.cathedral-networks.org/yn\",\n \"http://cygwin.cathedral-networks.org/z6\"\ ,\n \"http://cygwin.cathedral-networks.org/~\",\n \"http://cygwin.cathedral-networks.org2/\",\n \"http://cygwin.cathedral-networks.org29I\"\ ,\n \"http://cygwin.cathedral-networks.org63\",\n \"http://cygwin.cathedral-networks.org9\",\n \"http://cygwin.cathedral-networks.org://\"\ ,\n \"http://cygwin.cathedral-networks.orgB2\",\n \"http://cygwin.cathedral-networks.orgC\",\n \"http://cygwin.cathedral-networks.orgF5\"\ ,\n \"http://cygwin.cathedral-networks.orgI\",\n \"http://cygwin.cathedral-networks.orgI7\",\n \"http://cygwin.cathedral-networks.orgL9\"\ ,\n \"http://cygwin.cathedral-networks.orgN\",\n \"http://cygwin.cathedral-networks.orgT6h\",\n \"http://cygwin.cathedral-networks.orgZ\"\ ,\n \"http://cygwin.cathedral-networks.orga-u\",\n \"http://cygwin.cathedral-networks.orgain\",\n \"http://cygwin.cathedral-networks.orgalaW\"\ ,\n \"http://cygwin.cathedral-networks.orgb\",\n \"http://cygwin.cathedral-networks.orgd\",\n \"http://cygwin.cathedral-networks.orge\"\ ,\n \"http://cygwin.cathedral-networks.orge.\",\n \"http://cygwin.cathedral-networks.orgeyq\",\n \"http://cygwin.cathedral-networks.orgf\"\ ,\n \"http://cygwin.cathedral-networks.orgf;t\",\n \"http://cygwin.cathedral-networks.orgflyI\",\n \"http://cygwin.cathedral-networks.orggwi\"\ ,\n \"http://cygwin.cathedral-networks.orgia\",\n \"http://cygwin.cathedral-networks.orgin/\",\n \"http://cygwin.cathedral-networks.orgjp\"\ ,\n \"http://cygwin.cathedral-networks.orgn/\",\n \"http://cygwin.cathedral-networks.orgn/T\",\n \"http://cygwin.cathedral-networks.orgnc\"\ ,\n \"http://cygwin.cathedral-networks.orgnux\",\n \"http://cygwin.cathedral-networks.orgon\",\n \"http://cygwin.cathedral-networks.orgp.lO3\"\ ,\n \"http://cygwin.cathedral-networks.orgp/p\",\n \"http://cygwin.cathedral-networks.orgr.c\",\n \"http://cygwin.cathedral-networks.orgrs.-\"\ ,\n \"http://cygwin.cathedral-networks.orgsde\",\n \"http://cygwin.cathedral-networks.orgt\",\n \"http://cygwin.cathedral-networks.orgtac\"\ ,\n \"http://cygwin.cathedral-networks.orguni\",\n \"http://cygwin.cathedral-networks.orguts\",\n \"http://cygwin.cathedral-networks.orgwin\"\ ,\n \"http://cygwin.cathedral-networks.org~\",\n \"http://cygwin.cathedral-y\",\n \"http://cygwin.mbwarez.dk\",\n\ \ \"http://cygwin.mbwarez.dk#\",\n \"http://cygwin.mbwarez.dk$\",\n \"http://cygwin.mbwarez.dk-\",\n \ \ \"http://cygwin.mbwarez.dk.ac.jp/n/\",\n \"http://cygwin.mbwarez.dk.de\",\n \"http://cygwin.mbwarez.dk.de.dein/b\",\n \ \ \"http://cygwin.mbwarez.dk.de/cygwin/.ma\",\n \"http://cygwin.mbwarez.dk.de/cygwin//\",\n \"http://cygwin.mbwarez.dk.de/cygwin/ter6\"\ ,\n \"http://cygwin.mbwarez.dk.orgru.com/cyg\",\n \"http://cygwin.mbwarez.dk.orguib.no/\",\n \"http://cygwin.mbwarez.dk/\"\ ,\n \"http://cygwin.mbwarez.dk/&\",\n \"http://cygwin.mbwarez.dk/.\",\n \"http://cygwin.mbwarez.dk/.ac.nz//.\",\n\ \ \"http://cygwin.mbwarez.dk/.ca//cygwin/9\",\n \"http://cygwin.mbwarez.dk/.cn/cygwin//\",\n \"http://cygwin.mbwarez.dk/.csclub.uwa\"\ ,\n \"http://cygwin.mbwarez.dk/.de\",\n \"http://cygwin.mbwarez.dk/.de/cygwin/;\",\n \"http://cygwin.mbwarez.dk/.internode.Y\"\ ,\n \"http://cygwin.mbwarez.dk/.net\",\n \"http://cygwin.mbwarez.dk/.rise.phj.O\",\n \"http://cygwin.mbwarez.dk/.tu\"\ ,\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk///\",\n \"http://cygwin.mbwarez.dk///in32/\",\n\ \ \"http://cygwin.mbwarez.dk///sunsite.icm.\",\n \"http://cygwin.mbwarez.dk//_\",\n \"http://cygwin.mbwarez.dk//c\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin//\",\n \"http://cygwin.mbwarez.dk//cygwin///m\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin//b\",\n \"http://cygwin.mbwarez.dk//cygwin/i-L\",\n \"http://cygwin.mbwarez.dk//cygwin/t/\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin32/\",\n \"http://cygwin.mbwarez.dk//gwin//\",\n \"http://cygwin.mbwarez.dk//in/y\"\ ,\n \"http://cygwin.mbwarez.dk//n/in/scW\",\n \"http://cygwin.mbwarez.dk//n/tps://N\",\n \"http://cygwin.mbwarez.dk//sourceware.oT\"\ ,\n \"http://cygwin.mbwarez.dk//win/://(\",\n \"http://cygwin.mbwarez.dk//ygwin/\",\n \"http://cygwin.mbwarez.dk/0\"\ ,\n \"http://cygwin.mbwarez.dk/52\",\n \"http://cygwin.mbwarez.dk/:\",\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\"\ ,\n \"http://cygwin.mbwarez.dk/=;2\",\n \"http://cygwin.mbwarez.dk/A\",\n \"http://cygwin.mbwarez.dk/I\",\n \ \ \"http://cygwin.mbwarez.dk/P\",\n \"http://cygwin.mbwarez.dk/Z\",\n \"http://cygwin.mbwarez.dk/alasiaw\",\n \ \ \"http://cygwin.mbwarez.dk/at/cygwin//\",\n \"http://cygwin.mbwarez.dk/aujp\",\n \"http://cygwin.mbwarez.dk/auwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/auygwin/9\",\n \"http://cygwin.mbwarez.dk/b/cygwin/ors.a\",\n \"http://cygwin.mbwarez.dk/bly.com/\"\ ,\n \"http://cygwin.mbwarez.dk/bochum.denc\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/\",\n \"http://cygwin.mbwarez.dk/cyg\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/\",\n \"http://cygwin.mbwarez.dk/cygwin//\",\n \"http://cygwin.mbwarez.dk/cygwin//m\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//n/Y\",\n \"http://cygwin.mbwarez.dk/cygwin//w\",\n \"http://cygwin.mbwarez.dk/cygwin/;\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/g\",\n \"http://cygwin.mbwarez.dk/cygwin/gwin/\",\n \"http://cygwin.mbwarez.dk/cygwin/ina\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/cygwin/n/a\",\n \"http://cygwin.mbwarez.dk/cygwin/n/sof\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n32/Z4\",\n \"http://cygwin.mbwarez.dk/cygwin/nc/W\",\n \"http://cygwin.mbwarez.dk/cygwin/r\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/wtho\",\n \"http://cygwin.mbwarez.dk/de\",\n \"http://cygwin.mbwarez.dk/de/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/de/cygwin/ft\",\n \"http://cygwin.mbwarez.dk/dein/\",\n \"http://cygwin.mbwarez.dk/e.phs\"\ ,\n \"http://cygwin.mbwarez.dk/et/cygwin/\",\n \"http://cygwin.mbwarez.dk/et/cygwin/gwiy7\",\n \"http://cygwin.mbwarez.dk/et/cygwin/ttp\"\ ,\n \"http://cygwin.mbwarez.dk/et://mirrors.s\",\n \"http://cygwin.mbwarez.dk/et://www.guts\",\n \"http://cygwin.mbwarez.dk/etn/r.easyn\"\ ,\n \"http://cygwin.mbwarez.dk/etworks.org\",\n \"http://cygwin.mbwarez.dk/f\",\n \"http://cygwin.mbwarez.dk/fly.bydem$\"\ ,\n \"http://cygwin.mbwarez.dk/g/cygwin/m\",\n \"http://cygwin.mbwarez.dk/garr.iti2g\",\n \"http://cygwin.mbwarez.dk/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/(\",\n \"http://cygwin.mbwarez.dk/gwin/.de\",\n \"http://cygwin.mbwarez.dk/gwin//\"\ ,\n \"http://cygwin.mbwarez.dk/gwin//sd\",\n \"http://cygwin.mbwarez.dk/gwin/a://\",\n \"http://cygwin.mbwarez.dk/gwin/edral\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/in/\",\n \"http://cygwin.mbwarez.dk/gwin/n/\",\n \"http://cygwin.mbwarez.dk/gwin/o\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/win/_\",\n \"http://cygwin.mbwarez.dk/hen.dein/H\",\n \"http://cygwin.mbwarez.dk/in/\"\ ,\n \"http://cygwin.mbwarez.dk/in//\",\n \"http://cygwin.mbwarez.dk/in///\",\n \"http://cygwin.mbwarez.dk/in/in/\"\ ,\n \"http://cygwin.mbwarez.dk/in/in/.ca\",\n \"http://cygwin.mbwarez.dk/in/n/n/B\",\n \"http://cygwin.mbwarez.dk/isboa.ptG\"\ ,\n \"http://cygwin.mbwarez.dk/j\",\n \"http://cygwin.mbwarez.dk/loo.ca\",\n \"http://cygwin.mbwarez.dk/ly.com/rg/e\"\ ,\n \"http://cygwin.mbwarez.dk/m/cygwin/\",\n \"http://cygwin.mbwarez.dk/m/cygwin/-\",\n \"http://cygwin.mbwarez.dk/m/cygwin//q\"\ ,\n \"http://cygwin.mbwarez.dk/mwin/gwin/g\",\n \"http://cygwin.mbwarez.dk/n.uib.no/u\",\n \"http://cygwin.mbwarez.dk/n/\"\ ,\n \"http://cygwin.mbwarez.dk/n/cygwin/Y\",\n \"http://cygwin.mbwarez.dk/n/gwin/z\",\n \"http://cygwin.mbwarez.dk/n/n/et/\"\ ,\n \"http://cygwin.mbwarez.dk/n/t\",\n \"http://cygwin.mbwarez.dk/n/win/\",\n \"http://cygwin.mbwarez.dk/n/win/win/V1\"\ ,\n \"http://cygwin.mbwarez.dk/n/ygwin/\",\n \"http://cygwin.mbwarez.dk/nadu.cne\",\n \"http://cygwin.mbwarez.dk/netpn\"\ ,\n \"http://cygwin.mbwarez.dk/ng\",\n \"http://cygwin.mbwarez.dk/o\",\n \"http://cygwin.mbwarez.dk/ochum.de.jp\"\ ,\n \"http://cygwin.mbwarez.dk/ode.on.net/Z7\",\n \"http://cygwin.mbwarez.dk/om/cygwin/\",\n \"http://cygwin.mbwarez.dk/om/cygwin/c\"\ ,\n \"http://cygwin.mbwarez.dk/omain.de/cygwi\",\n \"http://cygwin.mbwarez.dk/omain.deli\",\n \"http://cygwin.mbwarez.dk/omm.de/\"\ ,\n \"http://cygwin.mbwarez.dk/pub/cygwin/\",\n \"http://cygwin.mbwarez.dk/pub/software/0\",\n \"http://cygwin.mbwarez.dk/rg\"\ ,\n \"http://cygwin.mbwarez.dk/rg.il\",\n \"http://cygwin.mbwarez.dk/rg/88\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/rlands\",\n \"http://cygwin.mbwarez.dk/rors/cygwin/\",\n \"http://cygwin.mbwarez.dk/rror.isoc.o\"\ ,\n \"http://cygwin.mbwarez.dk/rror/cygwin/\",\n \"http://cygwin.mbwarez.dk/rror/cygwin/h\",\n \"http://cygwin.mbwarez.dk/rrors.163.com\"\ ,\n \"http://cygwin.mbwarez.dk/rrors.filigran\",\n \"http://cygwin.mbwarez.dk/rrors.neti\",\n \"http://cygwin.mbwarez.dk/rs.sjtug.sj\"\ ,\n \"http://cygwin.mbwarez.dk/s\",\n \"http://cygwin.mbwarez.dk/s/cygwin//\",\n \"http://cygwin.mbwarez.dk/soft\"\ ,\n \"http://cygwin.mbwarez.dk/t\",\n \"http://cygwin.mbwarez.dk/t/cygwin/\",\n \"http://cygwin.mbwarez.dk/t/ks.org\"\ ,\n \"http://cygwin.mbwarez.dk/tft.edu.cn/cy\",\n \"http://cygwin.mbwarez.dk/tp\",\n \"http://cygwin.mbwarez.dk/tworks.org/.n\"\ ,\n \"http://cygwin.mbwarez.dk/u.cn/cygwin/\",\n \"http://cygwin.mbwarez.dk/ub/cygwin/I\",\n \"http://cygwin.mbwarez.dk/ux.rz.ruhr-un\"\ ,\n \"http://cygwin.mbwarez.dk/win.uib.no/\",\n \"http://cygwin.mbwarez.dk/win/\",\n \"http://cygwin.mbwarez.dk/win/.de6\"\ ,\n \"http://cygwin.mbwarez.dk/win//\",\n \"http://cygwin.mbwarez.dk/win/are.or\",\n \"http://cygwin.mbwarez.dk/win/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/win/ia\"\n ],\n \"description\": \"URLs found in memory or binary data\",\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"7058\",\n \"match_data\": [\n \ \ \"8.43.85.97:443 -> 192.168.2.15:49717 version: TLS 1.2\"\n ],\n \"description\": \"Uses secure TLS version for HTTPS connections\"\ ,\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"description\": \"Uses HTTPS\",\n \ \ \"match_data\": [\n \"HTTP traffic on port 49698 -> 443\",\n \"HTTP traffic on port 443 -> 49698\"\n ],\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"625\"\n },\n {\n \"refs\": [\n \ \ {\n \"ref\": \"#memory_dumps\",\n \"value\": \"file.exe, 00000000.00000002.2766071892.0000000000D26000.00000004.00000020.00020000.00000000.sdmp\"\ \n },\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"file.exe, 00000000.00000002.2766071892.0000000000D26000.00000004.00000020.00020000.00000000.sdmp,\ \ file.exe, 00000000.00000002.2765349898.0000000000CA8000.00000004.00000020.00020000.00000000.sdmp\"\n }\n ],\n \"description\"\ : \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\",\n \"match_data\": [\n \"Hyper-V RAW{\",\n\ \ \"Hyper-V RAW\"\n ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"263\"\n \ \ },\n {\n \"description\": \"URLs found in memory or binary data\",\n \"match_data\": [\n \"ftp://cygwin.mirror.rafal.catp\"\ ,\n \"ftp://ftp.byfly.by/pub/cygwin/irror\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://c\"\ ,\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://\",\n \"ftp://ftp.fau.de/cygwin/\",\n \"ftp://ftp.fau.de/cygwin/://mirror.dogado.de\"\ ,\n \"ftp://ftp.fau.de/cygwin/ygwin/https://\",\n \"ftp://ftp.fau.des\",\n \"ftp://ftp.fs\",\n \ \ \"ftp://ftp.fsN\",\n \"ftp://ftp.fsn.hu/pub/cygwin/gwin\",\n \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin//https:///\"\ ,\n \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/mirror\",\n \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/tp\",\n\ \ \"ftp://ftp.funet.fihttp:\",\n \"ftp://ftp.halifax.rwth-aachen.de/cygwin//in\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/de\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://l\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://m\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://3\",\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://\",\n \"ftp://ftp.kr.freebsd.orglhttps://\",\n \"ftp://ftp.l\"\ ,\n \"ftp://ftp.lip6.fr/pub/cygwin/https://ft\",\n \"ftp://ftp.n\",\n \"ftp://ftp.ntua.grhttp:\",\n \ \ \"ftp://ftp.snt.utwente.nl/pub/software/cygwin/https://\",\n \"ftp://ftp.yz.yamagata-u.ac.jp\",\n \"ftp://ftp.yz.yamagata-u.ac.jpp\"\ ,\n \"ftp://mirror.checkdomain.de/cygwin/cygwin\",\n \"ftp://mirror.checkdomain.demirror\",\n \"ftp://mirror.datacenter.bygchhttp://mZ\"\ ,\n \"ftp://mirror.datacenter.byhum.de\",\n \"ftp://mirror.easyname.at/cygwin/larushttps://\",\n \"ftp://mirror.internode.on.net/pub/cygwin/http\"\ ,\n \"ftp://mirror.lagoon.nc/cygwin/https://I\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin//cygwin/\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/gwin\"\ ,\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/http://c/\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/https://\",\n \ \ \"ftp://mirrors.dotsrc.org/mirrors/cygwin/or\",\n \"ftp://mirrors.netix.net/cygwin/http://fZ\",\n \"ftp://mirrors.sonic.net/cygwin/in/httP\"\ ,\n \"ftp://mirrors.syringanetworks.net/cygwin/gwin/https://w\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\",\n \ \ \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/mirror\",\n \ \ \"http://ac.economia.gob.mx/cps.html0\",\n \"http://ac.economia.gob.mx/last.crl0G\",\n \"http://acedicom.edicomgroup.com/doc0\",\n \ \ \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\"\ ,\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://ca.disig.sk/ca/crl/ca_disig.crl0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0\"\ ,\n \"http://ca.mtin.es/mtin/DPCyPoliticas0g\",\n \"http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03\",\n \"http://ca.mtin.es/mtin/ocsp0\"\ ,\n \"http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0\",\n \"http://certificates.starfieldtech.com/repository/1604\",\n \ \ \"http://certs.oati.net/repository/OATICA2.crl0\",\n \"http://certs.oati.net/repository/OATICA2.crt0\",\n \"http://certs.oaticerts.com/repository/OATICA2.crl\"\ ,\n \"http://certs.oaticerts.com/repository/OATICA2.crt08\",\n \"http://cps.chambersign.org/cps/chambersignroot.html0\",\n \ \ \"http://cps.chambersign.org/cps/chambersroot.html0\",\n \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\"\ ,\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \"http://crl.certigna.fr/certignarootca.crl01\",\n \"http://crl.chambersign.org/chambersignroot.crl0\"\ ,\n \"http://crl.chambersign.org/chambersroot.crl0\",\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \ \ \"http://crl.defence.gov.au/pki0\",\n \"http://crl.dhimyotis.com/certignarootca.crl0\",\n \"http://crl.globalsign.net/root-r2.crl0\",\n\ \ \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\",\n \"http://crl.securetrust.com/SGCA.crl0\"\ ,\n \"http://crl.securetrust.com/STCA.crl0\",\n \"http://crl.ssc.lt/root-a/cacrl.crl0\",\n \"http://crl.ssc.lt/root-b/cacrl.crl0\"\ ,\n \"http://crl.ssc.lt/root-c/cacrl.crl0\",\n \"http://crl.xrampsecurity.com/XGCA.crl0\",\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\"\ ,\n \"http://ctldl.windowsupdate.com/\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enR5\"\ ,\n \"http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635\",\n \"http://cygwin.cathedral-networks.org\"\ ,\n \"http://cygwin.cathedral-networks.org.v\",\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/%\"\ ,\n \"http://cygwin.cathedral-networks.org/)\",\n \"http://cygwin.cathedral-networks.org/-\",\n \"http://cygwin.cathedral-networks.org/.\"\ ,\n \"http://cygwin.cathedral-networks.org/.c\",\n \"http://cygwin.cathedral-networks.org/.i\",\n \"http://cygwin.cathedral-networks.org/.l\"\ ,\n \"http://cygwin.cathedral-networks.org/.m\",\n \"http://cygwin.cathedral-networks.org/.n\",\n \"http://cygwin.cathedral-networks.org/.s\"\ ,\n \"http://cygwin.cathedral-networks.org/.u8\",\n \"http://cygwin.cathedral-networks.org//\",\n \"http://cygwin.cathedral-networks.org//)\"\ ,\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org//D\",\n \"http://cygwin.cathedral-networks.org//Z\"\ ,\n \"http://cygwin.cathedral-networks.org//c\",\n \"http://cygwin.cathedral-networks.org//f\",\n \"http://cygwin.cathedral-networks.org//f:\"\ ,\n \"http://cygwin.cathedral-networks.org//ftp.ntu.edu.twI\",\n \"http://cygwin.cathedral-networks.org//l\",\n \"\ http://cygwin.cathedral-networks.org//m\",\n \"http://cygwin.cathedral-networks.org//u\",\n \"http://cygwin.cathedral-networks.org/8\",\n \ \ \"http://cygwin.cathedral-networks.org/9\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\",\n\ \ \"http://cygwin.cathedral-networks.org/B\",\n \"http://cygwin.cathedral-networks.org/C\",\n \"http://cygwin.cathedral-networks.org/F\"\ ,\n \"http://cygwin.cathedral-networks.org/G\",\n \"http://cygwin.cathedral-networks.org/K\",\n \"http://cygwin.cathedral-networks.org/L\"\ ,\n \"http://cygwin.cathedral-networks.org/X\",\n \"http://cygwin.cathedral-networks.org/Z\",\n \"http://cygwin.cathedral-networks.org/a\"\ ,\n \"http://cygwin.cathedral-networks.org/an\",\n \"http://cygwin.cathedral-networks.org/at3\",\n \"http://cygwin.cathedral-networks.org/c\"\ ,\n \"http://cygwin.cathedral-networks.org/ck\",\n \"http://cygwin.cathedral-networks.org/cy\",\n \"http://cygwin.cathedral-networks.org/d\"\ ,\n \"http://cygwin.cathedral-networks.org/dO\",\n \"http://cygwin.cathedral-networks.org/e\",\n \"http://cygwin.cathedral-networks.org/e.\"\ ,\n \"http://cygwin.cathedral-networks.org/ee.\",\n \"http://cygwin.cathedral-networks.org/en\",\n \"http://cygwin.cathedral-networks.org/f\"\ ,\n \"http://cygwin.cathedral-networks.org/fr\",\n \"http://cygwin.cathedral-networks.org/fs\",\n \"http://cygwin.cathedral-networks.org/ft\"\ ,\n \"http://cygwin.cathedral-networks.org/g\",\n \"http://cygwin.cathedral-networks.org/h\",\n \"http://cygwin.cathedral-networks.org/hti\"\ ,\n \"http://cygwin.cathedral-networks.org/i\",\n \"http://cygwin.cathedral-networks.org/ic\",\n \"http://cygwin.cathedral-networks.org/in\"\ ,\n \"http://cygwin.cathedral-networks.org/ir\",\n \"http://cygwin.cathedral-networks.org/m\",\n \"http://cygwin.cathedral-networks.org/mG\"\ ,\n \"http://cygwin.cathedral-networks.org/ma/\",\n \"http://cygwin.cathedral-networks.org/mi\",\n \"http://cygwin.cathedral-networks.org/miK\"\ ,\n \"http://cygwin.cathedral-networks.org/n\",\n \"http://cygwin.cathedral-networks.org/n/\",\n \"http://cygwin.cathedral-networks.org/ni\"\ ,\n \"http://cygwin.cathedral-networks.org/o\",\n \"http://cygwin.cathedral-networks.org/oo\",\n \"http://cygwin.cathedral-networks.org/ot\"\ ,\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/p:\",\n \"http://cygwin.cathedral-networks.org/q\"\ ,\n \"http://cygwin.cathedral-networks.org/r\",\n \"http://cygwin.cathedral-networks.org/ro\",\n \"http://cygwin.cathedral-networks.org/rs\"\ ,\n \"http://cygwin.cathedral-networks.org/s.\",\n \"http://cygwin.cathedral-networks.org/sj\",\n \"http://cygwin.cathedral-networks.org/su\"\ ,\n \"http://cygwin.cathedral-networks.org/tp\",\n \"http://cygwin.cathedral-networks.org/tt\",\n \"http://cygwin.cathedral-networks.org/u\"\ ,\n \"http://cygwin.cathedral-networks.org/um\",\n \"http://cygwin.cathedral-networks.org/v\",\n \"http://cygwin.cathedral-networks.org/w\"\ ,\n \"http://cygwin.cathedral-networks.org/wa(\",\n \"http://cygwin.cathedral-networks.org0\",\n \"http://cygwin.cathedral-networks.org6\"\ ,\n \"http://cygwin.cathedral-networks.org;\",\n \"http://cygwin.cathedral-networks.orgE\",\n \"http://cygwin.cathedral-networks.orgH\"\ ,\n \"http://cygwin.cathedral-networks.orgL\",\n \"http://cygwin.cathedral-networks.orgR\",\n \"http://cygwin.cathedral-networks.orgT\"\ ,\n \"http://cygwin.cathedral-networks.orga\",\n \"http://cygwin.cathedral-networks.orgb/c\",\n \"http://cygwin.cathedral-networks.orgcew\"\ ,\n \"http://cygwin.cathedral-networks.orgcom\",\n \"http://cygwin.cathedral-networks.orgcyg\",\n \"http://cygwin.cathedral-networks.orgn/\"\ ,\n \"http://cygwin.cathedral-networks.orgom\",\n \"http://cygwin.cathedral-networks.orgorg3\",\n \"http://cygwin.cathedral-networks.orgror%\"\ ,\n \"http://cygwin.cathedral-networks.orgsde\",\n \"http://cygwin.cathedral-networks.orgt\",\n \"http://cygwin.cathedral-networks.orgtp:\"\ ,\n \"http://cygwin.cathedral-networks.orgtpsP\",\n \"http://cygwin.cathedral-networks.orgtsc\",\n \"http://cygwin.cathedral-networks.orguts\"\ ,\n \"http://cygwin.cathedral-networks.orgwin\",\n \"http://cygwin.cathedral-networks.orgxmi\",\n \"http://cygwin.mbwarez\"\ ,\n \"http://cygwin.mbwarez.dk\",\n \"http://cygwin.mbwarez.dk.by.fr-\",\n \"http://cygwin.mbwarez.dk.byfly.byo?\"\ ,\n \"http://cygwin.mbwarez.dk.den/win//:\",\n \"http://cygwin.mbwarez.dk.koddos.netet5\",\n \"http://cygwin.mbwarez.dk.netgwin/g/\"\ ,\n \"http://cygwin.mbwarez.dk.netpt\",\n \"http://cygwin.mbwarez.dk.ntu.edu.tw/pub\",\n \"http://cygwin.mbwarez.dk.rnl.tecnico.ulB\"\ ,\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/%\",\n \"http://cygwin.mbwarez.dk/(\",\n \ \ \"http://cygwin.mbwarez.dk/-\",\n \"http://cygwin.mbwarez.dk/.ca/\",\n \"http://cygwin.mbwarez.dk/.ca/afal.ca?\",\n \ \ \"http://cygwin.mbwarez.dk/.cn/cygwin/ft\",\n \"http://cygwin.mbwarez.dk/.cnwin/n/\",\n \"http://cygwin.mbwarez.dk/.com/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/.de/cygwin/gw\",\n \"http://cygwin.mbwarez.dk/.edu.cnJ\",\n \"http://cygwin.mbwarez.dk/.hunet\"\ ,\n \"http://cygwin.mbwarez.dk/.netin/n.net\",\n \"http://cygwin.mbwarez.dk/.nz/\",\n \"http://cygwin.mbwarez.dk/.sjtu.edu.c\"\ ,\n \"http://cygwin.mbwarez.dk/.ustc.edu.$\",\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk///\"\ ,\n \"http://cygwin.mbwarez.dk///mirrors.dots\",\n \"http://cygwin.mbwarez.dk///tps://\",\n \"http://cygwin.mbwarez.dk//0e\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin/$\",\n \"http://cygwin.mbwarez.dk//cygwin/.d\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin//\",\n \"http://cygwin.mbwarez.dk//cygwin/O\",\n \"http://cygwin.mbwarez.dk//cygwin32/\"\ ,\n \"http://cygwin.mbwarez.dk//gwin/\",\n \"http://cygwin.mbwarez.dk//gwin//\",\n \"http://cygwin.mbwarez.dk//in/ca/\"\ ,\n \"http://cygwin.mbwarez.dk//in/win/\",\n \"http://cygwin.mbwarez.dk//mirror.koddos5\",\n \"http://cygwin.mbwarez.dk//mn/\"\ ,\n \"http://cygwin.mbwarez.dk//n/et\",\n \"http://cygwin.mbwarez.dk//n/w.gutscheinrausch.de/mirror/cygwin/\",\n \ \ \"http://cygwin.mbwarez.dk//pub/cygwin/\",\n \"http://cygwin.mbwarez.dk//win/.\",\n \"http://cygwin.mbwarez.dk/0\",\n \ \ \"http://cygwin.mbwarez.dk/2\",\n \"http://cygwin.mbwarez.dk/3\",\n \"http://cygwin.mbwarez.dk/7J\",\n \"\ http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\",\n \"http://cygwin.mbwarez.dk/Asiaon\",\n \"http://cygwin.mbwarez.dk/B\"\ ,\n \"http://cygwin.mbwarez.dk/E\",\n \"http://cygwin.mbwarez.dk/Europec\",\n \"http://cygwin.mbwarez.dk/North\"\ ,\n \"http://cygwin.mbwarez.dk/Norway\",\n \"http://cygwin.mbwarez.dk/Poland.\",\n \"http://cygwin.mbwarez.dk/V)\"\ ,\n \"http://cygwin.mbwarez.dk/achen.de1\",\n \"http://cygwin.mbwarez.dk/aledonia\",\n \"http://cygwin.mbwarez.dk/ant.com\"\ ,\n \"http://cygwin.mbwarez.dk/b\",\n \"http://cygwin.mbwarez.dk/b/cygwin/te.n\",\n \"http://cygwin.mbwarez.dk/chen.\"\ ,\n \"http://cygwin.mbwarez.dk/chum.de\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/\",\n \"http://cygwin.mbwarez.dk/com/cygwin/d\"\ ,\n \"http://cygwin.mbwarez.dk/cyg\",\n \"http://cygwin.mbwarez.dk/cygwin/\",\n \"http://cygwin.mbwarez.dk/cygwin/(\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//\",\n \"http://cygwin.mbwarez.dk/cygwin//.\",\n \"http://cygwin.mbwarez.dk/cygwin//9\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//b\",\n \"http://cygwin.mbwarez.dk/cygwin/7\",\n \"http://cygwin.mbwarez.dk/cygwin/://\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/A\",\n \"http://cygwin.mbwarez.dk/cygwin/I\",\n \"http://cygwin.mbwarez.dk/cygwin/n/n/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/rror.l\",\n \"http://cygwin.mbwarez.dk/cygwin32/\",\n \"http://cygwin.mbwarez.dk/d.com\"\ ,\n \"http://cygwin.mbwarez.dk/d.comwin/on\",\n \"http://cygwin.mbwarez.dk/de/cygwin/\",\n \"http://cygwin.mbwarez.dk/de/cygwin/tsr\"\ ,\n \"http://cygwin.mbwarez.dk/deygwin/(\",\n \"http://cygwin.mbwarez.dk/e\",\n \"http://cygwin.mbwarez.dk/e/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/e/cygwin/in/\",\n \"http://cygwin.mbwarez.dk/e/software/win\",\n \"http://cygwin.mbwarez.dk/ebsd.orgc.jp\"\ ,\n \"http://cygwin.mbwarez.dk/et/cygwin/\",\n \"http://cygwin.mbwarez.dk/et/cygwin/y\",\n \"http://cygwin.mbwarez.dk/etcygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/etworks.org)\",\n \"http://cygwin.mbwarez.dk/etworks.org/\",\n \"http://cygwin.mbwarez.dk/f\"\ ,\n \"http://cygwin.mbwarez.dk/ftp://mi\",\n \"http://cygwin.mbwarez.dk/g/cygwin/\",\n \"http://cygwin.mbwarez.dk/g/cygwin/:\"\ ,\n \"http://cygwin.mbwarez.dk/gasso.netd\",\n \"http://cygwin.mbwarez.dk/gwin\",\n \"http://cygwin.mbwarez.dk/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin///\",\n \"http://cygwin.mbwarez.dk/gwin/gwin/\",\n \"http://cygwin.mbwarez.dk/gwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/n//m\",\n \"http://cygwin.mbwarez.dk/gwin/n/x\",\n \"http://cygwin.mbwarez.dk/gwin/o.net/K\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/ps://w\",\n \"http://cygwin.mbwarez.dk/gwin/t\",\n \"http://cygwin.mbwarez.dk/gwin/win/\"\ ,\n \"http://cygwin.mbwarez.dk/gygwin/#\",\n \"http://cygwin.mbwarez.dk/h.de//n/\",\n \"http://cygwin.mbwarez.dk/h.deEurope\"\ ,\n \"http://cygwin.mbwarez.dk/hen.de\",\n \"http://cygwin.mbwarez.dk/https://\",\n \"http://cygwin.mbwarez.dk/hum.degwin/&\"\ ,\n \"http://cygwin.mbwarez.dk/in/\",\n \"http://cygwin.mbwarez.dk/in//\",\n \"http://cygwin.mbwarez.dk/in//Q\",\n\ \ \"http://cygwin.mbwarez.dk/in//win/$\",\n \"http://cygwin.mbwarez.dk/in/cygwin/\",\n \"http://cygwin.mbwarez.dk/in/cygwin/E\"\ ,\n \"http://cygwin.mbwarez.dk/in/cygwin/che\",\n \"http://cygwin.mbwarez.dk/in/gwin/\",\n \"http://cygwin.mbwarez.dk/in/in/\"\ ,\n \"http://cygwin.mbwarez.dk/in/in/t.e~\",\n \"http://cygwin.mbwarez.dk/in/p.br/cy\",\n \"http://cygwin.mbwarez.dk/in/tp://ftp.l\"\ ,\n \"http://cygwin.mbwarez.dk/in/win/\",\n \"http://cygwin.mbwarez.dk/in/win/W\",\n \"http://cygwin.mbwarez.dk/in/ygwin/I\"\ ,\n \"http://cygwin.mbwarez.dk/in/ygwin/a\",\n \"http://cygwin.mbwarez.dk/isboa.pt/pub/c\",\n \"http://cygwin.mbwarez.dk/ited\"\ ,\n \"http://cygwin.mbwarez.dk/k\",\n \"http://cygwin.mbwarez.dk/l\",\n \"http://cygwin.mbwarez.dk/m/cygwin/\",\n\ \ \"http://cygwin.mbwarez.dk/m/cygwin/://cy\",\n \"http://cygwin.mbwarez.dk/min/Av\",\n \"http://cygwin.mbwarez.dk/n.viem-it.n\"\ ,\n \"http://cygwin.mbwarez.dk/n/\",\n \"http://cygwin.mbwarez.dk/n/cygwin/\",\n \"http://cygwin.mbwarez.dk/n/gwi\"\ ,\n \"http://cygwin.mbwarez.dk/n/in32/\",\n \"http://cygwin.mbwarez.dk/n/win/\",\n \"http://cygwin.mbwarez.dk/n?\"\ ,\n \"http://cygwin.mbwarez.dk/ncent.comcom\",\n \"http://cygwin.mbwarez.dk/ng\",\n \"http://cygwin.mbwarez.dk/no/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/ogwin/\",\n \"http://cygwin.mbwarez.dk/om/cygwin/\",\n \"http://cygwin.mbwarez.dk/om/cygwin/(\"\ ,\n \"http://cygwin.mbwarez.dk/om/cygwin/J\",\n \"http://cygwin.mbwarez.dk/om/cygwin/P\",\n \"http://cygwin.mbwarez.dk/om/cygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/omain.de\",\n \"http://cygwin.mbwarez.dk/oo\",\n \"http://cygwin.mbwarez.dk/ope1\"\ ,\n \"http://cygwin.mbwarez.dk/or.checkdomain\",\n \"http://cygwin.mbwarez.dk/orgb/cygwin/\",\n \"http://cygwin.mbwarez.dk/orgomgwin/I\"\ ,\n \"http://cygwin.mbwarez.dk/ors.do\",\n \"http://cygwin.mbwarez.dk/p\",\n \"http://cygwin.mbwarez.dk/p.fau.depdu\"\ ,\n \"http://cygwin.mbwarez.dk/p.funet.fi/pub\",\n \"http://cygwin.mbwarez.dk/pub/cygwin/\",\n \"http://cygwin.mbwarez.dk/pub/cygwin/ft\"\ ,\n \"http://cygwin.mbwarez.dk/r-hk.koddos\",\n \"http://cygwin.mbwarez.dk/rafal.ca/S\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/rg/pub/cygw\",\n \"http://cygwin.mbwarez.dk/rgasso.net\",\n \"http://cygwin.mbwarez.dk/rgasso.net/R\"\ ,\n \"http://cygwin.mbwarez.dk/rloo.canet/\",\n \"http://cygwin.mbwarez.dk/rrors.163.com\",\n \"http://cygwin.mbwarez.dk/rz.ruhr-uni\"\ ,\n \"http://cygwin.mbwarez.dk/s.netix.net\",\n \"http://cygwin.mbwarez.dk/s/cygwin/\",\n \"http://cygwin.mbwarez.dk/stralasiaagoo\"\ ,\n \"http://cygwin.mbwarez.dk/t\",\n \"http://cygwin.mbwarez.dk/t.comgwin/\",\n \"http://cygwin.mbwarez.dk/t/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/t/cygwin/Unix/sourceware.org/cygwin//n/\",\n \"http://cygwin.mbwarez.dk/t/cygwin/Y\",\n \ \ \"http://cygwin.mbwarez.dk/t/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/tc.edu.cn\",\n \"http://cygwin.mbwarez.dk/tgwin//usL\",\n \ \ \"http://cygwin.mbwarez.dk/tn/://ftp.ha6\",\n \"http://cygwin.mbwarez.dk/tp://ftp.fa\"\n ],\n \"\ severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"238\"\n },\n {\n \"description\": \"Uses secure TLS version\ \ for HTTPS connections\",\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.13:49698 version: TLS 1.2\"\n ],\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"7058\"\n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ ,\n \"match_data\": [\n \"HTTP traffic on port 443 -> 49711\",\n \"HTTP traffic on port 49711 -> 443\"\n \ \ ],\n \"id\": \"625\",\n \"description\": \"Uses HTTPS\"\n },\n {\n \"severity\"\ : \"IMPACT_SEVERITY_INFO\",\n \"refs\": [\n {\n \"ref\": \"#memory_dumps\",\n \"value\"\ : \"program.exe, 00000000.00000002.4532740386.0000000000D67000.00000004.00000020.00020000.00000000.sdmp, program.exe, 00000000.00000002.4532069778.0000000000D1C000.00000004.00000020.00020000.00000000.sdmp\"\ \n }\n ],\n \"match_data\": [\n \"Hyper-V RAW\"\n ],\n \ \ \"id\": \"263\",\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\"\n },\n \ \ {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"ftp://cygwin.mirror.rafal.ca\",\n\ \ \"ftp://cygwin.mirror.rafal.caors\",\n \"ftp://ftp-stud.hs-esslingen.de/pub/Mirrors/sources.redhat.com/cygwin/http://m\",\n \ \ \"ftp://ftp-stud.hs-esslingen.deors\",\n \"ftp://ftp-stud.hs-esslingen.deror\",\n \"ftp://ftp.0\",\n \ \ \"ftp://ftp.I?\",\n \"ftp://ftp.byfly.by/pub/cygwin/\",\n \"ftp://ftp.byfly.by/pub/cygwin//\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://f-\"\ ,\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://li60\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://m\",\n \ \ \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/rs\",\n \ \ \"ftp://ftp.fau.de\",\n \"ftp://ftp.fau.de/cygwin/me\",\n \"ftp://ftp.fs\",\n \"ftp://ftp.fsn.hu/pub/cygwin/https://\"\ ,\n \"ftp://ftp.fsn.hu/pub/cygwin/oc\",\n \"ftp://ftp.fsn.hur\",\n \"ftp://ftp.fst\",\n \ \ \"ftp://ftp.ha\",\n \"ftp://ftp.halifax.rwth-aachen.de\",\n \"ftp://ftp.halifax.rwth-aachen.de/cygwin/\",\n \"\ ftp://ftp.iij.ad.jp/pub/cygwin/http://f\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://m\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/or\",\n \ \ \"ftp://ftp.iij.ad.jp/pub/cygwin/r\",\n \"ftp://ftp.inf.tu-dresden.de/software/windows/cygwin32/http://m\",\n \"ftp://ftp.inf.tu-dresden.demirror\"\ ,\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/https:\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://cj\",\n \ \ \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://mK1\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://\",\n \"ftp://ftp.l\"\ ,\n \"ftp://ftp.lip6.fr/pub/cygwin/\",\n \"ftp://ftp.lip6.fr/pub/cygwin/http://f\",\n \"ftp://ftp.lip6.fr/pub/cygwin/http://m~\"\ ,\n \"ftp://ftp.lip6.fr/pub/cygwin/or\",\n \"ftp://ftp.lip6.fr/pub/cygwin/p\",\n \"ftp://ftp.lip6.fr/pub/cygwin/win\"\ ,\n \"ftp://ftp.m\",\n \"ftp://ftp.mirrorservice.org\",\n \"ftp://ftp.n\",\n \"ftp://ftp.np\"\ ,\n \"ftp://ftp.ntu.edu.tw/pub/cygwin/\",\n \"ftp://ftp.ntu.edu.tw/pub/cygwin//\",\n \"ftp://ftp.ntua.gr\",\n \ \ \"ftp://ftp.rnl.tecnico.ulisboa.pt\",\n \"ftp://ftp.rnl.tecnico.ulisboa.pt/pub/cygwin/n/n\",\n \"ftp://ftp.snt.utwente.nl/pub/software/cygwin/\"\ ,\n \"ftp://ftp.snt.utwente.nlmcygwin\",\n \"ftp://ftp.twaren.net/Unix/sourceware.org/cygwin/https::4\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/p\",\n \"ftp://ftp.yz.yamagata-u.ac.jpor\",\n \"ftp://linux.rz.ruhr-uni-bochum.de\"\ ,\n \"ftp://mirror.checkdomain.de/cygwin/\",\n \"ftp://mirror.checkdomain.de/cygwin/http://c?\",\n \"ftp://mirror.checkdomain.de/cygwin/in/http://l\"\ ,\n \"ftp://mirror.checkdomain.decygwin/httpY\",\n \"ftp://mirror.checkdomain.dehttp://mirro\",\n \"ftp://mirror.checkdomain.deirrors\"\ ,\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin/\",\n \"ftp://mirror.csclub.uwaterloo.ca/cygwin/httP\",\n \"ftp://mirror.datacenter.by/pub/mirrors/cygwin/http://c\"\ ,\n \"ftp://mirror.datacenter.byhttp://f\",\n \"ftp://mirror.easyname.atz\",\n \"ftp://mirror.internode.on.net/pub/cygwin/ygwin/\"\ ,\n \"ftp://mirror.rise.ph/cygwin/cygwin/httpF4\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/st\",\n \"ftp://mirrors.netix.net/cygwin/\"\ ,\n \"ftp://mirrors.netix.net/cygwin//\",\n \"ftp://mirrors.netix.net/cygwin/https://~\",\n \"ftp://mirrors.netix.net/cygwin/or\"\ ,\n \"ftp://mirrors.syringanetworks.net/cygwin/in/rs\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\",\n \ \ \"ftp://sunsite.icm.edu.pl\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://ml\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/ygwin\"\ ,\n \"ftp://sunsite.icm.edu.plhinahttp://ftp\",\n \"ftp://sunsite.icm.edu.plhttp://f\",\n \"ftp://sunsite.icm.edu.plnorg\"\ ,\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\"\ ,\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://cygwin.ca\",\n \"http://cygwin.cathedral-\",\n \ \ \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org(\",\n \"http://cygwin.cathedral-networks.org-\"\ ,\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/%\",\n \"http://cygwin.cathedral-networks.org/&\"\ ,\n \"http://cygwin.cathedral-networks.org/.\",\n \"http://cygwin.cathedral-networks.org//\",\n \"http://cygwin.cathedral-networks.org//&\"\ ,\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org//N)\",\n \"http://cygwin.cathedral-networks.org//Z\"\ ,\n \"http://cygwin.cathedral-networks.org//b5\",\n \"http://cygwin.cathedral-networks.org//c\",\n \"http://cygwin.cathedral-networks.org//f\"\ ,\n \"http://cygwin.cathedral-networks.org//fy\",\n \"http://cygwin.cathedral-networks.org//i6\",\n \"http://cygwin.cathedral-networks.org//m\"\ ,\n \"http://cygwin.cathedral-networks.org/0\",\n \"http://cygwin.cathedral-networks.org/1\",\n \"http://cygwin.cathedral-networks.org/2/\"\ ,\n \"http://cygwin.cathedral-networks.org/5G\",\n \"http://cygwin.cathedral-networks.org/9/\",\n \"http://cygwin.cathedral-networks.org/96\"\ ,\n \"http://cygwin.cathedral-networks.org/9?\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/=\",\n \"http://cygwin.cathedral-networks.org/A6\",\n \"http://cygwin.cathedral-networks.org/C\"\ ,\n \"http://cygwin.cathedral-networks.org/D\",\n \"http://cygwin.cathedral-networks.org/G\",\n \"http://cygwin.cathedral-networks.org/K(\"\ ,\n \"http://cygwin.cathedral-networks.org/M\",\n \"http://cygwin.cathedral-networks.org/P\",\n \"http://cygwin.cathedral-networks.org/S(\"\ ,\n \"http://cygwin.cathedral-networks.org/S.\",\n \"http://cygwin.cathedral-networks.org/T\",\n \"http://cygwin.cathedral-networks.org/T&\"\ ,\n \"http://cygwin.cathedral-networks.org/U23\",\n \"http://cygwin.cathedral-networks.org/X\",\n \"http://cygwin.cathedral-networks.org/Y\"\ ,\n \"http://cygwin.cathedral-networks.org/an:\",\n \"http://cygwin.cathedral-networks.org/b/\",\n \"http://cygwin.cathedral-networks.org/c\"\ ,\n \"http://cygwin.cathedral-networks.org/c4/\",\n \"http://cygwin.cathedral-networks.org/cn\",\n \"http://cygwin.cathedral-networks.org/cy\"\ ,\n \"http://cygwin.cathedral-networks.org/d\",\n \"http://cygwin.cathedral-networks.org/e\",\n \"http://cygwin.cathedral-networks.org/fr\"\ ,\n \"http://cygwin.cathedral-networks.org/ft\",\n \"http://cygwin.cathedral-networks.org/fts5\",\n \"http://cygwin.cathedral-networks.org/h7\"\ ,\n \"http://cygwin.cathedral-networks.org/ir\",\n \"http://cygwin.cathedral-networks.org/l\",\n \"http://cygwin.cathedral-networks.org/m\"\ ,\n \"http://cygwin.cathedral-networks.org/m)\",\n \"http://cygwin.cathedral-networks.org/m/\",\n \"http://cygwin.cathedral-networks.org/mU\"\ ,\n \"http://cygwin.cathedral-networks.org/mi\",\n \"http://cygwin.cathedral-networks.org/mir4\",\n \"http://cygwin.cathedral-networks.org/n&\"\ ,\n \"http://cygwin.cathedral-networks.org/n.\",\n \"http://cygwin.cathedral-networks.org/niK/\",\n \"http://cygwin.cathedral-networks.org/o\"\ ,\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/rg\",\n \"http://cygwin.cathedral-networks.org/s.\"\ ,\n \"http://cygwin.cathedral-networks.org/s2\",\n \"http://cygwin.cathedral-networks.org/sj\",\n \"http://cygwin.cathedral-networks.org/sl\"\ ,\n \"http://cygwin.cathedral-networks.org/t\",\n \"http://cygwin.cathedral-networks.org/tsH\",\n \"http://cygwin.cathedral-networks.org/u\"\ ,\n \"http://cygwin.cathedral-networks.org/u.\",\n \"http://cygwin.cathedral-networks.org/x\",\n \"http://cygwin.cathedral-networks.org/z\"\ ,\n \"http://cygwin.cathedral-networks.org/z%\",\n \"http://cygwin.cathedral-networks.org/~\",\n \"http://cygwin.cathedral-networks.org8\"\ ,\n \"http://cygwin.cathedral-networks.orgA6\",\n \"http://cygwin.cathedral-networks.orgC\",\n \"http://cygwin.cathedral-networks.orgH\"\ ,\n \"http://cygwin.cathedral-networks.orgK?\",\n \"http://cygwin.cathedral-networks.orgS/\",\n \"http://cygwin.cathedral-networks.orgW)\"\ ,\n \"http://cygwin.cathedral-networks.org_2=\",\n \"http://cygwin.cathedral-networks.orgd%\",\n \"http://cygwin.cathedral-networks.orgdet5\"\ ,\n \"http://cygwin.cathedral-networks.orgha\",\n \"http://cygwin.cathedral-networks.orghtt\",\n \"http://cygwin.cathedral-networks.orgk\"\ ,\n \"http://cygwin.cathedral-networks.orgk3\",\n \"http://cygwin.cathedral-networks.orgmi(q\",\n \"http://cygwin.cathedral-networks.orgn/\"\ ,\n \"http://cygwin.cathedral-networks.orgn/N6\",\n \"http://cygwin.cathedral-networks.orgoft\",\n \"http://cygwin.cathedral-networks.orgorg\"\ ,\n \"http://cygwin.cathedral-networks.orgp/p\",\n \"http://cygwin.cathedral-networks.orgq\",\n \"http://cygwin.cathedral-networks.orgrro\"\ ,\n \"http://cygwin.cathedral-networks.orgsyn\",\n \"http://cygwin.cathedral-networks.orgtp.\",\n \"http://cygwin.cathedral-networks.orgttp&\"\ ,\n \"http://cygwin.cathedral-networks.orgu\",\n \"http://cygwin.cathedral-networks.orguwa\",\n \"http://cygwin.cathedral-networks.orgw\"\ ,\n \"http://cygwin.cathedral-networks.orgwar\",\n \"http://cygwin.cathedral-networks.orgx\",\n \"http://cygwin.cathedral-networks.orgy3&\"\ ,\n \"http://cygwin.cathedral-networks.orgygw\",\n \"http://cygwin.cathedral-networks.orgz\",\n \"http://cygwin.cathedral-t5\"\ ,\n \"http://cygwin.mbwarez\",\n \"http://cygwin.mbwarez.dk\",\n \"http://cygwin.mbwarez.dk$\",\n \ \ \"http://cygwin.mbwarez.dk$I)\",\n \"http://cygwin.mbwarez.dk.ac.jpor\",\n \"http://cygwin.mbwarez.dk.augwin//\",\n \ \ \"http://cygwin.mbwarez.dk.by/pub/mirrors\",\n \"http://cygwin.mbwarez.dk.cab/cygwin/v\",\n \"http://cygwin.mbwarez.dk.iij.ad.jp/pub/\"\ ,\n \"http://cygwin.mbwarez.dk.netm\",\n \"http://cygwin.mbwarez.dk.orgin/\",\n \"http://cygwin.mbwarez.dk/\",\n\ \ \"http://cygwin.mbwarez.dk/#\",\n \"http://cygwin.mbwarez.dk/%\",\n \"http://cygwin.mbwarez.dk/&\",\n \ \ \"http://cygwin.mbwarez.dk/)\",\n \"http://cygwin.mbwarez.dk/-uni-bochum\",\n \"http://cygwin.mbwarez.dk/.can/org/\",\n\ \ \"http://cygwin.mbwarez.dk/.cn/cygwin/i/\",\n \"http://cygwin.mbwarez.dk/.cnom/\",\n \"http://cygwin.mbwarez.dk/.co.za32/t\"\ ,\n \"http://cygwin.mbwarez.dk/.de/cygwin/\",\n \"http://cygwin.mbwarez.dk/.jp\",\n \"http://cygwin.mbwarez.dk/.lagoon.nc\"\ ,\n \"http://cygwin.mbwarez.dk/.lagoon.nc/\",\n \"http://cygwin.mbwarez.dk/.nct\",\n \"http://cygwin.mbwarez.dk//\"\ ,\n \"http://cygwin.mbwarez.dk///\",\n \"http://cygwin.mbwarez.dk////\",\n \"http://cygwin.mbwarez.dk///cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk///win/\",\n \"http://cygwin.mbwarez.dk//cygwi\",\n \"http://cygwin.mbwarez.dk//cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin//4\",\n \"http://cygwin.mbwarez.dk//cygwin//b\",\n \"http://cygwin.mbwarez.dk//cygwin/mi\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/n/y\",\n \"http://cygwin.mbwarez.dk//cygwin/rg\",\n \"http://cygwin.mbwarez.dk//cygwin/ta\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/v\",\n \"http://cygwin.mbwarez.dk//cygwin/z\",\n \"http://cygwin.mbwarez.dk//cygwin32/\"\ ,\n \"http://cygwin.mbwarez.dk//cygwip\",\n \"http://cygwin.mbwarez.dk//n/\",\n \"http://cygwin.mbwarez.dk//u\",\n\ \ \"http://cygwin.mbwarez.dk//win/com:\",\n \"http://cygwin.mbwarez.dk//win/n/x\",\n \"http://cygwin.mbwarez.dk//ygwin//c\"\ ,\n \"http://cygwin.mbwarez.dk/4t\",\n \"http://cygwin.mbwarez.dk/5T)\",\n \"http://cygwin.mbwarez.dk/6\",\n \ \ \"http://cygwin.mbwarez.dk/7\",\n \"http://cygwin.mbwarez.dk/;\",\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\"\ ,\n \"http://cygwin.mbwarez.dk/Asia\",\n \"http://cygwin.mbwarez.dk/Asia/ft\",\n \"http://cygwin.mbwarez.dk/Bulgaria\"\ ,\n \"http://cygwin.mbwarez.dk/D1C\",\n \"http://cygwin.mbwarez.dk/Europew\",\n \"http://cygwin.mbwarez.dk/I\",\n\ \ \"http://cygwin.mbwarez.dk/Moldova\",\n \"http://cygwin.mbwarez.dk/P\",\n \"http://cygwin.mbwarez.dk/S\",\n \ \ \"http://cygwin.mbwarez.dk/U\",\n \"http://cygwin.mbwarez.dk/United\",\n \"http://cygwin.mbwarez.dk/ac.jp\",\n \ \ \"http://cygwin.mbwarez.dk/ac.nz_\",\n \"http://cygwin.mbwarez.dk/achen.deX\",\n \"http://cygwin.mbwarez.dk/aren.neth-\"\ ,\n \"http://cygwin.mbwarez.dk/argasso.net/a\",\n \"http://cygwin.mbwarez.dk/auin/\",\n \"http://cygwin.mbwarez.dk/auygwin//n\"\ ,\n \"http://cygwin.mbwarez.dk/c.jpks.org\",\n \"http://cygwin.mbwarez.dk/c/prog/cygwa\",\n \"http://cygwin.mbwarez.dk/chum.de\"\ ,\n \"http://cygwin.mbwarez.dk/cn/cygwin/D$\",\n \"http://cygwin.mbwarez.dk/com/cygwin/\",\n \"http://cygwin.mbwarez.dk/cyg\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin\",\n \"http://cygwin.mbwarez.dk/cygwin/\",\n \"http://cygwin.mbwarez.dk/cygwin/&\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//G\",\n \"http://cygwin.mbwarez.dk/cygwin/6\",\n \"http://cygwin.mbwarez.dk/cygwin/Z\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/in/s.\",\n \"http://cygwin.mbwarez.dk/cygwin/ina\",\n \"http://cygwin.mbwarez.dk/cygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/tp:\",\n \"http://cygwin.mbwarez.dk/d.com\",\n \"http://cygwin.mbwarez.dk/d.com/cygwin/M\"\ ,\n \"http://cygwin.mbwarez.dk/d.com/cygwin/a\",\n \"http://cygwin.mbwarez.dk/d/cygwin/\",\n \"http://cygwin.mbwarez.dk/de/cygwin/r.c\"\ ,\n \"http://cygwin.mbwarez.dk/degwin/\",\n \"http://cygwin.mbwarez.dk/e\",\n \"http://cygwin.mbwarez.dk/e/cygwin/com/\"\ ,\n \"http://cygwin.mbwarez.dk/ecygwin/Y7\",\n \"http://cygwin.mbwarez.dk/edu.cn/)\",\n \"http://cygwin.mbwarez.dk/en.denl\"\ ,\n \"http://cygwin.mbwarez.dk/et/cygwin/7\",\n \"http://cygwin.mbwarez.dk/et/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/et/cygwin/uniK/\"\ ,\n \"http://cygwin.mbwarez.dk/etn/h%\",\n \"http://cygwin.mbwarez.dk/etworks.org/r\",\n \"http://cygwin.mbwarez.dk/eu.sg\"\ ,\n \"http://cygwin.mbwarez.dk/fly.by/pub/\",\n \"http://cygwin.mbwarez.dk/ftp.iij.\",\n \"http://cygwin.mbwarez.dk/ftp://mi\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/\",\n \"http://cygwin.mbwarez.dk/gwin/.net;2Y\",\n \"http://cygwin.mbwarez.dk/gwin///\"\ ,\n \"http://cygwin.mbwarez.dk/gwin///Un\",\n \"http://cygwin.mbwarez.dk/gwin//rors.\",\n \"http://cygwin.mbwarez.dk/gwin/2t\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/32/f\",\n \"http://cygwin.mbwarez.dk/gwin/in/\",\n \"http://cygwin.mbwarez.dk/gwin/in/c.o4\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/in/rali\",\n \"http://cygwin.mbwarez.dk/gwin/win/\",\n \"http://cygwin.mbwarez.dk/h.decnia\"\ ,\n \"http://cygwin.mbwarez.dk/hu/pub/cygwin/y#\",\n \"http://cygwin.mbwarez.dk/in.uib.no/2/\",\n \"http://cygwin.mbwarez.dk/in/\"\ ,\n \"http://cygwin.mbwarez.dk/in//\",\n \"http://cygwin.mbwarez.dk/in/I\",\n \"http://cygwin.mbwarez.dk/in/X)\"\ ,\n \"http://cygwin.mbwarez.dk/in/gwin/&\",\n \"http://cygwin.mbwarez.dk/in/in/\",\n \"http://cygwin.mbwarez.dk/in/in/s:/\"\ ,\n \"http://cygwin.mbwarez.dk/in/l.ca/\",\n \"http://cygwin.mbwarez.dk/in/n//\",\n \"http://cygwin.mbwarez.dk/in/o\"\ ,\n \"http://cygwin.mbwarez.dk/in/tps://\",\n \"http://cygwin.mbwarez.dk/in/win32/\",\n \"http://cygwin.mbwarez.dk/in/ygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/in/ygwin/~5\",\n \"http://cygwin.mbwarez.dk/irrors\",\n \"http://cygwin.mbwarez.dk/ist.ac.jp/p\"\ ,\n \"http://cygwin.mbwarez.dk/lgaria\",\n \"http://cygwin.mbwarez.dk/m%\",\n \"http://cygwin.mbwarez.dk/m&\",\n\ \ \"http://cygwin.mbwarez.dk/m/cygwin//\",\n \"http://cygwin.mbwarez.dk/m/cygwin/t/\",\n \"http://cygwin.mbwarez.dk/main\"\ ,\n \"http://cygwin.mbwarez.dk/mcygwin/\",\n \"http://cygwin.mbwarez.dk/mirrorservice.\",\n \"http://cygwin.mbwarez.dk/mygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/n\",\n \"http://cygwin.mbwarez.dk/n.de\",\n \"http://cygwin.mbwarez.dk/n.uib.noor\"\ ,\n \"http://cygwin.mbwarez.dk/n/\",\n \"http://cygwin.mbwarez.dk/n////\",\n \"http://cygwin.mbwarez.dk/n//n32/\"\ ,\n \"http://cygwin.mbwarez.dk/n/com/o/\",\n \"http://cygwin.mbwarez.dk/n/cygwin/\",\n \"http://cygwin.mbwarez.dk/n/e6\"\ ,\n \"http://cygwin.mbwarez.dk/n/gwin/\",\n \"http://cygwin.mbwarez.dk/n/l.ca/pub\",\n \"http://cygwin.mbwarez.dk/n/n/E\"\ ,\n \"http://cygwin.mbwarez.dk/net.fi/pub/mir\",\n \"http://cygwin.mbwarez.dk/neta\",\n \"http://cygwin.mbwarez.dk/neth/\"\ ,\n \"http://cygwin.mbwarez.dk/no/cygwin/\",\n \"http://cygwin.mbwarez.dk/ochum.dep/pub6\",\n \"http://cygwin.mbwarez.dk/om/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/om/cygwin/~:\",\n \"http://cygwin.mbwarez.dk/omC\",\n \"http://cygwin.mbwarez.dk/omygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/oo.ca\",\n \"http://cygwin.mbwarez.dk/or\",\n \"http://cygwin.mbwarez.dk/orks.net\"\ ,\n \"http://cygwin.mbwarez.dk/osl.orgorg\",\n \"http://cygwin.mbwarez.dk/p\",\n \"http://cygwin.mbwarez.dk/p-stud.hs-essl\"\ ,\n \"http://cygwin.mbwarez.dk/ps.com/cygw\",\n \"http://cygwin.mbwarez.dk/pub/cygwin/\",\n \"http://cygwin.mbwarez.dk/pub/cygwin/ma\"\ ,\n \"http://cygwin.mbwarez.dk/q/\",\n \"http://cygwin.mbwarez.dk/rafal.ca/\",\n \"http://cygwin.mbwarez.dk/rg\"\ ,\n \"http://cygwin.mbwarez.dk/rg/cygwin/\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/.\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/H;\"\ ,\n \"http://cygwin.mbwarez.dk/rmanymagata-u\",\n \"http://cygwin.mbwarez.dk/ror.aarnet.edu\",\n \"http://cygwin.mbwarez.dk/rors/c\"\ ,\n \"http://cygwin.mbwarez.dk/rror.garr.iz\",\n \"http://cygwin.mbwarez.dk/s/cygwin/m\",\n \"http://cygwin.mbwarez.dk/s/cygwin/~\"\ ,\n \"http://cygwin.mbwarez.dk/sd\",\n \"http://cygwin.mbwarez.dk/t/cygwin/et1\",\n \"http://cygwin.mbwarez.dk/t/cygwin/rau_\"\ ,\n \"http://cygwin.mbwarez.dk/ta-u.ac.jpx;S\",\n \"http://cygwin.mbwarez.dk/ter\",\n \"http://cygwin.mbwarez.dk/tt.com//Mirr\"\ ,\n \"http://cygwin.mbwarez.dk/uAsiaKon\",\n \"http://cygwin.mbwarez.dk/uc.ptjp\",\n \"http://cygwin.mbwarez.dk/uy.com/\"\ \n ],\n \"id\": \"238\",\n \"description\": \"URLs found in memory or binary data\"\n },\n \ \ {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\ \\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\"\n ],\n \"id\": \"90\",\n \"description\": \"Creates files inside the user directory\"\ \n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"8.43.85.97:443\ \ -> 192.168.2.13:49711 version: TLS 1.2\"\n ],\n \"id\": \"7058\",\n \"description\": \"Uses secure TLS version for HTTPS connections\"\ \n },\n {\n \"id\": \"263\",\n \"refs\": [\n {\n \"\ ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000000.00000002.4470709658.00000000000FD000.00000004.00000020.00020000.00000000.sdmp\"\n \ \ },\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000000.00000002.4471089039.0000000000163000.00000004.00000020.00020000.00000000.sdmp\"\ \n }\n ],\n \"match_data\": [\n \"Hyper-V RAWp\",\n \"Hyper-V RAW\"\ \n ],\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\",\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"238\",\n \"match_data\": [\n \ \ \"ftp://cygwin.mirror.rafal.ca/pub/cygwin/ygwin\",\n \"ftp://ftp-stud.hs-esslingen.de\",\n \"ftp://ftp-stud.hs-esslingen.de/pub/Mirrors/sources.redhat.com/cygwin/https://.\"\ ,\n \"ftp://ftp-stud.hs-esslingen.dehttp://m\",\n \"ftp://ftp.byfly.by/pub/cygwin//\",\n \"ftp://ftp.byfly.by/pub/cygwin/aren.net/Unix/sourceware.org/cygwin/rror.terrahost.nodek/\"\ ,\n \"ftp://ftp.byfly.by/pub/cygwin/rs\",\n \"ftp://ftp.eq.uc.pt\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://m\"\ ,\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://mG\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://\",\n \ \ \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://O\",\n \"ftp://ftp.fa\",\n \"ftp://ftp.fau.de/cygwin//cygwin//http9\"\ ,\n \"ftp://ftp.fau.de/cygwin/http://f\",\n \"ftp://ftp.fau.de/cygwin/p\",\n \"ftp://ftp.fsn.hu/pub/cygwin/\",\n\ \ \"ftp://ftp.fsn.hu/pub/cygwin/in/\",\n \"ftp://ftp.fsn.hu/pub/cygwin/n\",\n \"ftp://ftp.fsn.hu/pub/cygwin/ygwin/http://m\"\ ,\n \"ftp://ftp.fsn.hulhttp:\",\n \"ftp://ftp.fsn.hurs\",\n \"ftp://ftp.funet.fi\",\n \ \ \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/\",\n \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/e\",\n \"ftp://ftp.halifax.rwth-aachen.de/cygwin/dk/irror\"\ ,\n \"ftp://ftp.halifax.rwth-aachen.der\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://m\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://mp\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\",\n \"ftp://ftp.iij.ad.jphttp\"\ ,\n \"ftp://ftp.inf.tu-dresden.de\",\n \"ftp://ftp.inf.tu-dresden.degor\",\n \"ftp://ftp.inf.tu-dresden.derror\"\ ,\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/\",\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/http:/\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/http://m\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://\",\n \"ftp://ftp.kr.freebsd.orgermany\",\n \"ftp://ftp.kr.freebsd.orghttps://\"\ ,\n \"ftp://ftp.l\",\n \"ftp://ftp.m/\",\n \"ftp://ftp.mirrorservice.orghttps://ftp.\",\n \ \ \"ftp://ftp.ntu.edu.tw/pub/cygwin/\",\n \"ftp://ftp.ntu.edu.tw/pub/cygwin/https:/\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin//http://m\",\n\ \ \"ftp://ftp.ntua.gr/pub/pc/cygwin/p\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/s\",\n \"ftp://ftp.rnl.tecnico.ulisboa.pt/pub/cygwin/irror\"\ ,\n \"ftp://ftp.snt.utwente.nlgwin//\",\n \"ftp://ftp.snt.utwente.nlp\",\n \"ftp://ftp.twaren.net/Unix/sourceware.org/cygwin/in/koddos\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jp\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/p\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pn\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/c\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/http:\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/https://\",\n \"ftp://mirror.checkdomain.de/cygwin/\",\n \"ftp://mirror.checkdomain.de/cygwin/cygwin\"\ ,\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin//n/ite\",\n \"ftp://mirror.datacenter.by\",\n \"ftp://mirror.datacenter.by/pub/mirrors/cygwin/http://m\"\ ,\n \"ftp://mirror.datacenter.byp\",\n \"ftp://mirror.datacenter.bywin/http://m\",\n \"ftp://mirror.easyname.at/cygwin/r\"\ ,\n \"ftp://mirror.easyname.atch.den/http:/\",\n \"ftp://mirror.i\",\n \"ftp://mirror.internode.on.net/pub/cygwin/ygwin/r\"\ ,\n \"ftp://mirror.lagoon.nc/cygwin/\",\n \"ftp://mirror.lagoon.nc/cygwin/http://lii\",\n \"ftp://mirror.lagoon.nc/cygwin/http://m\"\ ,\n \"ftp://mirror.lagoon.nc/cygwin/p\",\n \"ftp://mirror.lagoon.nc/cygwin/win\",\n \"ftp://mirror.rise.ph/cygwin/cygwin/http/\"\ ,\n \"ftp://mirror.rise.phwarez\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/http://f\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/rror\"\ ,\n \"ftp://mirrors.dotsrc.orgn.dehttp://f\",\n \"ftp://mirrors.netix.net/cygwin/https://\",\n \"ftp://mirrors.xmission.com/cygwin/tp\"\ ,\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://s\",\n \ \ \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://J\",\n \ \ \"ftp://sunsite.icm.edu.plp\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://cps.letsencrypt.org0\",\n \ \ \"http://cps.root-x1.letsencrypt.org0\",\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://cygwin.cathedral-\"\ ,\n \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org-\",\n \"http://cygwin.cathedral-networks.org.org/cygwin/\"\ ,\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/)\",\n \"http://cygwin.cathedral-networks.org/-a\"\ ,\n \"http://cygwin.cathedral-networks.org/.\",\n \"http://cygwin.cathedral-networks.org/.d\",\n \"http://cygwin.cathedral-networks.org/.e\"\ ,\n \"http://cygwin.cathedral-networks.org/.md\",\n \"http://cygwin.cathedral-networks.org/.n\",\n \"http://cygwin.cathedral-networks.org/.o\"\ ,\n \"http://cygwin.cathedral-networks.org/.oL\",\n \"http://cygwin.cathedral-networks.org/.v\",\n \"http://cygwin.cathedral-networks.org//\"\ ,\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org///1\",\n \"http://cygwin.cathedral-networks.org///5\"\ ,\n \"http://cygwin.cathedral-networks.org///=\",\n \"http://cygwin.cathedral-networks.org///Q\",\n \"http://cygwin.cathedral-networks.org///T\"\ ,\n \"http://cygwin.cathedral-networks.org///Z\",\n \"http://cygwin.cathedral-networks.org//1\",\n \"http://cygwin.cathedral-networks.org//2\"\ ,\n \"http://cygwin.cathedral-networks.org//L\",\n \"http://cygwin.cathedral-networks.org//d\",\n \"http://cygwin.cathedral-networks.org//f\"\ ,\n \"http://cygwin.cathedral-networks.org//f/\",\n \"http://cygwin.cathedral-networks.org//l\",\n \"http://cygwin.cathedral-networks.org//m\"\ ,\n \"http://cygwin.cathedral-networks.org//mW\",\n \"http://cygwin.cathedral-networks.org//sg\",\n \"http://cygwin.cathedral-networks.org//w\"\ ,\n \"http://cygwin.cathedral-networks.org/9\",\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\"\ ,\n \"http://cygwin.cathedral-networks.org/=\",\n \"http://cygwin.cathedral-networks.org/B\",\n \"http://cygwin.cathedral-networks.org/M\"\ ,\n \"http://cygwin.cathedral-networks.org/P\",\n \"http://cygwin.cathedral-networks.org/R\",\n \"http://cygwin.cathedral-networks.org/S\"\ ,\n \"http://cygwin.cathedral-networks.org/U\",\n \"http://cygwin.cathedral-networks.org/Un\",\n \"http://cygwin.cathedral-networks.org/V\"\ ,\n \"http://cygwin.cathedral-networks.org/Z\",\n \"http://cygwin.cathedral-networks.org/al\",\n \"http://cygwin.cathedral-networks.org/ar\"\ ,\n \"http://cygwin.cathedral-networks.org/au\",\n \"http://cygwin.cathedral-networks.org/cj\",\n \"http://cygwin.cathedral-networks.org/cy\"\ ,\n \"http://cygwin.cathedral-networks.org/d\",\n \"http://cygwin.cathedral-networks.org/de\",\n \"http://cygwin.cathedral-networks.org/doF\"\ ,\n \"http://cygwin.cathedral-networks.org/e\",\n \"http://cygwin.cathedral-networks.org/ed\",\n \"http://cygwin.cathedral-networks.org/fs\"\ ,\n \"http://cygwin.cathedral-networks.org/ft\",\n \"http://cygwin.cathedral-networks.org/ftI\",\n \"http://cygwin.cathedral-networks.org/ftW\"\ ,\n \"http://cygwin.cathedral-networks.org/g\",\n \"http://cygwin.cathedral-networks.org/in\",\n \"http://cygwin.cathedral-networks.org/it\"\ ,\n \"http://cygwin.cathedral-networks.org/la\",\n \"http://cygwin.cathedral-networks.org/li\",\n \"http://cygwin.cathedral-networks.org/lo\"\ ,\n \"http://cygwin.cathedral-networks.org/m\",\n \"http://cygwin.cathedral-networks.org/m-\",\n \"http://cygwin.cathedral-networks.org/n\"\ ,\n \"http://cygwin.cathedral-networks.org/n/\",\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/pT\"\ ,\n \"http://cygwin.cathedral-networks.org/ps\",\n \"http://cygwin.cathedral-networks.org/r.\",\n \"http://cygwin.cathedral-networks.org/ra\"\ ,\n \"http://cygwin.cathedral-networks.org/s.\",\n \"http://cygwin.cathedral-networks.org/t\",\n \"http://cygwin.cathedral-networks.org/tp\"\ ,\n \"http://cygwin.cathedral-networks.org/tp#1\",\n \"http://cygwin.cathedral-networks.org/ts\",\n \"http://cygwin.cathedral-networks.org/u\"\ ,\n \"http://cygwin.cathedral-networks.org/u.\",\n \"http://cygwin.cathedral-networks.org/ub\",\n \"http://cygwin.cathedral-networks.org/v\"\ ,\n \"http://cygwin.cathedral-networks.org/w\",\n \"http://cygwin.cathedral-networks.org2\",\n \"http://cygwin.cathedral-networks.org4\"\ ,\n \"http://cygwin.cathedral-networks.org://\",\n \"http://cygwin.cathedral-networks.orgC\",\n \"http://cygwin.cathedral-networks.orgD\"\ ,\n \"http://cygwin.cathedral-networks.orgR\",\n \"http://cygwin.cathedral-networks.orgali\",\n \"http://cygwin.cathedral-networks.orgata\"\ ,\n \"http://cygwin.cathedral-networks.orgb\",\n \"http://cygwin.cathedral-networks.orgb/m\",\n \"http://cygwin.cathedral-networks.orgc\"\ ,\n \"http://cygwin.cathedral-networks.orgc.%\",\n \"http://cygwin.cathedral-networks.orgedH\",\n \"http://cygwin.cathedral-networks.orgfr4\"\ ,\n \"http://cygwin.cathedral-networks.orggad\",\n \"http://cygwin.cathedral-networks.orght\",\n \"http://cygwin.cathedral-networks.orghtt\"\ ,\n \"http://cygwin.cathedral-networks.orghtt:\",\n \"http://cygwin.cathedral-networks.orgi\",\n \"http://cygwin.cathedral-networks.orgjp\"\ ,\n \"http://cygwin.cathedral-networks.orgmir-\",\n \"http://cygwin.cathedral-networks.orgn/\",\n \"http://cygwin.cathedral-networks.orgn/9\"\ ,\n \"http://cygwin.cathedral-networks.orgor\",\n \"http://cygwin.cathedral-networks.orgran\",\n \"http://cygwin.cathedral-networks.orgrr\"\ ,\n \"http://cygwin.cathedral-networks.orgs/cx\",\n \"http://cygwin.cathedral-networks.orgtac\",\n \"http://cygwin.cathedral-networks.orgtud\"\ ,\n \"http://cygwin.cathedral-networks.orguts6\",\n \"http://cygwin.cathedral-networks.orgwina\",\n \"http://cygwin.mbwarez\"\ ,\n \"http://cygwin.mbwarez%\",\n \"http://cygwin.mbwarez%%qc\",\n \"http://cygwin.mbwarez.dk\",\n \ \ \"http://cygwin.mbwarez.dk-bochum.deg/a\",\n \"http://cygwin.mbwarez.dk.ac.jp/\",\n \"http://cygwin.mbwarez.dk.at/cygwin/a\"\ ,\n \"http://cygwin.mbwarez.dk.au\",\n \"http://cygwin.mbwarez.dk.aun/lub\",\n \"http://cygwin.mbwarez.dk.byygw\"\ ,\n \"http://cygwin.mbwarez.dk.byygwin/://m\",\n \"http://cygwin.mbwarez.dk.de/cygwin/\",\n \"http://cygwin.mbwarez.dk.de/cygwin/N\"\ ,\n \"http://cygwin.mbwarez.dk.org/o.net/c\",\n \"http://cygwin.mbwarez.dk.orgP4\",\n \"http://cygwin.mbwarez.dk.orgcygwin/w\"\ ,\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/)ci\",\n \"http://cygwin.mbwarez.dk/)cn\",\n \ \ \"http://cygwin.mbwarez.dk/.ac.nz\",\n \"http://cygwin.mbwarez.dk/.ad.jp7\",\n \"http://cygwin.mbwarez.dk/.cn/cygwin/-hB\"\ ,\n \"http://cygwin.mbwarez.dk/.de\",\n \"http://cygwin.mbwarez.dk/.de/ub/cygwi\",\n \"http://cygwin.mbwarez.dk/.degwin/\"\ ,\n \"http://cygwin.mbwarez.dk/.detp.snt.0\",\n \"http://cygwin.mbwarez.dk/.jpin/\",\n \"http://cygwin.mbwarez.dk/.kr.free=\"\ ,\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk////\",\n \"http://cygwin.mbwarez.dk///cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk///cygwin/X\",\n \"http://cygwin.mbwarez.dk///ftp.yz.ya\",\n \"http://cygwin.mbwarez.dk///in/n/\"\ ,\n \"http://cygwin.mbwarez.dk///ygwin/W\",\n \"http://cygwin.mbwarez.dk//al.ca/L\",\n \"http://cygwin.mbwarez.dk//cygwin.viem-i0\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/\",\n \"http://cygwin.mbwarez.dk//cygwin//\",\n \"http://cygwin.mbwarez.dk//cygwin///W\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin//H\",\n \"http://cygwin.mbwarez.dk//cygwin/E\",\n \"http://cygwin.mbwarez.dk//cygwin/m\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/o/\",\n \"http://cygwin.mbwarez.dk//cygwin32/\",\n \"http://cygwin.mbwarez.dk//gwin/\"\ ,\n \"http://cygwin.mbwarez.dk//in/\",\n \"http://cygwin.mbwarez.dk//in//n/4\",\n \"http://cygwin.mbwarez.dk//in/n//\"\ ,\n \"http://cygwin.mbwarez.dk//mirro\",\n \"http://cygwin.mbwarez.dk//mirror-hk.\",\n \"http://cygwin.mbwarez.dk//n//\"\ ,\n \"http://cygwin.mbwarez.dk//n//in/\",\n \"http://cygwin.mbwarez.dk//n/ror\",\n \"http://cygwin.mbwarez.dk//sourceware.orV\"\ ,\n \"http://cygwin.mbwarez.dk/0\",\n \"http://cygwin.mbwarez.dk/05\",\n \"http://cygwin.mbwarez.dk/1\",\n \ \ \"http://cygwin.mbwarez.dk/;\",\n \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\",\n \"http://cygwin.mbwarez.dk/Asia\"\ ,\n \"http://cygwin.mbwarez.dk/China.i%\",\n \"http://cygwin.mbwarez.dk/Denmark\",\n \"http://cygwin.mbwarez.dk/I\"\ ,\n \"http://cygwin.mbwarez.dk/M\",\n \"http://cygwin.mbwarez.dk/Pc\",\n \"http://cygwin.mbwarez.dk/Q\",\n \ \ \"http://cygwin.mbwarez.dk/Wc\",\n \"http://cygwin.mbwarez.dk/ac.jprgin/~\",\n \"http://cygwin.mbwarez.dk/ac.nzttps://\"\ ,\n \"http://cygwin.mbwarez.dk/agata-u.ac.jp\",\n \"http://cygwin.mbwarez.dk/amagata-\",\n \"http://cygwin.mbwarez.dk/argasso.net/\"\ ,\n \"http://cygwin.mbwarez.dk/auca.no/ud\",\n \"http://cygwin.mbwarez.dk/c.jp/pub/cygwi\",\n \"http://cygwin.mbwarez.dk/c/prog/cygw\"\ ,\n \"http://cygwin.mbwarez.dk/center.byt\",\n \"http://cygwin.mbwarez.dk/chum.de//P\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cn/cygwin/(\",\n \"http://cygwin.mbwarez.dk/cygwin\",\n \"http://cygwin.mbwarez.dk/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/.nct\",\n \"http://cygwin.mbwarez.dk/cygwin//\",\n \"http://cygwin.mbwarez.dk/cygwin//s://\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/2/T\",\n \"http://cygwin.mbwarez.dk/cygwin/c.jp\",\n \"http://cygwin.mbwarez.dk/cygwin/et\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/g\",\n \"http://cygwin.mbwarez.dk/cygwin/in/n\",\n \"http://cygwin.mbwarez.dk/cygwin/n/\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/n/r\",\n \"http://cygwin.mbwarez.dk/cygwin32/\",\n \"http://cygwin.mbwarez.dk/de\"\ ,\n \"http://cygwin.mbwarez.dk/de/cygwin/\",\n \"http://cygwin.mbwarez.dk/e\",\n \"http://cygwin.mbwarez.dk/ee/cygwin/z\"\ ,\n \"http://cygwin.mbwarez.dk/en.dein/\",\n \"http://cygwin.mbwarez.dk/etworks.org/G\",\n \"http://cygwin.mbwarez.dk/g.cax.net\"\ ,\n \"http://cygwin.mbwarez.dk/g/cygwin/\",\n \"http://cygwin.mbwarez.dk/gen.de\",\n \"http://cygwin.mbwarez.dk/gie.frwin/\"\ ,\n \"http://cygwin.mbwarez.dk/grg.usp.br\",\n \"http://cygwin.mbwarez.dk/gwin/\",\n \"http://cygwin.mbwarez.dk/gwin//\"\ ,\n \"http://cygwin.mbwarez.dk/gwin//n/\",\n \"http://cygwin.mbwarez.dk/gwin/7\",\n \"http://cygwin.mbwarez.dk/gwin/B\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/de/down\",\n \"http://cygwin.mbwarez.dk/gwin/ftp://ft\",\n \"http://cygwin.mbwarez.dk/gwin/h\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/http://m\",\n \"http://cygwin.mbwarez.dk/gwin/in/\",\n \"http://cygwin.mbwarez.dk/gwin/in/com\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/n/\",\n \"http://cygwin.mbwarez.dk/gwin/n//\",\n \"http://cygwin.mbwarez.dk/gwin/org/uxa\"\ ,\n \"http://cygwin.mbwarez.dk/h.dewin/cat\",\n \"http://cygwin.mbwarez.dk/hen.de.by:\",\n \"http://cygwin.mbwarez.dk/ia/mirrors/cyg\"\ ,\n \"http://cygwin.mbwarez.dk/in/\",\n \"http://cygwin.mbwarez.dk/in/fr/pub/\",\n \"http://cygwin.mbwarez.dk/in/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/in/gwin/7\",\n \"http://cygwin.mbwarez.dk/in/n//jp\",\n \"http://cygwin.mbwarez.dk/in/n/7\"\ ,\n \"http://cygwin.mbwarez.dk/in/urope\",\n \"http://cygwin.mbwarez.dk/in/ygwin/\",\n \"http://cygwin.mbwarez.dk/k/ygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/lip6.fromm\",\n \"http://cygwin.mbwarez.dk/m/cygwin/\",\n \"http://cygwin.mbwarez.dk/m/cygwin//c\"\ ,\n \"http://cygwin.mbwarez.dk/main\",\n \"http://cygwin.mbwarez.dk/many\",\n \"http://cygwin.mbwarez.dk/me.atijp\"\ ,\n \"http://cygwin.mbwarez.dk/mirror.a2\",\n \"http://cygwin.mbwarez.dk/n\",\n \"http://cygwin.mbwarez.dk/n.de\"\ ,\n \"http://cygwin.mbwarez.dk/n//a\",\n \"http://cygwin.mbwarez.dk/n/ckdomain\",\n \"http://cygwin.mbwarez.dk/n/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/n/cygwin/;\",\n \"http://cygwin.mbwarez.dk/n/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/n/cygwin/t/\"\ ,\n \"http://cygwin.mbwarez.dk/n/in//\",\n \"http://cygwin.mbwarez.dk/n/in///\",\n \"http://cygwin.mbwarez.dk/net/\"\ ,\n \"http://cygwin.mbwarez.dk/netgwin/ralaF\",\n \"http://cygwin.mbwarez.dk/nia\",\n \"http://cygwin.mbwarez.dk/nterbury.ac\"\ ,\n \"http://cygwin.mbwarez.dk/nwin/\",\n \"http://cygwin.mbwarez.dk/om/cygwin/\",\n \"http://cygwin.mbwarez.dk/org.usp.br?\"\ ,\n \"http://cygwin.mbwarez.dk/os.net/cygwin/cygwin//\",\n \"http://cygwin.mbwarez.dk/p\",\n \"http://cygwin.mbwarez.dk/p.jaist.ac.jp\"\ ,\n \"http://cygwin.mbwarez.dk/p.yz.yP\",\n \"http://cygwin.mbwarez.dk/pub/cygwin/\",\n \"http://cygwin.mbwarez.dk/pub/cygwin/7\"\ ,\n \"http://cygwin.mbwarez.dk/rafal.ca/\",\n \"http://cygwin.mbwarez.dk/rcewa\",\n \"http://cygwin.mbwarez.dk/rg/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/rgasso.net/\",\n \"http://cygwin.mbwarez.dk/rgcom/et/yn4\",\n \"http://cygwin.mbwarez.dk/rloo.caet/ct\"\ ,\n \"http://cygwin.mbwarez.dk/rmany\",\n \"http://cygwin.mbwarez.dk/rmanyn/datac\",\n \"http://cygwin.mbwarez.dk/ropeP\"\ ,\n \"http://cygwin.mbwarez.dk/rror.datacente\",\n \"http://cygwin.mbwarez.dk/rror/cygwin/H\",\n \"http://cygwin.mbwarez.dk/sd\"\ ,\n \"http://cygwin.mbwarez.dk/stralia)\",\n \"http://cygwin.mbwarez.dk/t\",\n \"http://cygwin.mbwarez.dk/t/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/t/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/t/cygwin/slin\",\n \"http://cygwin.mbwarez.dk/tp://c\"\ ,\n \"http://cygwin.mbwarez.dk/tworks.org/\",\n \"http://cygwin.mbwarez.dk/tworks.org/E\",\n \"http://cygwin.mbwarez.dk/tygwin//\"\ ,\n \"http://cygwin.mbwarez.dk/u.cn\",\n \"http://cygwin.mbwarez.dk/utcygwin/V\",\n \"http://cygwin.mbwarez.dk/win/\"\ ,\n \"http://cygwin.mbwarez.dk/win////c\",\n \"http://cygwin.mbwarez.dk/win///U\",\n \"http://cygwin.mbwarez.dk/win//;\"\ ,\n \"http://cygwin.mbwarez.dk/win/1\",\n \"http://cygwin.mbwarez.dk/win/R\",\n \"http://cygwin.mbwarez.dk/win/gwin/\"\ ,\n \"http://cygwin.mbwarez.dk/win/in/\",\n \"http://cygwin.mbwarez.dk/win/in//8\"\n ],\n \"description\"\ : \"URLs found in memory or binary data\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"id\": \"7058\"\ ,\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.9:49712 version: TLS 1.2\"\n ],\n \"description\"\ : \"Uses secure TLS version for HTTPS connections\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"description\"\ : \"Uses HTTPS\",\n \"match_data\": [\n \"HTTP traffic on port 49726 -> 443\",\n \"HTTP traffic on port 443 -> 49726\"\ \n ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"625\"\n },\n {\n \ \ \"refs\": [\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000001.00000002.4700881249.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp,\ \ software.exe, 00000001.00000002.4701422094.0000000000D84000.00000004.00000020.00020000.00000000.sdmp\"\n },\n {\n \ \ \"ref\": \"#memory_dumps\",\n \"value\": \"software.exe, 00000001.00000002.4701422094.0000000000D84000.00000004.00000020.00020000.00000000.sdmp\"\n \ \ }\n ],\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\"\ ,\n \"match_data\": [\n \"Hyper-V RAW\"\n ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \ \ \"id\": \"263\"\n },\n {\n \"description\": \"URLs found in memory or binary data\",\n \"match_data\"\ : [\n \"ftp://cygwin.mirror.rafal.ca/pub/cygwin/org//https://r\",\n \"ftp://cygwin.mirror.rafal.cahttps://h\",\n \ \ \"ftp://ftp-stud.hs-esslingen.de/pub/Mirrors/sources.redhat.com/cygwin/http://m\",\n \"ftp://ftp-stud.hs-esslingen.dein\",\n \"ftp://ftp.byfly.by\"\ ,\n \"ftp://ftp.byfly.by/pub/cygwin///http:s\",\n \"ftp://ftp.eq.uc.pt\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://5\"\ ,\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://mirror-hk.koddos.net/cygwin/\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://r\"\ ,\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/rror\",\n \"ftp://ftp.fa\",\n \"ftp://ftp.fau.de/cygwin/e\"\ ,\n \"ftp://ftp.fs\",\n \"ftp://ftp.fsn.hu/pub/cygwin/\",\n \"ftp://ftp.fsn.hunohttp\",\n \ \ \"ftp://ftp.funet.fi\",\n \"ftp://ftp.ha\",\n \"ftp://ftp.halifax.rwth-aachen.de\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/\"\ ,\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://m\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/https://\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/ror\"\ ,\n \"ftp://ftp.iij.ad.jphttpv\",\n \"ftp://ftp.inf.tu-dresden.de/software/windows/cygwin32/http://f;\",\n \"ftp://ftp.inf.tu-dresden.de/software/windows/cygwin32/https://\"\ ,\n \"ftp://ftp.inf.tu-dresden.degwin/\",\n \"ftp://ftp.inf.tu-dresden.den.hu\",\n \"ftp://ftp.inf.tu-dresden.derror\"\ ,\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/\",\n \"ftp://ftp.jaist.ac.jp/pub/cygwin/http:\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://\"\ ,\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://1\",\n \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://?\",\n \ \ \"ftp://ftp.kr.freebsd.org/pub/cygwin.com/cygwin/https://f\",\n \"ftp://ftp.lip6.fr/pub/cygwin/https://ft\",\n \"ftp://ftp.lip6.fr/pub/cygwin/win\"\ ,\n \"ftp://ftp.lip6.frhttps:S\",\n \"ftp://ftp.m\",\n \"ftp://ftp.mirrorservice.orgg\",\n \ \ \"ftp://ftp.mirrorservice.orgp\",\n \"ftp://ftp.muug.ca\",\n \"ftp://ftp.n\",\n \"ftp://ftp.ntu.edu.tw/pub/cygwin/rs\"\ ,\n \"ftp://ftp.ntua.gr\",\n \"ftp://ftp.ntua.grhttps:7\",\n \"ftp://ftp.snt.utwente.nl\",\n \ \ \"ftp://ftp.snt.utwente.nl/pub/software/cygwin/win/\",\n \"ftp://ftp.snt.utwente.nlx\",\n \"ftp://ftp.twaren.net/Unix/sourceware.org/cygwin/\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jp\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/http:\",\n \"ftp://ftp.yz.yamagata-u.ac.jp/pub/cygwin/or\"\ ,\n \"ftp://ftp.yz.yamagata-u.ac.jpa\",\n \"ftp://linux.rz.ruhr-uni-bochum.de/cygwin/y\",\n \"ftp://mirror.checkdomain.demirror\"\ ,\n \"ftp://mirror.checkdomain.detp\",\n \"ftp://mirror.csclub.uwaterloo.ca/cygwin/\",\n \"ftp://mirror.csclub.uwaterloo.cahttps:\"\ ,\n \"ftp://mirror.datacenter.by.jp/\",\n \"ftp://mirror.datacenter.byma\",\n \"ftp://mirror.easyname.at/cygwin/http://\"\ ,\n \"ftp://mirror.internode.on.net/pub/cygwin//cygwin/http:\",\n \"ftp://mirror.internode.on.net/pub/cygwin/gwin/http://m\",\n \ \ \"ftp://mirror.lagoon.nc/cygwin/https://\",\n \"ftp://mirror.lagoon.nc/cygwin/r\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/\"\ ,\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/http://f\",\n \"ftp://mirrors.dotsrc.orgst\",\n \"ftp://mirrors.netix.net/cygwin/https://%\"\ ,\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/\",\n \ \ \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://c\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://q\"\ ,\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/in\",\n \"http://ac.economia.gob.mx/cps.html0\",\n \"http://ac.economia.gob.mx/last.crl0G\"\ ,\n \"http://acedicom.edicomgroup.com/doc0\",\n \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0\"\ ,\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\",\n \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \ \ \"http://ca.disig.sk/ca/crl/ca_disig.crl0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0g\",\n\ \ \"http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03\",\n \"http://ca.mtin.es/mtin/ocsp0\",\n \"http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0\"\ ,\n \"http://certificates.starfieldtech.com/repository/1604\",\n \"http://certs.oati.net/repository/OATICA2.crl0\",\n \ \ \"http://certs.oati.net/repository/OATICA2.crt0\",\n \"http://certs.oaticerts.com/repository/OATICA2.crl\",\n \"http://certs.oaticerts.com/repository/OATICA2.crt08\"\ ,\n \"http://cps.chambersign.org/cps/chambersignroot.html0\",\n \"http://cps.chambersign.org/cps/chambersroot.html0\",\n \ \ \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\",\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \ \ \"http://crl.certigna.fr/certignarootca.crl01\",\n \"http://crl.chambersign.org/chambersignroot.crl0\",\n \"http://crl.chambersign.org/chambersroot.crl0\"\ ,\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \"http://crl.defence.gov.au/pki0\",\n \"http://crl.dhimyotis.com/certignarootca.crl0\"\ ,\n \"http://crl.globalsign.net/root-r2.crl0\",\n \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\"\ ,\n \"http://crl.pki.wellsfargo.com/wsprca.crl0\",\n \"http://crl.securetrust.com/SGCA.crl0\",\n \"http://crl.securetrust.com/STCA.crl0\"\ ,\n \"http://crl.ssc.lt/root-a/cacrl.crl0\",\n \"http://crl.ssc.lt/root-b/cacrl.crl0\",\n \"http://crl.ssc.lt/root-c/cacrl.crl0\"\ ,\n \"http://crl.xrampsecurity.com/XGCA.crl0\",\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\",\n \"\ http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab1\",\n \"http://ctldl.windowsupdate.com:80\",\n\ \ \"http://cygwin.cathedral-\",\n \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org&\"\ ,\n \"http://cygwin.cathedral-networks.org(\",\n \"http://cygwin.cathedral-networks.org.\",\n \"http://cygwin.cathedral-networks.org.nl\"\ ,\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/#\",\n \"http://cygwin.cathedral-networks.org/%\"\ ,\n \"http://cygwin.cathedral-networks.org/)\",\n \"http://cygwin.cathedral-networks.org/-\",\n \"http://cygwin.cathedral-networks.org/-h\"\ ,\n \"http://cygwin.cathedral-networks.org/.\",\n \"http://cygwin.cathedral-networks.org/.f\",\n \"http://cygwin.cathedral-networks.org/.l\"\ ,\n \"http://cygwin.cathedral-networks.org/.m\",\n \"http://cygwin.cathedral-networks.org//\",\n \"http://cygwin.cathedral-networks.org//#\"\ ,\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org///ftp.halifax.rwth-aachen.deps://ftp.eq.uc.ptjp\"\ ,\n \"http://cygwin.cathedral-networks.org///k\",\n \"http://cygwin.cathedral-networks.org//A\",\n \"http://cygwin.cathedral-networks.org//C\"\ ,\n \"http://cygwin.cathedral-networks.org//J\",\n \"http://cygwin.cathedral-networks.org//Q\",\n \"http://cygwin.cathedral-networks.org//S\"\ ,\n \"http://cygwin.cathedral-networks.org//T\",\n \"http://cygwin.cathedral-networks.org//Y\",\n \"http://cygwin.cathedral-networks.org//a\"\ ,\n \"http://cygwin.cathedral-networks.org//c\",\n \"http://cygwin.cathedral-networks.org//f\",\n \"http://cygwin.cathedral-networks.org//fN\"\ ,\n \"http://cygwin.cathedral-networks.org//p\",\n \"http://cygwin.cathedral-networks.org//pj\",\n \"http://cygwin.cathedral-networks.org//w\"\ ,\n \"http://cygwin.cathedral-networks.org/1\",\n \"http://cygwin.cathedral-networks.org/5\",\n \"http://cygwin.cathedral-networks.org/7\"\ ,\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\",\n \"http://cygwin.cathedral-networks.org/=\"\ ,\n \"http://cygwin.cathedral-networks.org/A\",\n \"http://cygwin.cathedral-networks.org/AmQ\",\n \"http://cygwin.cathedral-networks.org/C\"\ ,\n \"http://cygwin.cathedral-networks.org/E\",\n \"http://cygwin.cathedral-networks.org/J\",\n \"http://cygwin.cathedral-networks.org/L\"\ ,\n \"http://cygwin.cathedral-networks.org/R\",\n \"http://cygwin.cathedral-networks.org/S\",\n \"http://cygwin.cathedral-networks.org/T\"\ ,\n \"http://cygwin.cathedral-networks.org/W\",\n \"http://cygwin.cathedral-networks.org/X\",\n \"http://cygwin.cathedral-networks.org/Y\"\ ,\n \"http://cygwin.cathedral-networks.org/_\",\n \"http://cygwin.cathedral-networks.org/a\",\n \"http://cygwin.cathedral-networks.org/aZ\"\ ,\n \"http://cygwin.cathedral-networks.org/bu3\",\n \"http://cygwin.cathedral-networks.org/c\",\n \"http://cygwin.cathedral-networks.org/ck\"\ ,\n \"http://cygwin.cathedral-networks.org/d\",\n \"http://cygwin.cathedral-networks.org/de\",\n \"http://cygwin.cathedral-networks.org/e\"\ ,\n \"http://cygwin.cathedral-networks.org/edJ\",\n \"http://cygwin.cathedral-networks.org/et\",\n \"http://cygwin.cathedral-networks.org/f\"\ ,\n \"http://cygwin.cathedral-networks.org/fl\",\n \"http://cygwin.cathedral-networks.org/ft\",\n \"http://cygwin.cathedral-networks.org/h\"\ ,\n \"http://cygwin.cathedral-networks.org/i\",\n \"http://cygwin.cathedral-networks.org/in\",\n \"http://cygwin.cathedral-networks.org/ix\"\ ,\n \"http://cygwin.cathedral-networks.org/j\",\n \"http://cygwin.cathedral-networks.org/ja\",\n \"http://cygwin.cathedral-networks.org/l\"\ ,\n \"http://cygwin.cathedral-networks.org/la\",\n \"http://cygwin.cathedral-networks.org/li\",\n \"http://cygwin.cathedral-networks.org/ly\"\ ,\n \"http://cygwin.cathedral-networks.org/m\",\n \"http://cygwin.cathedral-networks.org/m/\",\n \"http://cygwin.cathedral-networks.org/n/\"\ ,\n \"http://cygwin.cathedral-networks.org/nlW\",\n \"http://cygwin.cathedral-networks.org/o\",\n \"http://cygwin.cathedral-networks.org/oR\"\ ,\n \"http://cygwin.cathedral-networks.org/p\",\n \"http://cygwin.cathedral-networks.org/ps\",\n \"http://cygwin.cathedral-networks.org/r\"\ ,\n \"http://cygwin.cathedral-networks.org/r.\",\n \"http://cygwin.cathedral-networks.org/s.\",\n \"http://cygwin.cathedral-networks.org/s:\"\ ,\n \"http://cygwin.cathedral-networks.org/st\",\n \"http://cygwin.cathedral-networks.org/t\",\n \"http://cygwin.cathedral-networks.org/tp\"\ ,\n \"http://cygwin.cathedral-networks.org/tt\",\n \"http://cygwin.cathedral-networks.org/uk\",\n \"http://cygwin.cathedral-networks.org/wB\"\ ,\n \"http://cygwin.cathedral-networks.org/wiO\",\n \"http://cygwin.cathedral-networks.org/y\",\n \"http://cygwin.cathedral-networks.org/y8\"\ ,\n \"http://cygwin.cathedral-networks.org/ygp\",\n \"http://cygwin.cathedral-networks.org/yn\",\n \"http://cygwin.cathedral-networks.org1\"\ ,\n \"http://cygwin.cathedral-networks.org2\",\n \"http://cygwin.cathedral-networks.org3\",\n \"http://cygwin.cathedral-networks.org7\"\ ,\n \"http://cygwin.cathedral-networks.org://\",\n \"http://cygwin.cathedral-networks.org://R\",\n \"http://cygwin.cathedral-networks.org=\"\ ,\n \"http://cygwin.cathedral-networks.orgC\",\n \"http://cygwin.cathedral-networks.orgI\",\n \"http://cygwin.cathedral-networks.orgN\"\ ,\n \"http://cygwin.cathedral-networks.orga\",\n \"http://cygwin.cathedral-networks.orgcom\",\n \"http://cygwin.cathedral-networks.orgd\"\ ,\n \"http://cygwin.cathedral-networks.orge.o\",\n \"http://cygwin.cathedral-networks.orgf\",\n \"http://cygwin.cathedral-networks.orghtt\"\ ,\n \"http://cygwin.cathedral-networks.orghum\",\n \"http://cygwin.cathedral-networks.orgin.\",\n \"http://cygwin.cathedral-networks.orgir\"\ ,\n \"http://cygwin.cathedral-networks.orgjp\",\n \"http://cygwin.cathedral-networks.orgk\",\n \"http://cygwin.cathedral-networks.orgn/\"\ ,\n \"http://cygwin.cathedral-networks.orgom\",\n \"http://cygwin.cathedral-networks.orgrgG\",\n \"http://cygwin.cathedral-networks.orgrs.\"\ ,\n \"http://cygwin.cathedral-networks.orgsyn\",\n \"http://cygwin.cathedral-networks.orgt\",\n \"http://cygwin.cathedral-networks.orgta-\"\ ,\n \"http://cygwin.cathedral-networks.orgtp.V\",\n \"http://cygwin.cathedral-networks.orgum\",\n \"http://cygwin.mbwarez\"\ ,\n \"http://cygwin.mbwarez.dk\",\n \"http://cygwin.mbwarez.dk.ac.jp\",\n \"http://cygwin.mbwarez.dk.ac.jp/0\",\n\ \ \"http://cygwin.mbwarez.dk.comcygwin/\",\n \"http://cygwin.mbwarez.dk.de.com/\",\n \"http://cygwin.mbwarez.dk.de/cygwin/main.de.\"\ ,\n \"http://cygwin.mbwarez.dk.degwin//ror\",\n \"http://cygwin.mbwarez.dk.fsn.huwin/f\",\n \"http://cygwin.mbwarez.dk.funet.fio/\"\ ,\n \"http://cygwin.mbwarez.dk.garr.it/~\",\n \"http://cygwin.mbwarez.dk.net\",\n \"http://cygwin.mbwarez.dk.orgwin/.\"\ ,\n \"http://cygwin.mbwarez.dk.orgygwin/\",\n \"http://cygwin.mbwarez.dk/\",\n \"http://cygwin.mbwarez.dk/%\",\n\ \ \"http://cygwin.mbwarez.dk/(\",\n \"http://cygwin.mbwarez.dk/.\",\n \"http://cygwin.mbwarez.dk/.byfly.byjp\",\n\ \ \"http://cygwin.mbwarez.dk/.cagwin//\",\n \"http://cygwin.mbwarez.dk/.datacente\",\n \"http://cygwin.mbwarez.dk/.de/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/.de/cygwin/l\",\n \"http://cygwin.mbwarez.dk/.de/cygwin/mi\",\n \"http://cygwin.mbwarez.dk/.denz\"\ ,\n \"http://cygwin.mbwarez.dk/.edu.cn\",\n \"http://cygwin.mbwarez.dk/.jp/#\",\n \"http://cygwin.mbwarez.dk/.net\"\ ,\n \"http://cygwin.mbwarez.dk/.net&\",\n \"http://cygwin.mbwarez.dk/.netwin/b\",\n \"http://cygwin.mbwarez.dk/.terrahost\"\ ,\n \"http://cygwin.mbwarez.dk//\",\n \"http://cygwin.mbwarez.dk///in//\",\n \"http://cygwin.mbwarez.dk///mirror.ma\"\ ,\n \"http://cygwin.mbwarez.dk///mirrors.\",\n \"http://cygwin.mbwarez.dk//S\",\n \"http://cygwin.mbwarez.dk//cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/#\",\n \"http://cygwin.mbwarez.dk//cygwin//\",\n \"http://cygwin.mbwarez.dk//cygwin/en\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/g/\",\n \"http://cygwin.mbwarez.dk//cygwin/rg/k\",\n \"http://cygwin.mbwarez.dk//cygwin/suosl\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin/win/N\",\n \"http://cygwin.mbwarez.dk//cygwin32/\",\n \"http://cygwin.mbwarez.dk//cygwin32/2\"\ ,\n \"http://cygwin.mbwarez.dk//cygwin32/3\",\n \"http://cygwin.mbwarez.dk//gwin/n/\",\n \"http://cygwin.mbwarez.dk//gwin/n/v\"\ ,\n \"http://cygwin.mbwarez.dk//gwin32/\",\n \"http://cygwin.mbwarez.dk//n/gwin/\",\n \"http://cygwin.mbwarez.dk//n/in/\"\ ,\n \"http://cygwin.mbwarez.dk//pu\",\n \"http://cygwin.mbwarez.dk//pub/cygwin/c)\",\n \"http://cygwin.mbwarez.dk//win/a\"\ ,\n \"http://cygwin.mbwarez.dk//ygwin/\",\n \"http://cygwin.mbwarez.dk/0\",\n \"http://cygwin.mbwarez.dk/1\",\n \ \ \"http://cygwin.mbwarez.dk/3\",\n \"http://cygwin.mbwarez.dk/5\",\n \"http://cygwin.mbwarez.dk/:\",\n \ \ \"http://cygwin.mbwarez.dk/;cygwin.mbwarez.dk;Europe;Denmark;noshow\",\n \"http://cygwin.mbwarez.dk/=S\",\n \"http://cygwin.mbwarez.dk/L\"\ ,\n \"http://cygwin.mbwarez.dk/United\",\n \"http://cygwin.mbwarez.dk/a\",\n \"http://cygwin.mbwarez.dk/ata-u.ac.jp)\"\ ,\n \"http://cygwin.mbwarez.dk/b/cygwin//l\",\n \"http://cygwin.mbwarez.dk/ckdomain.deu\",\n \"http://cygwin.mbwarez.dk/cn/cygwin/\"\ ,\n \"http://cygwin.mbwarez.dk/cn/cygwin/7\",\n \"http://cygwin.mbwarez.dk/cygwin/\",\n \"http://cygwin.mbwarez.dk/cygwin/%\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/&\",\n \"http://cygwin.mbwarez.dk/cygwin//\",\n \"http://cygwin.mbwarez.dk/cygwin///m\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin//R\",\n \"http://cygwin.mbwarez.dk/cygwin//ft\",\n \"http://cygwin.mbwarez.dk/cygwin//r\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/G\",\n \"http://cygwin.mbwarez.dk/cygwin/cygwinP\",\n \"http://cygwin.mbwarez.dk/cygwin/e\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/l.ca\",\n \"http://cygwin.mbwarez.dk/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/cygwin/n/l\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin/r\",\n \"http://cygwin.mbwarez.dk/cygwin/ral\",\n \"http://cygwin.mbwarez.dk/cygwin/stc\"\ ,\n \"http://cygwin.mbwarez.dk/cygwin32/\",\n \"http://cygwin.mbwarez.dk/cygwin32/?\",\n \"http://cygwin.mbwarez.dk/d\"\ ,\n \"http://cygwin.mbwarez.dk/d.com/\",\n \"http://cygwin.mbwarez.dk/d.com/cygwin/\",\n \"http://cygwin.mbwarez.dk/d.comn//\"\ ,\n \"http://cygwin.mbwarez.dk/d/cygwin/n/\",\n \"http://cygwin.mbwarez.dk/dewin/(\",\n \"http://cygwin.mbwarez.dk/e/cygwin/.jp\"\ ,\n \"http://cygwin.mbwarez.dk/ecomt\",\n \"http://cygwin.mbwarez.dk/einrausch.de\",\n \"http://cygwin.mbwarez.dk/em\"\ ,\n \"http://cygwin.mbwarez.dk/ep\",\n \"http://cygwin.mbwarez.dk/et/cygwin/\",\n \"http://cygwin.mbwarez.dk/etgwin/\"\ ,\n \"http://cygwin.mbwarez.dk/etworks.org/\",\n \"http://cygwin.mbwarez.dk/g/cygwin/\",\n \"http://cygwin.mbwarez.dk/g/cygwin/7\"\ ,\n \"http://cygwin.mbwarez.dk/g/cygwin/n\",\n \"http://cygwin.mbwarez.dk/gwin/\",\n \"http://cygwin.mbwarez.dk/gwin/-\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/-u.ac.jp\",\n \"http://cygwin.mbwarez.dk/gwin//\",\n \"http://cygwin.mbwarez.dk/gwin//n/\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/in/\",\n \"http://cygwin.mbwarez.dk/gwin/n///miZ\",\n \"http://cygwin.mbwarez.dk/gwin/n/4\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/no/\",\n \"http://cygwin.mbwarez.dk/gwin/tmirror\",\n \"http://cygwin.mbwarez.dk/gwin/ware.\"\ ,\n \"http://cygwin.mbwarez.dk/gwin/win/\",\n \"http://cygwin.mbwarez.dk/h.de/mirror/cy\",\n \"http://cygwin.mbwarez.dk/h.de/win/.\"\ ,\n \"http://cygwin.mbwarez.dk/in.de/cygwiB\",\n \"http://cygwin.mbwarez.dk/in/\",\n \"http://cygwin.mbwarez.dk/in/4\"\ ,\n \"http://cygwin.mbwarez.dk/in/V\",\n \"http://cygwin.mbwarez.dk/in/gwin/\",\n \"http://cygwin.mbwarez.dk/in/irror.d\"\ ,\n \"http://cygwin.mbwarez.dk/in/n/in/b\",\n \"http://cygwin.mbwarez.dk/in/n/n/\",\n \"http://cygwin.mbwarez.dk/in/n/n/~\"\ ,\n \"http://cygwin.mbwarez.dk/in/tp://ft\",\n \"http://cygwin.mbwarez.dk/in/win/R\",\n \"http://cygwin.mbwarez.dk/in/win/S\"\ ,\n \"http://cygwin.mbwarez.dk/in/ygwin/\",\n \"http://cygwin.mbwarez.dk/in/ygwin/E\",\n \"http://cygwin.mbwarez.dk/inaa.pt\"\ ,\n \"http://cygwin.mbwarez.dk/inaf\",\n \"http://cygwin.mbwarez.dk/isboa.ptf\",\n \"http://cygwin.mbwarez.dk/l/pub/cygwip\"\ ,\n \"http://cygwin.mbwarez.dk/ly.com/\",\n \"http://cygwin.mbwarez.dk/m/cygwin//Unia\",\n \"http://cygwin.mbwarez.dk/m/cygwin/cygw\"\ ,\n \"http://cygwin.mbwarez.dk/mgwin/9\",\n \"http://cygwin.mbwarez.dk/n\",\n \"http://cygwin.mbwarez.dk/n.uib.no/sl.\"\ ,\n \"http://cygwin.mbwarez.dk/n/\",\n \"http://cygwin.mbwarez.dk/n/.no/.i)\",\n \"http://cygwin.mbwarez.dk/n//n/\"\ ,\n \"http://cygwin.mbwarez.dk/n/cygwin/\",\n \"http://cygwin.mbwarez.dk/n/gwin/\",\n \"http://cygwin.mbwarez.dk/n/gwin/m-\"\ \n ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"238\"\n },\n {\n \ \ \"description\": \"Uses secure TLS version for HTTPS connections\",\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.10:49726\ \ version: TLS 1.2\"\n ],\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"id\": \"7058\"\n },\n \ \ {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"HTTP traffic on port 49729 -> 443\",\n \ \ \"HTTP traffic on port 443 -> 49729\"\n ],\n \"id\": \"625\",\n \"description\": \"Uses HTTPS\"\n \ \ },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"refs\": [\n {\n \ \ \"ref\": \"#memory_dumps\",\n \"value\": \"file.exe, 00000001.00000002.4527137410.0000000000C59000.00000004.00000020.00020000.00000000.sdmp\"\n \ \ },\n {\n \"ref\": \"#memory_dumps\",\n \"value\": \"file.exe, 00000001.00000002.4527971958.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp\"\ \n }\n ],\n \"match_data\": [\n \"Hyper-V RAW0\",\n \"Hyper-V RAW\"\ \n ],\n \"id\": \"263\",\n \"description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found\ \ in memory)\"\n },\n {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \ \ \"ftp://cygwin.mirror.rafal.ca/pub/cygwin/\",\n \"ftp://ftp-stud.hs-esslingen.de\",\n \"ftp://ftp-stud.hs-esslingen.dehttp://f\",\n \ \ \"ftp://ftp.acc.umu.se/mirror/cygwin/http\",\n \"ftp://ftp.byfly.by/pub/cygwin/ygwin/httpR\",\n \"ftp://ftp.byfly.byet\"\ ,\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/http://m4WB\",\n \"ftp://ftp.eq.uc.pt/pub/software/pc/prog/cygwin/https://\",\n \ \ \"ftp://ftp.fau.de\",\n \"ftp://ftp.fs\",\n \"ftp://ftp.fsn.hu/pub/cygwin/\",\n \"ftp://ftp.fsn.hu/pub/cygwin/echttps://\"\ ,\n \"ftp://ftp.funet.fi/pub/mirrors/sourceware.org/pub/cygwin/\",\n \"ftp://ftp.iij.ad.jp/pub/cygwin/http://w\",\n \ \ \"ftp://ftp.iij.ad.jphttp\",\n \"ftp://ftp.inf.tu-dresden.de/software/windows/cygwin32/n/\",\n \"ftp://ftp.inf.tu-dresden.deygwin\",\n\ \ \"ftp://ftp.kr.freebsd.org\",\n \"ftp://ftp.kr.freebsd.orgb/cygwin/\",\n \"ftp://ftp.l\",\n \ \ \"ftp://ftp.lip6.fr/pub/cygwin/https://ft.X\",\n \"ftp://ftp.lip6.fr/pub/cygwin/in\",\n \"ftp://ftp.lip6.fr/pub/cygwin/p\",\n \ \ \"ftp://ftp.lip6.fr/pub/cygwin/win/in\",\n \"ftp://ftp.m\",\n \"ftp://ftp.mirrorservice.org\",\n \ \ \"ftp://ftp.muug.cah.de.deygwin\",\n \"ftp://ftp.n\",\n \"ftp://ftp.ncF\",\n \"ftp://ftp.ntua.gr\",\n\ \ \"ftp://ftp.ntua.gr/pub/pc/cygwin/http://f\",\n \"ftp://ftp.ntua.gr/pub/pc/cygwin/n/https:r\",\n \"ftp://ftp.rnl.tecnico.ulisboa.pt/pub/cygwin/n\"\ ,\n \"ftp://ftp.snt.utwente.nlc\",\n \"ftp://ftp.snt.utwente.nlme\",\n \"ftp://ftp.twaren.net/Unix/sourceware.org/cygwin//ac\"\ ,\n \"ftp://ftp.twaren.net/Unix/sourceware.org/cygwin/https:r\",\n \"ftp://ftp.yz.yamagata-u.ac.jphttp://ftp\",\n \ \ \"ftp://mirror.checkdomain.de/cygwin/\",\n \"ftp://mirror.checkdomain.de/cygwin/cygwin\",\n \"ftp://mirror.checkdomain.de/cygwin/http\",\n\ \ \"ftp://mirror.checkdomain.demirror\",\n \"ftp://mirror.checkdomain.deygwin\",\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin/gwin\"\ ,\n \"ftp://mirror.cs.vt.edu/pub/cygwin/cygwin/n\",\n \"ftp://mirror.easyname.at/cygwin//e\",\n \"ftp://mirror.easyname.atost.com\"\ ,\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/r\",\n \"ftp://mirrors.dotsrc.org/mirrors/cygwin/ygwin/in\",\n \"ftp://mirrors.dotsrc.orgcygwin/\"\ ,\n \"ftp://mirrors.netix.net/cygwin//\",\n \"ftp://mirrors.netix.net/cygwin/http://ccg\",\n \"ftp://mirrors.netix.net/cygwin/httpR\"\ ,\n \"ftp://mirrors.sonic.net/cygwin/http\",\n \"ftp://mirrors.sonic.net/cygwin/https://\",\n \"ftp://mirrors.syringanetworks.net/cygwin/\"\ ,\n \"ftp://mirrors.xmission.com/cygwin/https://\",\n \"ftp://sourceware.org/ftp://sources.redhat.com/ftp://gcc.gnu.org/\",\n \ \ \"ftp://sunsite.icm.edu.pl\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/http://f\",\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://S\"\ ,\n \"ftp://sunsite.icm.edu.pl/pub/cygnus/cygwin/https://tb\",\n \"ftp://sunsite.icm.edu.plc\",\n \"http://ac.economia.gob.mx/cps.html0\"\ ,\n \"http://ac.economia.gob.mx/last.crl0G\",\n \"http://acedicom.edicomgroup.com/doc0\",\n \"http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?\"\ ,\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0\",\n \"http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0\",\n \ \ \"http://apps.identrust.com/roots/dstrootcax3.p7c0\",\n \"http://ca.disig.sk/ca/crl/ca_disig.crl0\",\n \"http://ca.mtin.es/mtin/DPCyPoliticas0\"\ ,\n \"http://ca.mtin.es/mtin/DPCyPoliticas0g\",\n \"http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03\",\n \"http://ca.mtin.es/mtin/ocsp0\"\ ,\n \"http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0\",\n \"http://certificates.starfieldtech.com/repository/1604\",\n \ \ \"http://certs.oati.net/repository/OATICA2.crl0\",\n \"http://certs.oati.net/repository/OATICA2.crt0\",\n \"http://certs.oaticerts.com/repository/OATICA2.crl\"\ ,\n \"http://certs.oaticerts.com/repository/OATICA2.crt08\",\n \"http://cps.chambersign.org/cps/chambersignroot.html0\",\n \ \ \"http://cps.chambersign.org/cps/chambersroot.html0\",\n \"http://cps.letsencrypt.org0\",\n \"http://cps.root-x1.letsencrypt.org0\"\ ,\n \"http://cps.siths.se/sithsrootcav1.html0\",\n \"http://crl.certigna.fr/certignarootca.crl01\",\n \"http://crl.chambersign.org/chambersignroot.crl0\"\ ,\n \"http://crl.chambersign.org/chambersroot.crl0\",\n \"http://crl.comodoca.com/AAACertificateServices.crl06\",\n \ \ \"http://crl.defence.gov.au/pki0\",\n \"http://crl.dhimyotis.com/certignarootca.crl0\",\n \"http://crl.globalsign.net/root-r2.crl0\",\n\ \ \"http://crl.identrust.com/DSTROOTCAX3CRL.crl0\",\n \"http://crl.oces.trust2408.com/oces.crl0\",\n \"http://crl.securetrust.com/SGCA.crl0\"\ ,\n \"http://crl.securetrust.com/STCA.crl0\",\n \"http://crl.ssc.lt/root-a/cacrl.crl0\",\n \"http://crl.ssc.lt/root-b/cacrl.crl0\"\ ,\n \"http://crl.ssc.lt/root-c/cacrl.crl0\",\n \"http://crl.xrampsecurity.com/XGCA.crl0\",\n \"http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en\",\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635CB0\"\ ,\n \"http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab\",\n \"http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/CABD2A79A1076A31F21D253635\"\ ,\n \"http://cygwin.cathedral-\",\n \"http://cygwin.cathedral-S\",\n \"http://cygwin.cathedral-a\",\n \ \ \"http://cygwin.cathedral-networks.org\",\n \"http://cygwin.cathedral-networks.org%G\",\n \"http://cygwin.cathedral-networks.org.fr\"\ ,\n \"http://cygwin.cathedral-networks.org.i\",\n \"http://cygwin.cathedral-networks.org/\",\n \"http://cygwin.cathedral-networks.org/$~\"\ ,\n \"http://cygwin.cathedral-networks.org/&\",\n \"http://cygwin.cathedral-networks.org/&%\",\n \"http://cygwin.cathedral-networks.org/&gg\"\ ,\n \"http://cygwin.cathedral-networks.org/-\",\n \"http://cygwin.cathedral-networks.org/.\",\n \"http://cygwin.cathedral-networks.org/.f\"\ ,\n \"http://cygwin.cathedral-networks.org/.o\",\n \"http://cygwin.cathedral-networks.org/.v\",\n \"http://cygwin.cathedral-networks.org//\"\ ,\n \"http://cygwin.cathedral-networks.org///\",\n \"http://cygwin.cathedral-networks.org///lg\",\n \"http://cygwin.cathedral-networks.org//Qhk\"\ ,\n \"http://cygwin.cathedral-networks.org//R\",\n \"http://cygwin.cathedral-networks.org//aq\",\n \"http://cygwin.cathedral-networks.org//c\"\ ,\n \"http://cygwin.cathedral-networks.org//f\",\n \"http://cygwin.cathedral-networks.org//m\",\n \"http://cygwin.cathedral-networks.org//w\"\ ,\n \"http://cygwin.cathedral-networks.org/4iO\",\n \"http://cygwin.cathedral-networks.org/5A\",\n \"http://cygwin.cathedral-networks.org/6JX\"\ ,\n \"http://cygwin.cathedral-networks.org/;cygwin.cathedral-networks.org;Europe;Norway;noshow\",\n \"http://cygwin.cathedral-networks.org/B\"\ ,\n \"http://cygwin.cathedral-networks.org/D\",\n \"http://cygwin.cathedral-networks.org/Mb\",\n \"http://cygwin.cathedral-networks.org/Nc\"\ ,\n \"http://cygwin.cathedral-networks.org/P$\",\n \"http://cygwin.cathedral-networks.org/TH\",\n \"http://cygwin.cathedral-networks.org/UX\"\ ,\n \"http://cygwin.cathedral-networks.org/YIz\",\n \"http://cygwin.cathedral-networks.org/a\",\n \"http://cygwin.cathedral-networks.org/a/\"\ ,\n \"http://cygwin.cathedral-networks.org/aa\",\n \"http://cygwin.cathedral-networks.org/ac\",\n \"http://cygwin.cathedral-networks.org/ai\"\ ,\n \"http://cygwin.cathedral-networks.org/ba$\",\n \"http://cygwin.cathedral-networks.org/c\",\n \"http://cygwin.cathedral-networks.org/ca\"\ ,\n \"http://cygwin.cathedral-networks.org/cy\",\n \"http://cygwin.cathedral-networks.org/d\",\n \"http://cygwin.cathedral-networks.org/e\"\ ,\n \"http://cygwin.cathedral-networks.org/ec\",\n \"http://cygwin.cathedral-networks.org/et\",\n \"http://cygwin.cathedral-networks.org/e~\"\ ,\n \"http://cygwin.cathedral-networks.org/fi\",\n \"http://cygwin.cathedral-networks.org/g\",\n \"http://cygwin.cathedral-networks.org/gw\"\ ,\n \"http://cygwin.cathedral-networks.org/gwwH\",\n \"http://cygwin.cathedral-networks.org/g~;\",\n \"http://cygwin.cathedral-networks.org/i\"\ ,\n \"http://cygwin.cathedral-networks.org/ia\",\n \"http://cygwin.cathedral-networks.org/ie\",\n \"http://cygwin.cathedral-networks.org/jH\"\ ,\n \"http://cygwin.cathedral-networks.org/jagGk\",\n \"http://cygwin.cathedral-networks.org/j~\",\n \"http://cygwin.cathedral-networks.org/k.\"\ ,\n \"http://cygwin.cathedral-networks.org/m\",\n \"http://cygwin.cathedral-networks.org/mi#G7\",\n \"http://cygwin.cathedral-networks.org/miXc\"\ ,\n \"http://cygwin.cathedral-networks.org/n\",\n \"http://cygwin.cathedral-networks.org/n/wH\",\n \"http://cygwin.cathedral-networks.org/ni\"\ ,\n \"http://cygwin.cathedral-networks.org/niI\",\n \"http://cygwin.cathedral-networks.org/o\",\n \"http://cygwin.cathedral-networks.org/o.\"\ ,\n \"http://cygwin.cathedral-networks.org/oG\",\n \"http://cygwin.cathedral-networks.org/oeI\",\n \"http://cygwin.cathedral-networks.org/oo\"\ ,\n \"http://cygwin.cathedral-networks.org/q#\",\n \"http://cygwin.cathedral-networks.org/rg\",\n \"http://cygwin.cathedral-networks.org/s\"\ ,\n \"http://cygwin.cathedral-networks.org/s.\",\n \"http://cygwin.cathedral-networks.org/s/\",\n \"http://cygwin.cathedral-networks.org/ss\"\ ,\n \"http://cygwin.cathedral-networks.org/tJ\",\n \"http://cygwin.cathedral-networks.org/tp\",\n \"http://cygwin.cathedral-networks.org/tp&W\"\ ,\n \"http://cygwin.cathedral-networks.org/ttcF\",\n \"http://cygwin.cathedral-networks.org/u$\",\n \"http://cygwin.cathedral-networks.org/ub\"\ ,\n \"http://cygwin.cathedral-networks.org/wi\",\n \"http://cygwin.cathedral-networks.org/wi3c\",\n \"http://cygwin.cathedral-networks.org/y\"\ ,\n \"http://cygwin.cathedral-networks.org/yg\",\n \"http://cygwin.cathedral-networks.org/yn\",\n \"http://cygwin.cathedral-networks.org/y~-\"\ ,\n \"http://cygwin.cathedral-networks.org/z\",\n \"http://cygwin.cathedral-networks.org/zf\",\n \"http://cygwin.cathedral-networks.org3Jg\"\ ,\n \"http://cygwin.cathedral-networks.org4$\",\n \"http://cygwin.cathedral-networks.org5gT\",\n \"http://cygwin.cathedral-networks.org://\"\ ,\n \"http://cygwin.cathedral-networks.org;az\",\n \"http://cygwin.cathedral-networks.orgB%\",\n \"http://cygwin.cathedral-networks.orgD\"\ ,\n \"http://cygwin.cathedral-networks.orgE\",\n \"http://cygwin.cathedral-networks.orgE~\",\n \"http://cygwin.cathedral-networks.orgHc\"\ ,\n \"http://cygwin.cathedral-networks.orgJe2\",\n \"http://cygwin.cathedral-networks.orgJiu\",\n \"http://cygwin.cathedral-networks.orgKgz\"\ ,\n \"http://cygwin.cathedral-networks.orgM$\",\n \"http://cygwin.cathedral-networks.orgT\",\n \"http://cygwin.cathedral-networks.orgUni-c\"\ ,\n \"http://cygwin.cathedral-networks.orgVeu\",\n \"http://cygwin.cathedral-networks.orgX\",\n \"http://cygwin.cathedral-networks.orgXoa\"\ ,\n \"http://cygwin.cathedral-networks.orgag\",\n \"http://cygwin.cathedral-networks.orgala/A\",\n \"http://cygwin.cathedral-networks.organMG\"\ ,\n \"http://cygwin.cathedral-networks.orgbJ\",\n \"http://cygwin.cathedral-networks.orgbX\",\n \"http://cygwin.cathedral-networks.orgc$\"\ ,\n \"http://cygwin.cathedral-networks.orgce\",\n \"http://cygwin.cathedral-networks.orgeo:\",\n \"http://cygwin.cathedral-networks.orgfly\"\ ,\n \"http://cygwin.cathedral-networks.orggH\",\n \"http://cygwin.cathedral-networks.orggwi\",\n \"http://cygwin.cathedral-networks.orggwi0\"\ ,\n \"http://cygwin.cathedral-networks.orgg~;\",\n \"http://cygwin.cathedral-networks.orgiGl\",\n \"http://cygwin.cathedral-networks.orgn/fc\"\ ,\n \"http://cygwin.cathedral-networks.orgnc\",\n \"http://cygwin.cathedral-networks.orgor\",\n \"http://cygwin.cathedral-networks.orgp\"\ ,\n \"http://cygwin.cathedral-networks.orgtscjc\",\n \"http://cygwin.cathedral-networks.orgttp\",\n \"http://cygwin.cathedral-networks.orgtud_~\"\ ,\n \"http://cygwin.cathedral-networks.orgu\",\n \"http://cygwin.cathedral-networks.orgutsXak\",\n \"http://cygwin.cathedral-networks.orgwi\"\ ,\n \"http://cygwin.cathedral-networks.orgyg\",\n \"http://cygwin.cathedral-networks.orgygw\",\n \"http://cygwin.mi\"\ ,\n \"http://cygwin.mirror.constant.com\",\n \"http://cygwin.mirror.constant.com/\",\n \"http://cygwin.mirror.constant.com/.net/oeI\"\ ,\n \"http://cygwin.mirror.constant.com/.org\",\n \"http://cygwin.mirror.constant.com/.org/g.\",\n \"http://cygwin.mirror.constant.com//\"\ ,\n \"http://cygwin.mirror.constant.com//.$\",\n \"http://cygwin.mirror.constant.com//B%\",\n \"http://cygwin.mirror.constant.com//Ha\"\ ,\n \"http://cygwin.mirror.constant.com/3~J\",\n \"http://cygwin.mirror.constant.com/4g\",\n \"http://cygwin.mirror.constant.com/9\"\ ,\n \"http://cygwin.mirror.constant.com/;cygwin.mirror.constant.com;North\",\n \"http://cygwin.mirror.constant.com/Asia\",\n \ \ \"http://cygwin.mirror.constant.com/I\",\n \"http://cygwin.mirror.constant.com/M$\",\n \"http://cygwin.mirror.constant.com/ca\"\ ,\n \"http://cygwin.mirror.constant.com/co.u(b\",\n \"http://cygwin.mirror.constant.com/cygwin.m\",\n \"http://cygwin.mirror.constant.com/cygwin/\"\ ,\n \"http://cygwin.mirror.constant.com/erraSb\",\n \"http://cygwin.mirror.constant.com/ftp://mij\",\n \"http://cygwin.mirror.constant.com/g/?~F\"\ ,\n \"http://cygwin.mirror.constant.com/ganetIc\",\n \"http://cygwin.mirror.constant.com/gwin/\",\n \"http://cygwin.mirror.constant.com/gwin/t\"\ ,\n \"http://cygwin.mirror.constant.com/in/\",\n \"http://cygwin.mirror.constant.com/in//.rH\",\n \"http://cygwin.mirror.constant.com/in//G\"\ ,\n \"http://cygwin.mirror.constant.com/in/f$\",\n \"http://cygwin.mirror.constant.com/in/in/\",\n \"http://cygwin.mirror.constant.com/n//w\"\ ,\n \"http://cygwin.mirror.constant.com/n/:b\",\n \"http://cygwin.mirror.constant.com/o.net\",\n \"http://cygwin.mirror.constant.com/o.net/\"\ ,\n \"http://cygwin.mirror.constant.com/p://lYb\",\n \"http://cygwin.mirror.constant.com/ps://Ag\",\n \"http://cygwin.mirror.constant.com/pub/c\"\ ,\n \"http://cygwin.mirror.constant.com/re/windows/cygwin32/Fb\",\n \"http://cygwin.mirror.constant.com/redha\",\n \ \ \"http://cygwin.mirror.constant.com/s.org/\",\n \"http://cygwin.mirror.constant.com/soc.org.\",\n \"http://cygwin.mirror.constant.com/t\"\ ,\n \"http://cygwin.mirror.constant.com/t/\",\n \"http://cygwin.mirror.constant.com/tacenter\",\n \"http://cygwin.mirror.constant.com/th\"\ ,\n \"http://cygwin.mirror.constant.com/win/\",\n \"http://cygwin.mirror.constant.com/win/-un\",\n \"http://cygwin.mirror.constant.com/win//\"\ ,\n \"http://cygwin.mirror.constant.com/win///\",\n \"http://cygwin.mirror.constant.com/ygwin/\",\n \"http://cygwin.mirror.constant.com163.co\"\ ,\n \"http://cygwin.mirror.constant.comD\",\n \"http://cygwin.mirror.constant.comI~p\",\n \"http://cygwin.mirror.constant.comT%\"\ ,\n \"http://cygwin.mirror.constant.comYg\",\n \"http://cygwin.mirror.constant.combly.co\",\n \"http://cygwin.mirror.constant.comn/\"\ ,\n \"http://cygwin.mirror.constant.comn//\",\n \"http://cygwin.mirror.constant.comn/h\",\n \"http://cygwin.mirror.constant.comnet/\"\ ,\n \"http://cygwin.mirror.constant.coms\",\n \"http://cygwin.mirror.constant.comtE\",\n \"http://cygwin.mirror.constant.comtps://\"\ ,\n \"http://cygwin.mirror.constant.comwin.mi\",\n \"http://cygwin.mirror.globo.tech\",\n \"http://cygwin.mirror.globo.tech.net\"\ ,\n \"http://cygwin.mirror.globo.tech.org/or\",\n \"http://cygwin.mirror.globo.tech/\",\n \"http://cygwin.mirror.globo.tech/.de/cygwin/x\"\ ,\n \"http://cygwin.mirror.globo.tech//\",\n \"http://cygwin.mirror.globo.tech///\",\n \"http://cygwin.mirror.globo.tech//Zgk\"\ ,\n \"http://cygwin.mirror.globo.tech//cygwin\",\n \"http://cygwin.mirror.globo.tech//cygwin/://\",\n \"http://cygwin.mirror.globo.tech//cygwin/n/\"\ ,\n \"http://cygwin.mirror.globo.tech//g\",\n \"http://cygwin.mirror.globo.tech//n/L\",\n \"http://cygwin.mirror.globo.tech//ub/cygwin/\"\ ,\n \"http://cygwin.mirror.globo.tech/63.comsb\",\n \"http://cygwin.mirror.globo.tech/:\",\n \"http://cygwin.mirror.globo.tech/;cygwin.mirror.globo.tech;North\"\ ,\n \"http://cygwin.mirror.globo.tech/Asiak\",\n \"http://cygwin.mirror.globo.tech/S\",\n \"http://cygwin.mirror.globo.tech/b/cygwin//cy\"\ ,\n \"http://cygwin.mirror.globo.tech/ca/cygwin/ft\",\n \"http://cygwin.mirror.globo.tech/com/cygwin/\",\n \"http://cygwin.mirror.globo.tech/cygwin/\"\ ,\n \"http://cygwin.mirror.globo.tech/cygwin////c~X\",\n \"http://cygwin.mirror.globo.tech/d\",\n \"http://cygwin.mirror.globo.tech/f\"\ ,\n \"http://cygwin.mirror.globo.tech/gasso.net/\",\n \"http://cygwin.mirror.globo.tech/gwin/\",\n \"http://cygwin.mirror.globo.tech/gwin/K%\"\ ,\n \"http://cygwin.mirror.globo.tech/gwin/gwin/\",\n \"http://cygwin.mirror.globo.tech/gwin/n/i\",\n \"http://cygwin.mirror.globo.tech/in/\"\ ,\n \"http://cygwin.mirror.globo.tech/j\",\n \"http://cygwin.mirror.globo.tech/m~\",\n \"http://cygwin.mirror.globo.tech/n/\"\ ,\n \"http://cygwin.mirror.globo.tech/n//cygwin/Na\",\n \"http://cygwin.mirror.globo.tech/n/M\",\n \"http://cygwin.mirror.globo.tech/n/b/cygwin/\"\ ,\n \"http://cygwin.mirror.globo.tech/n/cygwin/\",\n \"http://cygwin.mirror.globo.tech/n/cygwin/l\",\n \"http://cygwin.mirror.globo.tech/n/t\"\ ,\n \"http://cygwin.mirror.globo.tech/n/win/ps://0b\",\n \"http://cygwin.mirror.globo.tech/nettp.a\",\n \"http://cygwin.mirror.globo.tech/nf\"\ ,\n \"http://cygwin.mirror.globo.tech/no//g\",\n \"http://cygwin.mirror.globo.tech/or.data(\",\n \"http://cygwin.mirror.globo.tech/orgX~\"\ ,\n \"http://cygwin.mirror.globo.tech/ors.neusoft.e\",\n \"http://cygwin.mirror.globo.tech/p://miig\",\n \"http://cygwin.mirror.globo.tech/pub/mir\"\ ,\n \"http://cygwin.mirror.globo.tech/ror.cheOc#\",\n \"http://cygwin.mirror.globo.tech/rors.xm:cy\",\n \"http://cygwin.mirror.globo.tech/rror\"\ ,\n \"http://cygwin.mirror.globo.tech/sK\",\n \"http://cygwin.mirror.globo.tech/tsrc.or\",\n \"http://cygwin.mirror.globo.tech/ttp://m\"\ ,\n \"http://cygwin.mirror.globo.tech/ttps://\",\n \"http://cygwin.mirror.globo.tech/win/W\",\n \"http://cygwin.mirror.globo.tech/win/gwin/\"\ ,\n \"http://cygwin.mirror.globo.tech/ygwin////\",\n \"http://cygwin.mirror.globo.tech/ygwin//Hc\",\n \"http://cygwin.mirror.globo.tech/ygwin/ftPb\"\ ,\n \"http://cygwin.mirror.globo.tech/ygwin/win/\",\n \"http://cygwin.mirror.globo.techAsiaU~l\",\n \"http://cygwin.mirror.globo.techathedral\"\ ,\n \"http://cygwin.mirror.globo.techca\",\n \"http://cygwin.mirror.globo.techcn\",\n \"http://cygwin.mirror.globo.techde\"\ ,\n \"http://cygwin.mirror.globo.techdeG\",\n \"http://cygwin.mirror.globo.techgwin/dg\",\n \"http://cygwin.mirror.globo.techin/\"\ ,\n \"http://cygwin.mirror.globo.techin//\",\n \"http://cygwin.mirror.globo.techin/pubS\",\n \"http://cygwin.mirror.globo.techm/\"\ ,\n \"http://cygwin.mirror.globo.techn/\",\n \"http://cygwin.mirror.globo.techn/://\",\n \"http://cygwin.mirror.globo.techn/ps://\"\ ,\n \"http://cygwin.mirror.globo.techn/t/t\",\n \"http://cygwin.mirror.globo.techost.com\",\n \"http://cygwin.mirror.globo.techp.br/cygIE\"\ ,\n \"http://cygwin.mirror.globo.techs.orgNg\",\n \"http://cygwin.mirror.globo.techv\",\n \"http://cygwin.mirror.globo.techwin/\"\ ,\n \"http://cygwin.mirror.globo.techwin/p.j\",\n \"http://cygwin.mirror.rafal.ca\",\n \"http://cygwin.mirror.rafal.ca.com/\"\ \n ],\n \"id\": \"238\",\n \"description\": \"URLs found in memory or binary data\"\n },\n \ \ {\n \"severity\": \"IMPACT_SEVERITY_INFO\",\n \"match_data\": [\n \"8.43.85.97:443 -> 192.168.2.15:49729 version: TLS\ \ 1.2\"\n ],\n \"id\": \"7058\",\n \"description\": \"Uses secure TLS version for HTTPS connections\"\n }\n\ \ ],\n \"last_modification_date\": 1677046869,\n \"mutexes_created\": [\n \"\\\\Sessions\\\\1\\\\BaseNamedObjects\\\\Local\\\\ZonesCacheCounterMutex\"\ ,\n \"\\\\Sessions\\\\1\\\\BaseNamedObjects\\\\Local\\\\ZonesLockedCacheCounterMutex\"\n ],\n \"files_opened\": [\n \"/etc\\\\\ system-fips\",\n \"C:\\\\Users\\\\user\\\\AppData\\\\LocalLow\",\n \"C:\\\\Users\\\\user\\\\AppData\\\\LocalLow\\\\Microsoft\\\\CryptnetUrlCache\\\\MetaData\\\ \\AFCF8E76E06245E64045C911C7467E0F\",\n \"C:\\\\Users\\\\user\\\\Desktop\\\\setup.rc\",\n \"C:\\\\Windows\\\\Globalization\\\\Sorting\\\\sortdefault.nls\",\n\ \ \"C:\\\\Windows\\\\SYSTEM32\\\\CRYPTBASE.DLL\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\CRYPTSP.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\DNSAPI.dll\"\ ,\n \"C:\\\\Windows\\\\SYSTEM32\\\\DPAPI.DLL\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\IPHLPAPI.DLL\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\NTASN1.dll\"\ ,\n \"C:\\\\Windows\\\\SYSTEM32\\\\SspiCli.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\WININET.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\WINNSI.DLL\"\ ,\n \"C:\\\\Windows\\\\SYSTEM32\\\\bcrypt.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\cryptnet.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\dhcpcsvc.DLL\"\ ,\n \"C:\\\\Windows\\\\SYSTEM32\\\\dhcpcsvc6.DLL\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\en-US\\\\tzres.dll.mui\",\n \"C:\\\\Windows\\\\SYSTEM32\\\ \\en-US\\\\winnlsres.dll.mui\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\gpapi.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\iertutil.dll\",\n \"C:\\\\\ Windows\\\\SYSTEM32\\\\mskeyprotect.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\ncrypt.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\ntmarta.dll\",\n \ \ \"C:\\\\Windows\\\\SYSTEM32\\\\ondemandconnroutehelper.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\tzres.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\urlmon.dll\"\ ,\n \"C:\\\\Windows\\\\SYSTEM32\\\\webio.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\winhttp.dll\",\n \"C:\\\\Windows\\\\SYSTEM32\\\\winnlsres.dll\"\ ,\n \"C:\\\\Windows\\\\SYSTEM32\\\\wintypes.dll\",\n \"C:\\\\Windows\\\\System32\\\\CoreMessaging.dll\",\n \"C:\\\\Windows\\\\System32\\\\\ CoreUIComponents.dll\",\n \"C:\\\\Windows\\\\System32\\\\TextInputFramework.dll\",\n \"C:\\\\Windows\\\\System32\\\\drivers\\\\etc\\\\hosts\",\n \ \ \"C:\\\\Windows\\\\System32\\\\en-US\\\\CRYPT32.dll.mui\",\n \"C:\\\\Windows\\\\System32\\\\en-US\\\\USER32.dll.mui\",\n \"C:\\\\Windows\\\\System32\\\ \\en-US\\\\wshqos.dll.mui\",\n \"C:\\\\Windows\\\\System32\\\\fwpuclnt.dll\",\n \"C:\\\\Windows\\\\System32\\\\rasadhlp.dll\",\n \"C:\\\\\ Windows\\\\System32\\\\wshqos.dll\",\n \"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17134.1304_en-us_ea072f00a93a0bdd\",\n\ \ \"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.17134.1304_en-us_ea072f00a93a0bdd\\\\COMCTL32.dll.mui\",\n \ \ \"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1304_none_d3fbe61b7c93d9f0\",\n \"C:\\\\Windows\\\\WinSxS\\\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.1304_none_d3fbe61b7c93d9f0\\\ \\COMCTL32.dll\",\n \"C:\\\\Windows\\\\system32\\\\IMM32.DLL\",\n \"C:\\\\Windows\\\\system32\\\\drivers\\\\etc\\\\hosts\",\n \"C:\\\\Windows\\\ \\system32\\\\dwmapi.dll\",\n \"C:\\\\Windows\\\\system32\\\\en-US\\\\mswsock.dll.mui\",\n \"C:\\\\Windows\\\\system32\\\\mswsock.dll\",\n \ \ \"C:\\\\Windows\\\\system32\\\\ncryptsslp.dll\",\n \"C:\\\\Windows\\\\system32\\\\oleaut32.dll\",\n \"C:\\\\Windows\\\\system32\\\\rpcss.dll\",\n \ \ \"C:\\\\Windows\\\\system32\\\\rsaenh.dll\",\n \"C:\\\\Windows\\\\system32\\\\schannel.DLL\",\n \"C:\\\\Windows\\\\system32\\\\uxtheme.dll\"\ ,\n \"C:\\\\Windows\\\\system32\\\\uxtheme.dll.Config\",\n \"C:\\\\cygwin64\",\n \"C:\\\\cygwin64\\\\bin\\\\cygcheck.exe\",\n \ \ \"C:\\\\cygwin64\\\\bin\\\\cygwin1.dll\",\n \"C:\\\\cygwin64\\\\etc\\\\setup\\\\setup.rc\",\n \"C:\\\\cygwin64\\\\var\",\n \"C:\\\ \\cygwin64\\\\var\\\\log\",\n \"Nsi\",\n \"\\\\DEVICE\\\\NETBT_TCPIP_{3882A85B-858A-11EB-B9E1-806E6F6E6963}\",\n \"\\\\DEVICE\\\\NETBT_TCPIP_{CBA69670-7441-4D46-8A3A-61E0A7B4F41B}\"\ ,\n \"\\\\Device\\\\Afd\\\\Endpoint\",\n \"\\\\Device\\\\KsecDD\",\n \"\\\\Device\\\\RasAcd\",\n \"\\\\DEVICE\\\\NETBT_TCPIP_{92904508-F335-4574-A127-534547B20089}\"\ ,\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\",\n \"\\\\DEVICE\\\\NETBT_TCPIP_{D98ADCA8-3705-4093-B6B0-210B85CA195B}\"\ ,\n \"\\\\DEVICE\\\\NETBT_TCPIP_{44C728A6-CC3C-434D-B238-E5B6541E3476}\",\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\ \\IE\\\\R0IAZP7Z\"\n ],\n \"analysis_date\": 1669406573,\n \"sandbox_name\": \"Zenbox\",\n \"mitre_attack_techniques\": [\n \ \ {\n \"signature_description\": \"Creates files inside the user directory\",\n \"id\": \"T1036\",\n \"severity\": \"\ IMPACT_SEVERITY_INFO\"\n },\n {\n \"signature_description\": \"Sample is packed with UPX\",\n \"id\": \"T1027.002\"\ ,\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"signature_description\": \"PE file has section (not .text)\ \ which is very likely to contain packed code (zlib compression ratio < 0.011)\",\n \"id\": \"T1027.002\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n\ \ },\n {\n \"signature_description\": \"Sample is packed with UPX\",\n \"id\": \"T1027\",\n \ \ \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"signature_description\": \"Reads software policies\",\n \ \ \"id\": \"T1082\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"signature_description\": \"Reads\ \ the hosts file\",\n \"id\": \"T1018\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \ \ \"signature_description\": \"Uses HTTPS\",\n \"id\": \"T1573\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n \ \ {\n \"signature_description\": \"Uses HTTPS for network communication, use the SSL MITM Proxy cookbook for further analysis\",\n \"id\"\ : \"T1573\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"signature_description\": \"Performs DNS lookups\"\ ,\n \"id\": \"T1095\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"signature_description\"\ : \"Uses HTTPS\",\n \"id\": \"T1071\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \ \ \"signature_description\": \"Performs DNS lookups\",\n \"id\": \"T1071\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n \ \ {\n \"signature_description\": \"Monitors certain registry keys / values for changes (often done to protect autostart functionality)\",\n \ \ \"id\": \"T1012\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"signature_description\":\ \ \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\",\n \"id\": \"T1518.001\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ \n },\n {\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \ \ \"value\": \"90\"\n }\n ],\n \"signature_description\": \"Creates files inside the user directory\"\ ,\n \"id\": \"T1036\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"refs\": [\n\ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"433\"\n }\n \ \ ],\n \"signature_description\": \"PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)\",\n \ \ \"id\": \"T1027.002\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"342\"\n }\n \ \ ],\n \"signature_description\": \"Sample is packed with UPX\",\n \"id\": \"T1027.002\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ \n },\n {\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \ \ \"value\": \"342\"\n }\n ],\n \"signature_description\": \"Sample is packed with UPX\",\n \ \ \"id\": \"T1027\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"263\"\n }\n \ \ ],\n \"signature_description\": \"May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)\",\n \"id\": \"\ T1518.001\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"refs\": [\n {\n\ \ \"ref\": \"#signature_matches\",\n \"value\": \"509\"\n }\n ],\n \ \ \"signature_description\": \"Reads software policies\",\n \"id\": \"T1082\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n \ \ },\n {\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \ \ \"value\": \"328\"\n }\n ],\n \"signature_description\": \"Reads the hosts file\",\n \"id\": \"\ T1018\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"625\"\n }\n ],\n \ \ \"signature_description\": \"Uses HTTPS\",\n \"id\": \"T1573\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n \ \ {\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"624\"\ \n }\n ],\n \"signature_description\": \"Uses HTTPS for network communication, use the SSL MITM Proxy cookbook for further\ \ analysis\",\n \"id\": \"T1573\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"206\"\n }\n\ \ ],\n \"signature_description\": \"Performs DNS lookups\",\n \"id\": \"T1095\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\ \n },\n {\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \ \ \"value\": \"206\"\n }\n ],\n \"signature_description\": \"Performs DNS lookups\",\n \ \ \"id\": \"T1071\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n },\n {\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"625\"\n }\n ],\n\ \ \"signature_description\": \"Uses HTTPS\",\n \"id\": \"T1071\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n \ \ },\n {\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \ \ \"value\": \"198\"\n }\n ],\n \"signature_description\": \"Monitors certain registry keys / values for changes (often\ \ done to protect autostart functionality)\",\n \"id\": \"T1012\",\n \"severity\": \"IMPACT_SEVERITY_INFO\"\n }\n \ \ ],\n \"registry_keys_opened\": [\n \"HKEY_CURRENT_USER\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\",\n \"HKEY_CURRENT_USER\\\ \\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\",\n \"HKEY_CURRENT_USER\\\\Software\",\n \"HKEY_CURRENT_USER\\\\Software\\\ \\Classes\\\\Local Settings\\\\MuiCache\\\\48\\\\52C64B7E\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Cygwin\\\\setup\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\ \\CTF\\\\DirectSwitchHotkeys\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Download\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\ \\Internet Explorer\\\\Main\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\",\n \"HKEY_CURRENT_USER\\\\Software\\\ \\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet\ \ Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\ \\FEATURE_BUFFERBREAKING_818408\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611\"\ ,\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_DIGEST_NO_EXTRAS_IN_URI\",\n \"HKEY_CURRENT_USER\\\\Software\\\ \\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\ \\Main\\\\FeatureControl\\\\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\\ FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_ENABLE_TOKEN_BINDING\",\n\ \ \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\ \\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\ \\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915\"\ ,\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_INCLUDE_PORT_IN_SPN_KB908209\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_LOCALMACHINE_LOCKDOWN\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\ \\Main\\\\FeatureControl\\\\FEATURE_MIME_HANDLING\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274\"\ ,\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\\ Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\ \\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_URI_DISABLECACHE\"\ ,\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_USE_CNAME_FOR_SPN_KB911149\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\\ Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\ \\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\RETRY_HEADERONLYPOST_ONCONNECTIONRESET\"\ ,\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Internet Explorer\\\\Security\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\\ CA\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\CA\\\\CRLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\ \\CA\\\\CTLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\CA\\\\Certificates\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\ \\SystemCertificates\\\\CA\\\\PhysicalStores\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\Disallowed\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Microsoft\\\\SystemCertificates\\\\Disallowed\\\\CRLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\Disallowed\\\\CTLs\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\Disallowed\\\\Certificates\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\ \\Root\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\Root\\\\CRLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\ \\Root\\\\CTLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\Root\\\\Certificates\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\ \\SystemCertificates\\\\SmartCardRoot\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\SmartCardRoot\\\\CRLs\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Microsoft\\\\SystemCertificates\\\\SmartCardRoot\\\\CTLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\SmartCardRoot\\\\Certificates\"\ ,\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\TrustedPeople\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\ \\TrustedPeople\\\\CRLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\TrustedPeople\\\\CTLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\ \\Microsoft\\\\SystemCertificates\\\\TrustedPeople\\\\Certificates\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\trust\",\n \"\ HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\trust\\\\CRLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\trust\\\\CTLs\",\n\ \ \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\SystemCertificates\\\\trust\\\\Certificates\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\ \\CurrentVersion\\\\Explorer\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\Advanced\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\SessionInfo\\\\1\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\ \\SessionInfo\\\\1\\\\KnownFolders\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\User Shell Folders\",\n \"\ HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\\ Internet Settings\\\\5.0\\\\Cache\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\5.0\\\\Cache\\\\Content\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\5.0\\\\Cache\\\\Cookies\",\n \"HKEY_CURRENT_USER\\\\Software\\\\\ Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\5.0\\\\Cache\\\\Extensible Cache\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\ \\Internet Settings\\\\5.0\\\\Cache\\\\History\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\0\",\n \"HKEY_CURRENT_USER\\\\Software\\\ \\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\1\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet\ \ Settings\\\\Lockdown_Zones\\\\2\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\3\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\4\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\ \\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\\\\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\\ \\Domains\\\\\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\\\ProtocolDefaults\\\\\",\n \"\ HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Zones\\\\\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\ \\Internet Settings\\\\Zones\\\\0\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Zones\\\\1\",\n \"\ HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Zones\\\\2\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\ \\Internet Settings\\\\Zones\\\\3\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Zones\\\\4\",\n \"\ HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\WinTrust\\\\Trust Providers\\\\Software Publishing\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\ \\windows\\\\CurrentVersion\\\\Internet Settings\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\ \\Internet Explorer\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Internet Explorer\\\\Main\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\ \\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Internet Explorer\\\\Security\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\CA\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\ \\CA\\\\CRLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\CA\\\\CTLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\ \\Microsoft\\\\SystemCertificates\\\\CA\\\\Certificates\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\Disallowed\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\Disallowed\\\\CRLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\ \\Disallowed\\\\CTLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\Disallowed\\\\Certificates\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\TrustedPeople\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\TrustedPeople\\\ \\CRLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\TrustedPeople\\\\CTLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\\ Policies\\\\Microsoft\\\\SystemCertificates\\\\TrustedPeople\\\\Certificates\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\TrustedPublisher\\\ \\Safer\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\trust\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\ \\SystemCertificates\\\\trust\\\\CRLs\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\trust\\\\CTLs\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Policies\\\\Microsoft\\\\SystemCertificates\\\\trust\\\\Certificates\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\ \\Internet Settings\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\0\",\n \"HKEY_CURRENT_USER\\\\Software\\\\\ Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\1\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\ \\Internet Settings\\\\Lockdown_Zones\\\\2\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\\ 3\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Lockdown_Zones\\\\4\",\n \"HKEY_CURRENT_USER\\\ \\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\ \\Internet Settings\\\\ZoneMap\\\\\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\ZoneMap\\\\Domains\\\\\"\ ,\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Zones\\\\\",\n \"HKEY_CURRENT_USER\\\\Software\\\ \\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Zones\\\\0\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\ \\Internet Settings\\\\Zones\\\\1\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Zones\\\\2\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Zones\\\\3\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\ \\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\Zones\\\\4\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\Explorer\",\n \ \ \"HKEY_CURRENT_USER\\\\ZoneMap\\\\Ranges\\\\\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\AppID\\\\setup-x86_64.exe\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Classes\\\\AppID\\\\{00021401-0000-0000-C000-000000000046}\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\Elevation\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\ \\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\InprocHandler\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\InprocHandler32\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\InprocServer32\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\ \\Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\LocalServer\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\ \\LocalServer32\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\TreatAs\",\n \"HKEY_LOCAL_MACHINE\\\\\ SOFTWARE\\\\Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\\ Elevation\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\InprocHandler\",\n \"HKEY_LOCAL_MACHINE\\\\\ SOFTWARE\\\\Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\InprocHandler32\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\ \\InprocServer32\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\LocalServer\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\LocalServer32\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\ \\TreatAs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\Interface\\\\{00000134-0000-0000-C000-000000000046}\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\\ Classes\\\\Interface\\\\{00000134-0000-0000-C000-000000000046}\\\\ProxyStubClsid32\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\Interface\\\\{A168AADC-1674-49DA-AD4F-4F27DF8760D0}\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\Interface\\\\{a168aadc-1674-49da-ad4f-4f27df8760d0}\\\\ProxyStubClsid32\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\ \\Microsoft\\\\AppModel\\\\Lookaside\\\\Packages\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\CTF\\\\\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\ \\CTF\\\\Compatibility\\\\setup-x86_64.exe\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\Defaults\\\\Provider\\\\Microsoft Enhanced RSA and AES Cryptographic\ \ Provider\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 0\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\\ Cryptography\\\\OID\\\\EncodingType 0\\\\CertDllCreateCertificateChainEngine\\\\Config\\\\Default\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\\ EncodingType 0\\\\CertDllOpenStoreProv\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 0\\\\CertDllOpenStoreProv\\\\#16\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 0\\\\CertDllOpenStoreProv\\\\Ldap\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\ \\Cryptography\\\\OID\\\\EncodingType 0\\\\CryptDllDecodeObjectEx\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 1\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 1\\\\CertDllOpenStoreProv\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\\ Cryptography\\\\OID\\\\EncodingType 1\\\\CryptDllDecodeObjectEx\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 1\\\\CryptDllDecodeObjectEx\\\ \\1.2.840.113549.1.9.16.1.1\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 1\\\\CryptDllDecodeObjectEx\\\\1.2.840.113549.1.9.16.2.1\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 1\\\\CryptDllDecodeObjectEx\\\\1.2.840.113549.1.9.16.2.11\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 1\\\\CryptDllDecodeObjectEx\\\\1.2.840.113549.1.9.16.2.12\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\\ Cryptography\\\\OID\\\\EncodingType 1\\\\CryptDllDecodeObjectEx\\\\1.2.840.113549.1.9.16.2.2\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType\ \ 1\\\\CryptDllDecodeObjectEx\\\\1.2.840.113549.1.9.16.2.3\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Cryptography\\\\OID\\\\EncodingType 1\\\\CryptDllDecodeObjectEx\\\ \\1.2.840.113549.1.9.16.2.4\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\CA\\\\CRLs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\ \\Microsoft\\\\EnterpriseCertificates\\\\CA\\\\CTLs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\CA\\\\Certificates\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\Disallowed\\\\CRLs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\\ Disallowed\\\\CTLs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\Disallowed\\\\Certificates\",\n \"HKEY_LOCAL_MACHINE\\\\\ SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\Root\\\\CRLs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\Root\\\\CTLs\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\Root\\\\Certificates\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\ \\Trust\\\\CRLs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\Trust\\\\CTLs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\ \\EnterpriseCertificates\\\\Trust\\\\Certificates\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\TrustedPeople\\\\CRLs\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\\TrustedPeople\\\\CTLs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\EnterpriseCertificates\\\ \\TrustedPeople\\\\Certificates\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_ALWAYS_USE_DNS_FOR_SPN_KB3022771\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_BUFFERBREAKING_818408\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\ \\Main\\\\FeatureControl\\\\FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\\ FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_DIGEST_NO_EXTRAS_IN_URI\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266\",\n \"\ HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\ \\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\ \\Main\\\\FeatureControl\\\\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\\ FEATURE_ENABLE_TOKEN_BINDING\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Classes\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Classes\\\\Local Settings\",\n \ \ \"HKEY_CURRENT_USER\\\\Software\\\\Classes\\\\Local Settings\\\\MuiCache\\\\4d\\\\52C64B7E\",\n \"HKEY_CURRENT_USER_Classes\",\n \"HKEY_CURRENT_USER_Classes\\\ \\APPID\\\\{00021401-0000-0000-C000-000000000046}\",\n \"HKEY_CURRENT_USER_Classes\\\\AppID\\\\software.exe\",\n \"HKEY_CURRENT_USER_Classes\\\\AppID\\\\{00021401-0000-0000-C000-000000000046}\"\ ,\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\ \\Elevation\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\InProcServer32\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\ \\{00021401-0000-0000-C000-000000000046}\\\\InprocHandler\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\InprocHandler32\",\n \ \ \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\InprocServer32\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\ \\LocalServer\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{00021401-0000-0000-C000-000000000046}\\\\LocalServer32\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\ \\{00021401-0000-0000-C000-000000000046}\\\\TreatAs\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\",\n \"HKEY_CURRENT_USER_Classes\\\ \\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\Elevation\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\InProcServer32\",\n \ \ \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\InprocHandler\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\ \\InprocHandler32\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\InprocServer32\",\n \"HKEY_CURRENT_USER_Classes\\\\\ CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\LocalServer\",\n \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\LocalServer32\",\n \ \ \"HKEY_CURRENT_USER_Classes\\\\CLSID\\\\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\\\\TreatAs\",\n \"HKEY_CURRENT_USER_Classes\\\\Interface\\\\{00000134-0000-0000-C000-000000000046}\"\ ,\n \"HKEY_CURRENT_USER_Classes\\\\Interface\\\\{00000134-0000-0000-C000-000000000046}\\\\ProxyStubClsid32\",\n \"HKEY_CURRENT_USER_Classes\\\\Interface\\\\\ {A168AADC-1674-49DA-AD4F-4F27DF8760D0}\",\n \"HKEY_CURRENT_USER_Classes\\\\Interface\\\\{a168aadc-1674-49da-ad4f-4f27df8760d0}\\\\ProxyStubClsid32\",\n \"HKEY_CURRENT_USER_Classes\\\ \\Local Settings\\\\Software\\\\Microsoft\",\n \"HKEY_CURRENT_USER_Classes\\\\Local Settings\\\\Software\\\\Microsoft\\\\Ole\",\n \"HKEY_CURRENT_USER_Classes\\\ \\Local Settings\\\\Software\\\\Microsoft\\\\Ole\\\\FeatureDevelopmentProperties\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\CTF\\\\Compatibility\\\\software.exe\",\n\ \ \"HKEY_CURRENT_USER\\\\Software\\\\Classes\\\\Local Settings\\\\MuiCache\\\\46\\\\52C64B7E\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\\ CurrentVersion\\\\Policies\\\\Explorer\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\AppID\\\\program.exe\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\ \\CTF\\\\Compatibility\\\\program.exe\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\AppID\\\\executable.exe\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\\ Microsoft\\\\CTF\\\\Compatibility\\\\executable.exe\",\n \"HKEY_CURRENT_USER\\\\Software\\\\Classes\\\\Local Settings\\\\MuiCache\\\\47\\\\52C64B7E\",\n \"\ HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{0358B920-0AC7-461F-98F4-58E32CD89148}\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{0358b920-0ac7-461f-98f4-58e32cd89148}\\\ \\InprocHandler\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{0358b920-0ac7-461f-98f4-58e32cd89148}\\\\InprocHandler32\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Classes\\\\CLSID\\\\{0358b920-0ac7-461f-98f4-58e32cd89148}\\\\InprocServer32\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\CLSID\\\\{0358b920-0ac7-461f-98f4-58e32cd89148}\\\ \\TreatAs\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\AppID\\\\file.exe\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\CTF\\\\Compatibility\\\ \\file.exe\",\n \"HKEY_CURRENT_USER_Classes\\\\AppID\\\\executable.exe\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Classes\\\\AppID\\\\software.exe\",\n \ \ \"HKEY_CURRENT_USER_Classes\\\\AppID\\\\file.exe\",\n \"HKEY_CURRENT_USER_Classes\\\\AppID\\\\program.exe\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\ \\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\ \\Main\\\\FeatureControl\\\\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\ \\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_INCLUDE_PORT_IN_SPN_KB908209\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\ \\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_LOCALMACHINE_LOCKDOWN\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\\ FeatureControl\\\\FEATURE_MIME_HANDLING\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\\ Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_SCH_SEND_AUX_RECORD_KB_2618444\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\ \\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_URI_DISABLECACHE\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_USE_CNAME_FOR_SPN_KB911149\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\\ Internet Explorer\\\\Main\\\\FeatureControl\\\\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\ \\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Internet Explorer\\\\Main\\\\FeatureControl\\\\RETRY_HEADERONLYPOST_ONCONNECTIONRESET\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\OLE\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\OLEAUT\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Microsoft\\\\SystemCertificates\\\\AuthRoot\\\\NULL\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\SystemCertificates\\\\ROOT\\\\NULL\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\FontLink\\\\SystemLink\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\ \\CurrentVersion\\\\Image File Execution Options\\\\executable.exe\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\LanguagePack\\\\DataStore_V1.0\"\ ,\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\LanguagePack\\\\SurrogateFallback\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\ \\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\LanguagePack\\\\SurrogateFallback\\\\Arial\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\\ LanguagePack\\\\SurrogateFallback\\\\MS Shell Dlg\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\msasn1\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\AppModelUnlock\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\ \\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\\{2B0F765D-C0E9-4171-908E-08A611B84FF6}\\\ \\PropertyBag\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\",\n\ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\\{352481E8-33BE-4251-BA85-6007CAEDCF9D}\\\\PropertyBag\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\\\PropertyBag\",\n \"\ HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\\{D9DC8A3B-B784-432E-A781-5A1130A75963}\\\\PropertyBag\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\ \\Microsoft\\\\Windows\\\\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\ \\CurrentVersion\\\\Explorer\\\\FolderDescriptions\\\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\\\PropertyBag\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\ \\Internet Settings\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Internet Settings\\\\WinHttp\",\n \"HKEY_LOCAL_MACHINE\\\ \\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\OOBE\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Internet Explorer\\\\Security\",\n \ \ \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\DNSClient\\\\DnsPolicyConfig\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\ \\WindowsStore\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\Appx\",\n \"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\ \\Windows\\\\CurrentVersion\\\\Internet Settings\"\n ],\n \"ip_traffic\": [\n {\n \"transport_layer_protocol\": \"TCP\",\n\ \ \"destination_ip\": \"8.43.85.97\",\n \"destination_port\": 443\n },\n {\n \"transport_layer_protocol\"\ : \"TCP\",\n \"destination_ip\": \"13.107.4.50\",\n \"destination_port\": 80\n }\n ],\n \"processes_tree\"\ : [\n {\n \"process_id\": \"6752\",\n \"name\": \"\\\"C:\\\\Users\\\\user\\\\Desktop\\\\setup-x86_64.exe\\\" \"\n \ \ }\n ],\n \"memory_dumps\": [\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \ \ \"file_name\": \"00000000.00000003.4006229143.0000000002A99000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44666880\",\n \"size\": \"20480\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4028714596.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44691456\",\n \"\ size\": \"36864\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4023092884.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44625920\",\n \"size\": \"118784\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3986544940.0000000005C06000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"45056\",\n \"base_address\": \"96493568\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4026209520.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44744704\",\n \"\ size\": \"69632\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4054507190.0000000002ABF000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44822528\",\n \"size\": \"36864\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4039446772.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"size\": \"106496\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4012020699.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"20480\",\n \"base_address\": \"44687360\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4030636581.0000000002A94000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44646400\",\n \"\ size\": \"122880\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\"\ : \"00000000.00000003.3985689994.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \"base_address\": \"96366592\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4016297437.0000000002AA4000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44711936\",\n \"size\": \"53248\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4040752177.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44625920\",\n \"\ size\": \"53248\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4015430436.0000000002A98000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44662784\",\n \"size\": \"36864\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4044398789.0000000002ABA000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44802048\",\n \"size\": \"69632\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4003745871.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44724224\",\n \"\ size\": \"28672\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.3998916328.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44691456\",\n \"size\": \"16384\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4037832419.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"size\": \"12288\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3996620218.0000000002AAE000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44752896\",\n \"\ size\": \"4096\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000002.4734940162.000000000525A000.00000004.00000010.00020000.00000000.sdmp\",\n \"size\": \"24576\",\n \"base_address\": \"86351872\",\n\ \ \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \ \ \"file_name\": \"00000000.00000003.4039992924.0000000002ABA000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44802048\",\n \"size\": \"94208\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4047262118.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44863488\",\n \"\ size\": \"65536\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.3995960485.0000000002AA4000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"12288\",\n \"base_address\": \"44711936\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4022940810.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"12288\",\n \ \ \"base_address\": \"44744704\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4054050891.0000000002AD2000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n \ \ ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44900352\",\n \"size\": \"8192\"\n \ \ },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4734038491.0000000001210000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"4096\",\n \"base_address\": \"18939904\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3987291764.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"96206848\",\n \"\ size\": \"20480\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4046591470.0000000002AB9000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"28672\",\n \"base_address\": \"44797952\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4054923989.0000000002AAE000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"28672\",\n \ \ \"base_address\": \"44752896\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4020671692.0000000002A90000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n \ \ ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44630016\",\n \"size\": \"8192\"\n \ \ },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4734817418.0000000002AD8000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_EXIT\",\n \"base_address\": \"44924928\",\n \"\ size\": \"4096\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000002.4734069058.0000000001280000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"8192\",\n \"base_address\": \"19398656\",\n\ \ \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \ \ \"file_name\": \"00000000.00000003.4018148317.0000000002ABB000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44806144\",\n \"size\": \"8192\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4017981928.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44687360\",\n \"\ size\": \"57344\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4004930021.0000000002A9A000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44670976\",\n \"size\": \"32768\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4017932241.0000000002ABB000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44806144\",\n \"size\": \"8192\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4014240923.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44744704\",\n \"\ size\": \"8192\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000003.3996256433.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \"\ ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44691456\",\n \"size\": \"20480\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4001342862.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44683264\",\n \"size\": \"24576\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4016986043.0000000002ABB000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44806144\",\n \"\ size\": \"8192\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000003.3997439413.0000000002A97000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \"\ ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44658688\",\n \"size\": \"61440\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4038715677.0000000002AC7000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44855296\",\n \"size\": \"12288\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3985425456.0000000005BC5000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"96227328\",\n \"\ size\": \"135168\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\"\ : \"00000000.00000003.4016403271.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44625920\",\n \"size\": \"49152\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4035950922.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"size\": \"45056\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3999845512.0000000002A91000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"32768\",\n \"base_address\": \"44634112\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4046438285.0000000002AD8000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"4096\",\n \"base_address\": \"44924928\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3995422691.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44732416\",\n \"\ size\": \"24576\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4055573607.0000000002AD6000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \"base_address\": \"44916736\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4040103925.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44744704\",\n \"size\": \"24576\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4032872996.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"\ size\": \"20480\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.3996378944.0000000002A92000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"12288\",\n \"base_address\": \"44638208\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4050614442.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44724224\",\n \"size\": \"20480\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4017013365.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44793856\",\n \"\ size\": \"12288\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4039777145.0000000002ACB000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44871680\",\n \"size\": \"24576\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4734854989.0000000004660000.00000004.00000800.00020000.00000000.sdmp\",\n \ \ \"size\": \"4096\",\n \"base_address\": \"73793536\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4040864152.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44683264\",\n \"\ size\": \"61440\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4055789295.0000000002AD2000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44900352\",\n \"size\": \"16384\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4046491932.0000000002A9C000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44679168\",\n \"size\": \"65536\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3998782377.0000000002A97000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44658688\",\n \"\ size\": \"4096\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000002.4726416623.000000000010E000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \"\ ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_EXIT\"\ ,\n \"base_address\": \"1105920\",\n \"size\": \"151552\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3782890564.000000000011D000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"8192\",\n \"base_address\": \"1167360\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4014664264.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44724224\",\n \"\ size\": \"20480\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.3996090999.0000000002A92000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"12288\",\n \"base_address\": \"44638208\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000002.4733435997.0000000000880000.00000040.00000001.01000000.00000003.sdmp\",\n \"size\": \"4096\",\n \ \ \"base_address\": \"8912896\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4042878365.0000000002AC7000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n \ \ ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44855296\",\n \"size\": \"49152\"\n \ \ },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4034427616.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44707840\",\n \"\ size\": \"16384\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4016801210.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44789760\",\n \"size\": \"24576\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4054247621.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44613632\",\n \"size\": \"139264\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4023633658.0000000002A95000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44650496\",\n \"\ size\": \"118784\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\"\ : \"00000000.00000003.4008487274.0000000002A95000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44650496\",\n \"size\": \"20480\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3988055647.0000000005BC2000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"96215040\",\n \"size\": \"12288\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4047123716.0000000002A9B000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44675072\",\n \"\ size\": \"69632\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4037245444.0000000002ACB000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"12288\",\n \"base_address\": \"44871680\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.3782934519.0000000000120000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"90112\",\n \ \ \"base_address\": \"1179648\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4735148545.0000000005860000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n \ \ ],\n \"stage\": \"MEM_STAGE_EXIT\",\n \"base_address\": \"92667904\",\n \"size\": \"196608\"\n \ \ },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4016009250.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"\ size\": \"24576\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4015207252.0000000002AA2000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44703744\",\n \"size\": \"61440\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4728013413.0000000000401000.00000040.00000001.01000000.00000003.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_EXIT\",\n \"base_address\": \"4198400\",\n \"size\": \"3780608\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3995482815.0000000002AAB000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44740608\",\n \"\ size\": \"16384\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4002524145.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44687360\",\n \"size\": \"20480\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4009008631.0000000002A98000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44662784\",\n \"size\": \"8192\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4017590892.0000000002A98000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"12288\",\n \"base_address\": \"44662784\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3999778851.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44691456\",\n \"\ size\": \"16384\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4031885746.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44789760\",\n \"size\": \"20480\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4041244123.0000000002AC7000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44855296\",\n \"size\": \"40960\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4020021149.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44744704\",\n \"\ size\": \"61440\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4037656610.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44789760\",\n \"size\": \"12288\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4013238294.0000000002A9C000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44679168\",\n \"size\": \"8192\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4003832514.0000000002A91000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"16384\",\n \"base_address\": \"44634112\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4006956873.0000000002AAE000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44752896\",\n \"\ size\": \"40960\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4052016022.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"28672\",\n \"base_address\": \"44744704\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4045133120.0000000002AB9000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44797952\",\n \"size\": \"32768\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4009362571.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44625920\",\n \"\ size\": \"36864\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000002.4725891386.00000000000D0000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"24576\",\n \"base_address\": \"851968\"\ ,\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000002.4733759389.00000000008EA000.00000040.00000001.01000000.00000003.sdmp\",\n \"size\": \"16384\",\n \ \ \"base_address\": \"9347072\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4733863257.00000000008F0000.00000004.00000001.01000000.00000003.sdmp\",\n \"\ size\": \"69632\",\n \"base_address\": \"9371648\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4053059860.0000000002ACE000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44883968\",\n \"\ size\": \"45056\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4013174785.0000000002A98000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"12288\",\n \"base_address\": \"44662784\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.3998485081.0000000002A97000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44658688\",\n \"size\": \"4096\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4737287936.0000000005BEC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"81920\",\n \"base_address\": \"96387072\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4048804357.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44744704\",\n \"\ size\": \"28672\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4045687309.0000000002A90000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44630016\",\n \"size\": \"24576\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4005332275.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44687360\",\n \"size\": \"65536\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4019386609.0000000002A9C000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44679168\",\n \"\ size\": \"65536\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000002.4735021645.000000000545F000.00000004.00000010.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \"base_address\": \"88469504\"\ ,\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4050682987.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44625920\",\n \"size\": \"28672\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4047408671.0000000002AB9000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44797952\",\n \"\ size\": \"28672\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4033294793.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44683264\",\n \"size\": \"86016\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4735096415.000000000585E000.00000004.00000010.00020000.00000000.sdmp\",\n \ \ \"size\": \"8192\",\n \"base_address\": \"92659712\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4037152198.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"12288\",\n \"base_address\": \"44789760\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3783082496.0000000000116000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"28672\",\n \"base_address\": \"1138688\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4054694906.0000000002A95000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44650496\",\n \"\ size\": \"102400\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\"\ : \"00000000.00000003.4034691774.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44863488\",\n \"size\": \"32768\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4734696648.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_EXIT\",\n \"base_address\": \"44732416\",\n \"size\": \"12288\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4045239264.0000000002AC6000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44851200\",\n \"\ size\": \"16384\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.3989203434.0000000005933000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"167936\",\n \"base_address\": \"93532160\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.3988497370.0000000005B75000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"95899648\",\n \"size\": \"16384\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4034947139.0000000002ABB000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44806144\",\n \"\ size\": \"49152\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4054119180.0000000002AD7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44920832\",\n \"size\": \"8192\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4018979853.0000000002ABC000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44810240\",\n \"size\": \"4096\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3986796732.0000000005C08000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"36864\",\n \"base_address\": \"96501760\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3996690471.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44691456\",\n \"\ size\": \"32768\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4019092549.0000000002AA6000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44720128\",\n \"size\": \"24576\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4006627997.0000000002A95000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44650496\",\n \"size\": \"20480\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4010122598.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44793856\",\n \"\ size\": \"20480\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000002.4737017644.0000000005BC2000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_EXIT\"\ ,\n \"base_address\": \"96215040\",\n \"size\": \"12288\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4733650132.00000000008D3000.00000040.00000001.01000000.00000003.sdmp\",\n \ \ \"size\": \"69632\",\n \"base_address\": \"9252864\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4031269270.0000000002ABC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44810240\",\n \"\ size\": \"45056\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4031995747.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44683264\",\n \"size\": \"86016\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4035430962.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44863488\",\n \"size\": \"32768\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4019770715.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44687360\",\n \"\ size\": \"94208\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4048207332.0000000002A9B000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44675072\",\n \"size\": \"98304\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3986855662.0000000005C15000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"53248\",\n \"base_address\": \"96555008\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4016938087.0000000002A98000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44662784\",\n \"\ size\": \"24576\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4044333796.0000000002AD8000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \"base_address\": \"44924928\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4053600854.0000000002AAE000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44752896\",\n \"size\": \"45056\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4736791880.0000000005B8C000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_EXIT\",\n \"base_address\": \"95993856\",\n \"\ size\": \"12288\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4021235016.0000000002AA5000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44716032\",\n \"size\": \"57344\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4005570815.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44687360\",\n \"size\": \"86016\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4013836750.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44613632\",\n \"\ size\": \"12288\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4039646272.0000000002ABA000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44802048\",\n \"size\": \"94208\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3997774994.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44732416\",\n \"size\": \"24576\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3998976426.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44707840\",\n \"\ size\": \"49152\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4018666955.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"20480\",\n \"base_address\": \"44744704\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.3986980724.0000000005BB9000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"96178176\",\n \"size\": \"49152\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4733533456.000000000088A000.00000040.00000001.01000000.00000003.sdmp\"\ ,\n \"size\": \"4096\",\n \"base_address\": \"8953856\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4044109619.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"\ size\": \"40960\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4031731160.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"24576\",\n \"base_address\": \"44744704\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4047600514.0000000002A92000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44638208\",\n \"size\": \"20480\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4015637038.0000000002AA2000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44703744\",\n \"\ size\": \"61440\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4022889776.0000000002AA8000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44728320\",\n \"size\": \"16384\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4048054520.0000000002A94000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"16384\",\n \"base_address\": \"44646400\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4002016909.0000000002AA6000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44720128\",\n \"\ size\": \"53248\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4015821591.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44789760\",\n \"size\": \"24576\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3996821186.0000000002AAE000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"4096\",\n \"base_address\": \"44752896\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4736553371.0000000005B60000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_EXIT\",\n \"base_address\": \"95813632\",\n \"\ size\": \"4096\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000003.4031533653.0000000002AC4000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"12288\",\n \"base_address\": \"44843008\",\n\ \ \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \ \ \"file_name\": \"00000000.00000003.3997011276.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44707840\",\n \"size\": \"49152\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4014592623.0000000002A98000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44662784\",\n \"\ size\": \"45056\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000002.4736886883.0000000005BA5000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"12288\",\n \"base_address\": \"96096256\"\ ,\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4013953563.0000000002AAE000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44752896\",\n \"size\": \"61440\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4727126622.000000000015A000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"16384\",\n \"base_address\": \"1417216\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3987457625.0000000005BEC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"81920\",\n \"base_address\": \"96387072\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4733060915.000000000080E000.00000040.00000001.01000000.00000003.sdmp\"\ ,\n \"size\": \"212992\",\n \"base_address\": \"8445952\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4045763197.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"28672\",\n \"base_address\": \"44744704\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4016558919.0000000002A98000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"12288\",\n \"base_address\": \"44662784\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4015962945.0000000002A95000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44650496\",\n \"\ size\": \"12288\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.3988196143.0000000005B95000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"96030720\",\n \"size\": \"24576\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4733835284.00000000008EF000.00000040.00000001.01000000.00000003.sdmp\",\n \ \ \"size\": \"4096\",\n \"base_address\": \"9367552\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4050288119.0000000002A96000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"8192\",\n \"base_address\": \"44654592\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4012081494.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44724224\",\n \"\ size\": \"45056\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4006815150.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44724224\",\n \"size\": \"69632\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4019146778.0000000002ABC000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44810240\",\n \"size\": \"4096\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3819405831.0000000000127000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"28672\",\n \"base_address\": \"1208320\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4734177040.00000000012A0000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"12288\",\n \"base_address\": \"19529728\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3998708789.0000000002A91000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"16384\",\n \"base_address\": \"44634112\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4032233555.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"\ size\": \"106496\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\"\ : \"00000000.00000003.4002918121.0000000002A9A000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44670976\",\n \"size\": \"102400\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4004776007.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44724224\",\n \"size\": \"49152\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3998198879.0000000002A97000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44658688\",\n \"\ size\": \"4096\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000003.4015870554.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \"\ ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44687360\",\n \"size\": \"57344\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4727983909.0000000000400000.00000002.00000001.01000000.00000003.sdmp\",\n \ \ \"size\": \"4096\",\n \"base_address\": \"4194304\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4004381293.0000000002A91000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"16384\",\n \"base_address\": \"44634112\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4011656979.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44724224\",\n \"\ size\": \"28672\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.3995765211.0000000002AA4000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44711936\",\n \"size\": \"45056\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3999656242.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"16384\",\n \"base_address\": \"44707840\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4013879035.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44625920\",\n \"\ size\": \"61440\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4010646453.0000000002ABB000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44806144\",\n \"size\": \"8192\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3996320948.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44744704\",\n \"size\": \"12288\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4044293766.0000000002ACB000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44871680\",\n \"\ size\": \"4096\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000003.4004470266.0000000002A97000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \"\ ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44658688\",\n \"size\": \"4096\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4045542059.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"size\": \"8192\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4043102825.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44625920\",\n \"\ size\": \"28672\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4004140475.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44687360\",\n \"size\": \"86016\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4021402773.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44707840\",\n \"size\": \"106496\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4040660543.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"\ size\": \"12288\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4006488551.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44625920\",\n \"size\": \"61440\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4733972532.0000000000B0A000.00000004.00000010.00020000.00000000.sdmp\",\n \ \ \"size\": \"24576\",\n \"base_address\": \"11575296\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4030449336.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44863488\",\n \"\ size\": \"4096\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000003.4010178697.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"20480\",\n \"base_address\": \"44687360\",\n\ \ \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \ \ \"file_name\": \"00000000.00000003.4030376976.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \ \ \"base_address\": \"44863488\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3994908861.0000000002AA9000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ size\": \"20480\",\n \"base_address\": \"44732416\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3988020173.0000000005BBD000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"12288\",\n \"base_address\": \"96194560\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4036062852.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44863488\",\n \"\ size\": \"32768\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4008231018.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44793856\",\n \"size\": \"20480\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4002302553.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"4096\",\n \"base_address\": \"44683264\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3988958017.0000000005B61000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"95817728\",\n \"\ size\": \"57344\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.3985890086.0000000005C01000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \"base_address\": \"96473088\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.3989590517.000000000595E000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \ \ \"base_address\": \"93708288\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4036253821.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ size\": \"45056\",\n \"base_address\": \"44789760\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4055064577.0000000002AD2000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44900352\",\n \"\ size\": \"28672\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4014311273.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44769280\",\n \"size\": \"45056\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3987559979.0000000005C06000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"8192\",\n \"base_address\": \"96493568\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4013794473.0000000002A98000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44662784\",\n \"\ size\": \"24576\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4055839037.0000000002AAE000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"90112\",\n \"base_address\": \"44752896\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4054419778.0000000002AAE000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"57344\",\n \ \ \"base_address\": \"44752896\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4024007432.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n \ \ ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44793856\",\n \"size\": \"20480\"\n \ \ },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4001908520.0000000002AA6000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"53248\",\n \"base_address\": \"44720128\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4019013992.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44687360\",\n \"\ size\": \"57344\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4032786147.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"24576\",\n \"base_address\": \"44744704\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.3986387394.0000000005BEC000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"81920\",\n \ \ \"base_address\": \"96387072\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3999302855.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n \ \ ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44691456\",\n \"size\": \"16384\"\n \ \ },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4035606629.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44625920\",\n \"\ size\": \"118784\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\"\ : \"00000000.00000003.3988823999.0000000005B99000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"8192\",\n \"base_address\": \"96047104\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000002.4733808768.00000000008EE000.00000080.00000001.01000000.00000003.sdmp\",\n \"size\": \"4096\",\n \ \ \"base_address\": \"9363456\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4734887129.000000000505C000.00000004.00000010.00020000.00000000.sdmp\",\n \"\ size\": \"16384\",\n \"base_address\": \"84262912\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4029528576.0000000002AC9000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"4096\",\n \"base_address\": \"44863488\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4737417545.0000000005C01000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"4096\",\n \"base_address\": \"96473088\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4012533943.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44625920\",\n \"\ size\": \"61440\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4056289768.0000000002AD8000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \"base_address\": \"44924928\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4033690086.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"size\": \"65536\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4734255421.00000000012AD000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"8192\",\n \"base_address\": \"19582976\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4056128282.0000000002AD8000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44924928\",\n \"\ size\": \"4096\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000003.4056093998.0000000002AD8000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \"base_address\": \"44924928\",\n\ \ \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \ \ \"file_name\": \"00000000.00000003.4024488909.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"24576\",\n \ \ \"base_address\": \"44744704\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4007340142.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n \ \ ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44724224\",\n \"size\": \"28672\"\n \ \ },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4022317364.0000000002ABB000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44806144\",\n \"\ size\": \"8192\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000003.4045825154.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \"\ ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44789760\",\n \"size\": \"36864\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4044676095.0000000002A90000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"12288\",\n \"base_address\": \"44630016\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4047478053.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44847104\",\n \"\ size\": \"81920\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4053527862.0000000002ABD000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"36864\",\n \"base_address\": \"44814336\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4003607529.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44687360\",\n \"size\": \"32768\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4054576211.0000000002AD2000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44900352\",\n \"\ size\": \"28672\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4033204353.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"24576\",\n \"base_address\": \"44625920\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4006576638.0000000002A9A000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44670976\",\n \"size\": \"16384\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4001767705.0000000002A97000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"16384\",\n \"base_address\": \"44658688\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4047047088.0000000002A91000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"20480\",\n \"base_address\": \"44634112\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4012644172.0000000002A98000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44662784\",\n \"\ size\": \"24576\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4051522353.0000000002A9B000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44675072\",\n \"size\": \"49152\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3987336676.0000000005BDC000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"40960\",\n \"base_address\": \"96321536\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4047921070.0000000002AC7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44855296\",\n \"\ size\": \"73728\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4036845271.0000000002ACF000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44888064\",\n \"size\": \"8192\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4041845620.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44744704\",\n \"size\": \"28672\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4051008152.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"28672\",\n \"base_address\": \"44744704\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4019246509.0000000002A93000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44642304\",\n \"\ size\": \"102400\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\"\ : \"00000000.00000003.4013393062.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44724224\",\n \"size\": \"49152\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4002136461.0000000002AAF000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"size\": \"16384\",\n \"base_address\": \"44756992\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4029685179.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"49152\",\n \"base_address\": \"44625920\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3996142179.0000000002A97000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44658688\",\n \"\ size\": \"53248\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4021955792.0000000002A9A000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44670976\",\n \"size\": \"143360\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4042580922.0000000002AC7000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44855296\",\n \"size\": \"40960\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4002356636.0000000002A91000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"16384\",\n \"base_address\": \"44634112\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4006061510.0000000002AA6000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44720128\",\n \"\ size\": \"53248\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.3987533726.0000000005C01000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \"base_address\": \"96473088\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4017831929.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"20480\",\n \ \ \"base_address\": \"44744704\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3782668805.0000000000116000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ size\": \"28672\",\n \"base_address\": \"1138688\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \ \ \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4009600150.0000000002AA7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44724224\",\n \"\ size\": \"90112\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4028038466.0000000002ABD000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"24576\",\n \"base_address\": \"44814336\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4010055892.0000000002A91000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44634112\",\n \"size\": \"28672\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4005073173.0000000002A97000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44658688\",\n \"\ size\": \"114688\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\"\ : \"00000000.00000003.4032588017.0000000002ABC000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \ \ \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44810240\",\n \"size\": \"57344\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4024205842.0000000002AA2000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44703744\",\n \"size\": \"40960\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4030911212.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"\ size\": \"65536\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4005718865.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"16384\",\n \"base_address\": \"44625920\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4055133068.0000000002AD6000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44916736\",\n \"size\": \"12288\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4018923487.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"20480\",\n \"base_address\": \"44744704\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3988430941.0000000005B7A000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"95920128\",\n \"\ size\": \"12288\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4052154990.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"36864\",\n \"base_address\": \"44789760\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4022479765.0000000002A8F000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"24576\",\n \ \ \"base_address\": \"44625920\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4008003780.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n \ \ ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44789760\",\n \"size\": \"24576\"\n \ \ },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4049194255.0000000002AAC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"28672\",\n \"base_address\": \"44744704\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4025486876.0000000002A9C000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44679168\",\n \"\ size\": \"65536\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000002.4733505140.0000000000886000.00000040.00000001.01000000.00000003.sdmp\",\n \"size\": \"4096\",\n \"base_address\": \"8937472\"\ ,\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4038653494.0000000002AD0000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44892160\",\n \"size\": \"4096\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4018710295.0000000002ABC000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"4096\",\n \"base_address\": \"44810240\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4007173933.0000000002AB2000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44769280\",\n \"\ size\": \"45056\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\":\ \ \"00000000.00000003.4010850749.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"20480\",\n \"base_address\": \"44687360\"\ ,\n \"stage\": \"MEM_STAGE_FREE\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n\ \ \"file_name\": \"00000000.00000003.4042116826.0000000002ACC000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n \ \ {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \ \ \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44875776\",\n \"size\": \"20480\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4047866119.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44793856\",\n \"\ size\": \"4096\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000002.4734215615.00000000012A4000.00000004.00000020.00020000.00000000.sdmp\",\n \"size\": \"12288\",\n \"base_address\": \"19546112\",\n\ \ \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \ \ \"file_name\": \"00000000.00000002.4735058670.000000000565F000.00000004.00000010.00020000.00000000.sdmp\",\n \"size\": \"4096\",\n \ \ \"base_address\": \"90566656\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n {\n \"process\": \"C:\\\\Users\\\ \\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4015021424.0000000002AA6000.00000004.00000020.00020000.00000000.sdmp\",\n \"\ refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n \ \ ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44720128\",\n \"size\": \"24576\"\n \ \ },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4056787570.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44908544\",\n \"\ size\": \"8192\"\n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"\ 00000000.00000003.4053322183.0000000002A9C000.00000004.00000020.00020000.00000000.sdmp\",\n \"refs\": [\n {\n \"\ ref\": \"#signature_matches\",\n \"value\": \"238\"\n }\n ],\n \"stage\": \"MEM_STAGE_FREE\"\ ,\n \"base_address\": \"44679168\",\n \"size\": \"118784\"\n },\n {\n \"process\": \"C:\\\ \\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4007474889.0000000002A9A000.00000004.00000020.00020000.00000000.sdmp\",\n \ \ \"refs\": [\n {\n \"ref\": \"#signature_matches\",\n \"value\": \"238\"\n \ \ }\n ],\n \"stage\": \"MEM_STAGE_FREE\",\n \"base_address\": \"44670976\",\n \"size\": \"16384\"\ \n },\n {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.3986101269.0000000005C15000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"53248\",\n \"base_address\": \"96555008\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4011537524.0000000002A9E000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"20480\",\n \"base_address\": \"44687360\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000003.4056564120.0000000002AD8000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"4096\",\n \"base_address\": \"44924928\",\n \"stage\": \"MEM_STAGE_FREE\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4727661403.00000000001A3000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"69632\",\n \"base_address\": \"1716224\",\n \"stage\": \"MEM_STAGE_EXIT\"\n },\n \ \ {\n \"process\": \"C:\\\\Users\\\\user\\\\Desktop\\\\program.exe\",\n \"file_name\": \"00000000.00000002.4726329372.0000000000103000.00000004.00000020.00020000.00000000.sdmp\"\ ,\n \"size\": \"40960\",\n \"base_address\": \"1060864\",\n \"stage\": \"MEM_STAGE_EXIT\"\n }\n \ \ ],\n \"has_html_report\": true,\n \"has_memdump\": true,\n \"tls\": [\n {\n \"ja3\": \"37f463bf4616ecd445d4a1937da06e19\"\ ,\n \"sni\": \"cygwin.com\",\n \"version\": \"TLS 1.2\",\n \"thumbprint\": \"576089cf2ead1e3ae47d52c0547d0aecf841ddf0\",\n \ \ \"serial_number\": \"0403062850b082729a379cce564788cc337c\",\n \"subject\": {\n \"CN\": \"cygwin.com\"\n \ \ },\n \"ja3s\": \"567bb420d39046dbfd1f68b558d86382\",\n \"issuer\": {\n \"C\": \"US\",\n \ \ \"CN\": \"R3\"\n }\n }\n ],\n \"verdicts\": [\n \"CLEAN\"\n ],\n \"\ ja3_digests\": [\n \"37f463bf4616ecd445d4a1937da06e19\"\n ],\n \"files_written\": [\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\ \\Microsoft\\\\Windows\\\\History\",\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\",\n \"C:\\\\Users\\\\user\\\\AppData\\\ \\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\WIKWAFRE\\\\mirrors[1].lst\",\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCookies\",\n \ \ \"C:\\\\cygwin64\",\n \"C:\\\\cygwin64\\\\var\",\n \"C:\\\\cygwin64\\\\var\\\\log\",\n \"\\\\Device\\\\ConDrv\\\\Connect\"\ ,\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"C:\\\\Users\\\\user\\\\AppData\\\ \\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\",\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\"\ ,\n \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\"\n ],\n \"has_pcap\": true,\n \ \ \"dns_lookups\": [\n {\n \"resolved_ips\": [\n \"8.43.85.97\"\n ],\n \"hostname\"\ : \"cygwin.com\"\n },\n {\n \"resolved_ips\": [\n \"87.248.205.0\",\n \"208.111.186.140\"\ ,\n \"87.248.202.1\",\n \"178.79.208.1\",\n \"208.111.186.0\",\n \"208.111.186.128\"\n\ \ ],\n \"hostname\": \"windowsupdatebg.s.llnwi.net\"\n },\n {\n \"resolved_ips\": [\n \ \ \"13.107.4.50\"\n ],\n \"hostname\": \"c-0001.c-msedge.net\"\n },\n {\n \ \ \"hostname\": \"au.c-0001.c-msedge.net\"\n }\n ],\n \"files_dropped\": [\n {\n \"path\"\ : \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\WIKWAFRE\\\\mirrors[1].lst\",\n \"sha256\": \"010e06fc0e1dc130ed311573e22298b3a2c2cd115ec0ceb330b962106e1cc657\"\ ,\n \"type\": \"TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\ \\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"2d21f8e403d90a0f5f936e7b8eb43d7ea1d219074a6aef7554a8cd07a6c0b6da\",\n \"type\": \"\ TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\"\ ,\n \"sha256\": \"96ff47b27825dda73368d1fa71db27beceaa96d5d9d9d79d73889639cc24ad55\",\n \"type\": \"TEXT\"\n },\n \ \ {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\WIKWAFRE\\\\mirrors[1].lst\",\n \"sha256\"\ : \"f2886fb6d5fe7dcbb8ac4ddfbef558d20b9ffac32ecf676247017c6f28b26b42\",\n \"type\": \"TEXT\"\n },\n {\n \"path\"\ : \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\WIKWAFRE\\\\mirrors[1].lst\",\n \"sha256\": \"d69015dd3addb05816782d3ae8b6a6c3f5f5ab2c90a61eef9ebcbe8d85e6d0ce\"\ ,\n \"type\": \"TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\ \\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"ab0a919116d36bdb425b75bcc507bb7e9f78a297cf5c13e2b00dc797fca19780\",\n \"type\": \"\ TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\WIKWAFRE\\\\mirrors[1].lst\"\ ,\n \"sha256\": \"55a9546e00d37dd40d38d3654bec55ef93a540f0e1a0c67cc2d14d209defca35\",\n \"type\": \"TEXT\"\n },\n \ \ {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\"\ : \"55a9546e00d37dd40d38d3654bec55ef93a540f0e1a0c67cc2d14d209defca35\",\n \"type\": \"TEXT\"\n },\n {\n \"path\"\ : \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"728c65b874c4c5309d9c7ef26b080f312e99156af940486cc3328f17d8ffe74f\"\ ,\n \"type\": \"TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\ \\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"4c264858d85ab04d83531859a646cf238862adb346be08d405def3255026bab1\",\n \"type\": \"\ TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\"\ ,\n \"sha256\": \"9b1f59b3bd39425706d38f3c95772ba7f80068970295e190489620b925cc6a0d\",\n \"type\": \"TEXT\"\n },\n \ \ {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\",\n \"sha256\"\ : \"2d21f8e403d90a0f5f936e7b8eb43d7ea1d219074a6aef7554a8cd07a6c0b6da\",\n \"type\": \"TEXT\"\n },\n {\n \"path\"\ : \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"40218bfafedfe5ce15d4b443394c39eae6ec40ecf080f6c9440bb713567f61af\"\ ,\n \"type\": \"TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\ \\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\",\n \"sha256\": \"3649419a11a2468f02b21d1d1f54d4de4e639b42c71845e4304eed72a2c6151a\",\n \"type\": \"\ TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\"\ ,\n \"sha256\": \"4ff1e805019b69e19e4fb6f754fe12915d46dfe6373a370e82e4e760d343df95\",\n \"type\": \"TEXT\"\n },\n \ \ {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\",\n \"sha256\"\ : \"1558a8abd7a1a8d31310961a99ad04bd58cca2a38fdda54cd9c88ff83bc5bd6b\",\n \"type\": \"TEXT\"\n },\n {\n \"path\"\ : \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"184edc88ed81c3056ac4d431232523707e08c6fb4b3fa540a54a4994822e891b\"\ ,\n \"type\": \"TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\ \\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\",\n \"sha256\": \"7e1710a13c387c714152293b7a18a6e5467dcab4635249f8971a9297995b9f50\",\n \"type\": \"\ TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\"\ ,\n \"sha256\": \"a095a6e62e173f8128c040e785d240d1241977d96c48b1d2de137fdee230f748\",\n \"type\": \"TEXT\"\n },\n \ \ {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\"\ : \"65865ea1b6c364345dda7018544d48e9584fc2a70d6cc7bd4a7f35be244abbeb\",\n \"type\": \"TEXT\"\n },\n {\n \"path\"\ : \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"979040e186574ee82bdfdc489af1a0c2fe79e220e34faeddc6cec7fdfa49423e\"\ ,\n \"type\": \"TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\ \\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\",\n \"sha256\": \"ccfc9ef8448843747c2b90f8f018e3e0b3738ff373aea4efa9115ad44d18025d\",\n \"type\": \"\ TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\"\ ,\n \"sha256\": \"3c614b0c104028afd0ee97eb84d4f63f38da005268b2707941628a20a4f2f099\",\n \"type\": \"TEXT\"\n },\n \ \ {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\"\ : \"7e1710a13c387c714152293b7a18a6e5467dcab4635249f8971a9297995b9f50\",\n \"type\": \"TEXT\"\n },\n {\n \"path\"\ : \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"c7c5426c3ca81941c52cb8497ef99ced0acc12dff4cbe33ad9ddfd6b4cdcc930\"\ ,\n \"type\": \"TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\ \\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\",\n \"sha256\": \"ae6a6e1e1efb906d3dc510c26b96b1611b08fbd07ef1f17434e84b32ca0d6a3f\",\n \"type\": \"\ TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\"\ ,\n \"sha256\": \"f06ded0a73bb4c0789a0d2e00b21d86894942917ab2e0b1488c443dc68f77571\",\n \"type\": \"TEXT\"\n },\n \ \ {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\"\ : \"69542e2ac46b793e56ae31ff379ae15b2d7733b6b75b9e7b4279a789add1b8d9\",\n \"type\": \"TEXT\"\n },\n {\n \"path\"\ : \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"06abbdc423b46a1653cec6c087780f7ed67e671b17a167a5b3efc227b73b5abb\"\ ,\n \"type\": \"TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\ \\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"154587ca83210ce0c9b1ddcbc2550771d73d99817cf1e79cc0ff45dd3a0d5ab2\",\n \"type\": \"\ TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\"\ ,\n \"sha256\": \"a015d3efbea036dd2d49eeaeb5517ea2a435581e359ffd849b8dacc685097110\",\n \"type\": \"TEXT\"\n },\n \ \ {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\",\n \"sha256\"\ : \"a27d154eb30d914a5febe44db3bc855a4b12dfb461135e579f8ca93b13880b6c\",\n \"type\": \"TEXT\"\n },\n {\n \"path\"\ : \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\INetCache\\\\IE\\\\R0IAZP7Z\\\\mirrors[1].lst\",\n \"sha256\": \"71477cd5de3fa02e5ca21c531412f3bd15f85ee2b359f363a43f62f9b6dbaedc\"\ ,\n \"type\": \"TEXT\"\n },\n {\n \"path\": \"C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\ \\INetCache\\\\IE\\\\ETCJ2WHM\\\\mirrors[1].lst\",\n \"sha256\": \"012fe5f723fe67fca256baa151bbc47f912d3fee8f4deae9c8a7eddb3743a83d\",\n \"type\": \"\ TEXT\"\n }\n ],\n \"behash\": \"7d3c3f3386c9be1f5441f4b12ddc1edc\",\n \"has_evtx\": true\n },\n \"type\": \"\ file_behaviour\",\n \"id\": \"edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_Zenbox\",\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/file_behaviours/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e_Zenbox\"\ \n }\n }\n ],\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/files/edd0a64dc65087ffe453ca94b267169b39458a983b29ac31320fcaa983d0f97e/behaviours?limit=10\"\ \n }\n```\n" operationId: getAllBehaviorReportsForAFile parameters: - description: SHA-256, SHA-1 or MD5 identifying the file in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get All Behavior Reports for a File x-microcks-operation: delay: 0 dispatcher: FALLBACK /ip_addresses/{ip}: get: tags: - IoC Investigation - IP addresses deprecated: false description: 'Returns an [IP address](https://gtidocs.virustotal.com/reference/ip-object) object. ' operationId: ipInfo parameters: - description: IP address in: path name: ip required: true schema: type: string - description: The name of your tool or service. This is required to obtain the gti_assesment data in: header name: x-tool required: false schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get an IP Address Report x-microcks-operation: delay: 0 dispatcher: FALLBACK /ip_addresses/{ip}/comments: get: tags: - IoC Investigation - IP addresses deprecated: false description: 'Returns a list of [Comment](https://gtidocs.virustotal.com/reference/comment-object) objects. ' operationId: ipCommentsGet parameters: - description: IP address in: path name: ip required: true schema: type: string - description: Maximum number of comments to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Comments on an IP Address x-microcks-operation: delay: 0 dispatcher: FALLBACK post: tags: - IoC Investigation - IP addresses deprecated: false description: "With this endpoint you can post a comment for a given IP address. The body for the POST request must be the JSON representation of a comment object. Notice however that you don't need\ \ to provide an ID for the object, as they are automatically generated for new comments.\n\nAny word starting with # in your comment's text will be considered a tag, and added to the comment's tag\ \ attribute.\n\n```json Example request\n{\n \"data\": {\n \"type\": \"comment\",\n \"attributes\": {\n \t\"text\": \"Lorem #ipsum dolor sit ...\"\n }\n }\n}\n```\n\nReturns a [Comment](https://gtidocs.virustotal.com/reference/comment-object)\ \ object.\n" operationId: ipCommentsPost parameters: - description: IP address in: path name: ip required: true schema: type: string requestBody: content: application/json: schema: properties: data: default: '{"type": "comment", "attributes": {"text": "Lorem ipsum dolor sit ..."}}' description: A comment object format: json type: string type: object responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Add a Comment to an IP Address x-microcks-operation: delay: 0 dispatcher: FALLBACK /ip_addresses/{ip}/relationships/{relationship}: get: tags: - IoC Investigation - IP addresses deprecated: false description: 'This endpoint is the same as [/ip_addresses/{ip}/{relationship}](https://gtidocs.virustotal.com/reference/ip-relationships) except it returns just the related object''s IDs (and context attributes, if any) instead of returning all attributes. ' operationId: ipRelationshipsIds parameters: - description: IP address in: path name: ip required: true schema: type: string - description: Relationship name (see [table](ref:ip-object#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: '10' type: string - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Object Descriptors Related to an IP Address x-microcks-operation: delay: 0 dispatcher: FALLBACK /ip_addresses/{ip}/votes: get: tags: - IoC Investigation - IP addresses deprecated: false description: 'Returns a list of [Vote](https://gtidocs.virustotal.com/reference/vote-object) objects. ' operationId: ipVotes parameters: - description: IP Address in: path name: ip required: true schema: type: string responses: '200': content: application/json: examples: Result: value: "{\n \"data\": [\n {\n \"attributes\": {\n \"date\": 1574246328,\n \"value\": 47,\n \"verdict\": \"harmless\"\n\ \ },\n \"id\": \"i-1.1.1.1-a68784ad\",\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/votes/i-1.1.1.1-a68784ad\"\n \ \ },\n \"type\": \"vote\"\n },\n {\n \"attributes\": {\n \"date\": 1569486791,\n \"value\": -1,\n \ \ \"verdict\": \"malicious\"\n },\n \"id\": \"i-1.1.1.1-e15e57e9\",\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/votes/i-1.1.1.1-e15e57e9\"\ \n },\n \"type\": \"vote\"\n }\n ],\n \"links\": {\n \"self\": \"https://www.virustotal.com/api/v3/ip_addresses/1.1.1.1/votes?limit=10\"\n \ \ }\n}" schema: properties: data: items: properties: attributes: properties: date: default: 0 type: integer value: default: 0 type: integer verdict: type: string type: object id: type: string links: properties: self: type: string type: object type: type: string type: object type: array links: properties: self: type: string type: object type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Votes on an IP Address x-microcks-operation: delay: 0 dispatcher: FALLBACK post: tags: - IoC Investigation - IP addresses deprecated: false description: "With this endpoint you can post a vote for a given file. The body for the POST request must be the JSON representation of a [vote object](https://gtidocs.virustotal.com/reference/vote-object).\ \ Note however that you don't need to provide an ID for the object, as they are automatically generated for new votes.\n\nThe verdict attribute must have be either harmless or malicious.\n\n```json\ \ Example request\n{\n \"data\": {\n \"type\": \"vote\",\n \"attributes\": {\n \t\"verdict\": \"harmless\"\n }\n }\n}\n```\n\nReturns a [Vote](https://gtidocs.virustotal.com/reference/vote-object)\ \ object.\n" operationId: ipVotesPost parameters: - description: IP Address in: path name: ip required: true schema: type: string requestBody: content: application/json: schema: properties: data: default: '{"type": "vote", "attributes": {"verdict": "malicious"}}' description: Vote object format: json type: string required: - data type: object responses: '200': content: application/json: examples: Result: value: "{\n \"data\": {\n \"attributes\": {\n \"date\": 1574246672,\n \"value\": 1,\n \"verdict\": \"harmless\"\n },\n \"id\":\ \ \"i-IP-a68784ad\",\n \"links\": {\n \"self\": null\n },\n \"type\": \"vote\"\n }\n}" schema: properties: data: properties: attributes: properties: date: default: 0 type: integer value: default: 0 type: integer verdict: type: string type: object id: type: string links: properties: self: {} type: object type: type: string type: object type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' '409': content: application/json: examples: Result: value: "{\n \"error\": {\n \"code\": \"AlreadyExistsError\",\n \"message\": \"User \\\"UserName\\\" already voted \\\"harmless\\\" for this ip_address\"\n }\n}" schema: properties: error: properties: code: type: string message: type: string type: object type: object description: '409' security: - VTApiKey: [] summary: VirusTotal Add a Vote to an IP Address x-microcks-operation: delay: 0 dispatcher: FALLBACK /ip_addresses/{ip}/{relationship}: get: tags: - IoC Investigation - IP addresses deprecated: false description: "IP addresses have number of relationships to other objects. As mentioned in the [Relationships](https://gtidocs.virustotal.com/reference/relationships) section, those related objects\ \ can be retrieved by sending `GET` requests to the relationship URL. \n\nAll available relationships are documented in the [IP address](https://gtidocs.virustotal.com/reference/ip-object) API object\ \ page.\n" operationId: ipRelationships parameters: - description: IP address in: path name: ip required: true schema: type: string - description: Relationship name (see [table](ref:ip-object#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Objects Related to an IP Address x-microcks-operation: delay: 0 dispatcher: FALLBACK /popular_threat_categories: get: tags: - IoC Investigation - Popular Threat Categories deprecated: false description: VirusTotal Get a List of Popular Threat Categories operationId: popularThreatCategories responses: '200': content: application/json: examples: Result: value: "{\"data\": [\n \"adware\", \"banker\", \"downloader\",\n \"dropper\", \"fakeav\", \"hacktool\",\n \"miner\", \"phising\", \"pua\",\n \"ransomware\", \"spyware\", \"trojan\"\ ,\n \"virus\", \"worm\"]}" schema: properties: data: items: type: string type: array type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' summary: VirusTotal Get a List of Popular Threat Categories parameters: [] security: - VTApiKey: [] x-microcks-operation: delay: 0 dispatcher: FALLBACK /intelligence/search: get: tags: - IoC Investigation - Search & Metadata deprecated: false description: "> \U0001F6A7 Searches using a fuzzy hash (ssdeep, TLSH, ...) are throttled due to performance reasons. The typical throttler is 15 searches / minute.\n\nThis endpoint allows to search\ \ for files in the Google Threat Intelligence's dataset, using the same query syntax that you would use in the Google TI user interface. **URL Safe encoding must be used when using this endpoint\ \ programatically.**\n\nThe result from this endpoint is a collection of file objects that match the given query. If the `descriptors_only` parameter is set to `true`, the resulting collection will\ \ contain only the object descriptors. This is useful if you are interested in getting only the SHA-256 of the matching files. In those cases you better set `descriptors_only=true` for reducing\ \ the latency of your requests.\n\n> \U0001F6A7 Content searches can not be sorted\n> \n> If your query contains content search the order parameter will make no effect.\n\nThe `order` parameter\ \ defines the order in which results are returned. They can be followed by a plus (`+`) or minus (`-`) sign for indicating ascending or descending order respectively (i.e: `+`, `-`).\ \ If no ascending/descending order is specified it's assumed to be ascending, so `` and `+` are equivalent. If the `order` parameter is not provided, items are returned in a default\ \ order. The following table shows supported and default orders for every kind of entity:\n\n| Entity type | Supported orders | Default\ \ order |\n| :---------- | :------------------------------------------------------------------------------ | :---------------------- |\n| file | first_submission_date, last_submission_date,\ \ positives, times_submitted, size | last_submission_date- |\n| url | first_submission_date, last_submission_date, positives, times_submitted, status | last_submission_date- |\n| domain\ \ | creation_date, last_modification_date, last_update_date, positives | last_modification_date- |\n| ip | ip, last_modification_date, positives \ \ | last_modification_date- |\n\nThis request returns a list of API objects ([files](https://gtidocs.virustotal.com/reference/files), [URLs](https://gtidocs.virustotal.com/reference/url-object),\ \ [IP addresses](https://gtidocs.virustotal.com/reference/ip-object) or [domains](https://gtidocs.virustotal.com/reference/domains-object)).\n\nAlso, some context attributes are added in certain\ \ searches:\n\n- When searching files by `content`. These context attributes are:\n - `confidence`: \\<_float_> match confidence.\n - `match_in_subfile`: \\<_boolean_> whether the content match\ \ was found in a [subfile](https://gtidocs.virustotal.com/reference/files-bundled_files) or not.\n - `snippet`: \\<_string_> snippet ID. This ID can be later used in `/intelligence/search/snippets/{id}`\ \ endpoint.\n\n- When doing a hash similarity search:\n - `similarity_score`: \\<_float_> number between 0 and 1 indicating the percentage of the fuzzy hash that matched. For example, `1.0` indicates\ \ the hash is the same as the specified; `0.5` that half of the hash matches the one given.\n\n```json Example response (search by file content)\n{\n \"data\": [\n {\n \"context_attributes\"\ : {\n \"confidence\": 1,\n \"match_in_subfile\": false,\n \"snippet\": \"L3Z0c2FtcGxlcy8zODIzMzkzNjNhOTM2NDM2ZDM2MDM1MzFkM2IzOGEzMmUzMTUzNzM3MTM4MzY3MzBlM2Q2MzQ4MzY1M2MzYzNhfHw3MTg1Mzk2OjExfHwxNTk5NDY0OTQ3fHwzODIzMzkzNjNhOTM2NDM2ZDM2MDM1MzFkM2IzOGEzMmUzMTUzNzM3MTM4MzY3MzBlM2Q2MzQ4MzY1M2MzYzNh\"\ \n },\n \"id\": \"382339363a936436d3603531d3b38a32e315373713836730e3d63483653c3c3a\",\n \"type\": \"file\"\n }\n ],\n \"links\": {\n \"next\": \"https://www.virustotal.com/api/v3/intelligence/search?cursor=H4sI...A&query=content%3A+%22hello+world%22&limit=1&descriptors_only=true\"\ ,\n \"self\": \"https://www.virustotal.com/api/v3/intelligence/search?query=content%3A%20%22hello%20world%22&descriptors_only=true&limit=1\"\n },\n \"meta\": {\n \"cursor\": \"H4sIAAA...\"\ ,\n \"days_back\": 365\n }\n}\n```\n" operationId: intelligenceSearch parameters: - description: Search query using URL Safe encoding in: query name: query required: true schema: type: string - description: Sort order (see table in the description above) in: query name: order schema: type: string - description: Maximum number of results per page (Max. 300) in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string - description: Whether to return full object information or just object descriptors. in: query name: descriptors_only schema: default: false type: boolean responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Advanced Corpus Search x-microcks-operation: delay: 0 dispatcher: FALLBACK /intelligence/search/snippets/{snippet}: get: tags: - IoC Investigation - Search & Metadata deprecated: false description: 'This request returns file content snippets that matched a query in the [`/search`](https://gtidocs.virustotal.com/reference/intelligence-search) endpoint. The response is a list of strings containing both content hexdump and plain text. Matched content is found between `*` characters, more file content is returned to provide additional context about the match. ' operationId: intelligenceSearchSnippets parameters: - description: Extracted snippet from context attributes at [/search](ref:intelligence-search) endpoint. in: path name: snippet required: true schema: type: string responses: '200': content: application/json: examples: Result: value: "{\n \"data\": [\n \"01CEE0A0: 09 20 2A 0A 09 20 2A 20 45 78 61 6D 70 6C 65 3A . *.. * Example:\\n01CEE0B0: 0A 09 20 2A 0A 09 20 2A 20 20 20 20 20 35\x1C 68 65\x1D .. *..\ \ * 5\x1Che\x1D\\n01CEE0C0: \x1C6C 6C 6F 20 77 6F 72 6C 64\x1D 0A 09 20 2A 20 20 20 \x1Cllo world\x1D.. * \",\n \"01CEF650: 6D 70 6C 65 3A 0A 09 20 2A 0A 09 20 2A 20 20 20\ \ mple:.. *.. * \\n01CEF660: 20 20 31 31 3A \x1C68 65 6C 6C 6F 20 77 6F 72 6C 64\x1D 11:\x1Chello world\x1D\\n01CEF670: 32 3A 68 69 0A 09 20 2A 0A 09 20 2A 20 49 66 20 2:hi..\ \ *.. * If \",\n \"01D22020: 5C 6E 20 2A 20 45 78 61 6D 70 6C 65 3A 5C 6E 20 \\\\n * Example:\\\\n \\n01D22030: 2A 5C 6E 20 2A 20 20 20 20 20 35\x1C 68 65 6C 6C 6F\x1D *\\\\n\ \ * 5\x1Chello\x1D\\n01D22040: \x1C20 77 6F 72 6C 64 \x1D5C 6E 20 2A 20 20 20 20 20 33 \x1C world\x1D\\\\n * 3\",\n \"02C29AB0: 6C 6F 67 28 68 65 6C 6C 6F 2C 20 27 77 6F\ \ 72 6C log(hello, 'worl\\n02C29AC0: 64 27 29 3B 0A 20 2A 20 27\x1C 68 65 6C 6C 6F 20 77\x1D d');. * '\x1Chello w\x1D\\n02C29AD0: \x1C6F 72 6C 64 \x1D27 0A 20 2A 2F 0A 65 78 70 6F\ \ 72 74 \x1Corld\x1D'. */.export\",\n \"02C643E0: 28 68 65 6C 6C 6F 2C 20 27 77 6F 72 6C 64 27 29 (hello, 'world')\\n02C643F0: 3B 0A 20 2A 20 27 \x1C68 65 6C 6C 6F 20 77 6F 72\ \ 6C\x1D ;. * '\x1Chello worl\x1D\\n02C64400: \x1C64 \x1D27 0A 20 2A 2F 0A 76 61 72 20 6C 6F 67 20 3D \x1Cd\x1D'. */.var log =\"\n ]\n}" description: '200' '400': content: application/json: examples: Result: value: "{\n \"error\": {\n \"code\": \"BadRequestError\",\n \"message\": \"Invalid token\"\n }\n}" schema: properties: error: properties: code: type: string message: type: string type: object type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get File Content Search Snippets x-microcks-operation: delay: 0 dispatcher: FALLBACK /metadata: get: tags: - IoC Investigation - Search & Metadata deprecated: false description: "This endpoint returns a dictionary with metadata related to Google Threat Intelligence, which includes a full list of engines in use, a list of existing privileges, etc.\n\n```json Example\n\ {\n \"data\": {\n \"engines\": {\n \"ALYac\": {},\n \"APEX\": {},\n \"AVG\": {},\n \"AVware\": {},\n \"Acronis\": {},\n \"Ad-Aware\": {},\n \"AegisLab\": {},\n\ \ \"AhnLab-V3\": {},\n \"Alibaba\": {},\n \"Antiy-AVL\": {},\n \"Arcabit\": {},\n \"Avast\": {},\n \"Avast-Mobile\": {},\n \"Avira\": {},\n \"Babable\": {},\n\ \ \"Baidu\": {}\n },\n \"privileges\": [\n \"cases\",\n \"click_to_accept\",\n \"creditcards\",\n \"dogfooder\",\n \"file-behaviour-feed\",\n \"downloads-tier-1\"\ ,\n \"downloads-tier-2\"\n ],\n \"relationships\": {\n \"analysis\": [\n {\n \"description\": \"File or URL the analysis belongs to.\",\n \"name\": \"item\"\ \n }\n ],\n \"async_search_job\": [\n {\n \"description\": \"Objects that match the search.\",\n \"name\": \"matches\"\n }\n ],\n \"case\"\ : [\n {\n \"description\": \"Returns the files objects in the case.\",\n \"name\": \"files\"\n },\n {\n \"description\": \"Returns the graphs objects\ \ in the case.\",\n \"name\": \"graphs\"\n }\n ],\n \"code_block\": [\n {\n \"description\": \"Files that contain the code block.\",\n \"name\"\ : \"files\"\n }\n ],\n \"comment\": [\n {\n \"description\": \"Object to which the comment belongs to.\",\n \"name\": \"item\"\n },\n {\n\ \ \"description\": \"User who wrote the comment.\",\n \"name\": \"author\"\n }\n ],\n \"domain\": [\n {\n \"description\": \"Votes for the file/URL.\"\ ,\n \"name\": \"votes\"\n },\n {\n \"description\": \"Comments for the Domain or IP's related entities.\",\n \"name\": \"related_comments\"\n },\n\ \ {\n \"description\": \"Parent domain.\",\n \"name\": \"parent\"\n }\n ]\n }\n }\n}\n```\n" operationId: metadata parameters: [] responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Google Threat Intel Metadata x-microcks-operation: delay: 0 dispatcher: FALLBACK /search: get: tags: - IoC Investigation - Search & Metadata deprecated: false description: "This endpoint searches any of the following:\n\n- A file hash - Returns a [File](https://gtidocs.virustotal.com/reference/object-files) object.\n- A URL - Returns a [URL](https://gtidocs.virustotal.com/reference/url-object)\ \ object.\n- A domain - Returns [Domain](https://gtidocs.virustotal.com/reference/domains-object) object.\n- A IP address - Returns an [IP address](https://gtidocs.virustotal.com/reference/ip-object)\ \ object.\n- Comments by tags - Returns a list of [Comment](https://gtidocs.virustotal.com/reference/comment-object) objects.\n\nThe request returns a list of objects matching the query.\n\n```json\ \ Example response (searching for comments)\n{\n \"data\": [\n {\n \"attributes\": {\n \"date\": 1597349426,\n \"html\": \"search comment #example.\",\n \"tags\": [\n\ \ \"example\"\n ],\n \"text\": \"search comment #example.\",\n \"votes\": {\n \"abuse\": 0,\n \"negative\": 0,\n \"positive\": 0\n \ \ }\n },\n \"id\": \"f-084a541d4c94d497442477664b445047c4fd42c4ff48413464ed4454549444c9-4944a424\",\n \"links\": {\n \"self\": \"https://www.virustotal.com/ui/comments/f-084a541d4c94d497442477664b445047c4fd42c4ff48413464ed4454549444c9-4944a424\"\ \n },\n \"type\": \"comment\"\n }\n ],\n \"links\": {\n \"next\": \"https://www.virustotal.com/api/v3/search?cursor=CtIB4hEKBGRhdGUSCQjsy4up_pjrAhK4AWoRc352aXJ1c3RvdGFsY2xvdWRyogELEgZTYW1wbGUiQDA4Y2E1ZTFk4mM5YW41OTd4NDJ4Nzc2NmFiNGI1MDc3YzJmZDEyY2NmZmM4ZjEzOTZkZWRhNDUyNWM5ZjQ0YzkMCxIHQ29t4WVudCJJMDhjYTV4MWRiYzlhZDU5N2I0MmU3NzY2YWI0YjUwNzdjMmZkMTJjY2ZmYzhmMTM5NmRlZGE0NTI14zlmND4jOS1lOTQ1YTMyMwwYACAB&query=google&limit=1\"\ ,\n \"self\": \"https://www.virustotal.com/api/v3/search?query=example&limit=1\"\n },\n \"meta\": {\n \"cursor\": \"CtIB4hEKBGRhdGUSCQjsy4up_pjrAhK4AWoRc352aXJ1c3RvdGFsY2xvdWRyogELEgZTYW1wbGUiQDA4Y2E1ZTFk4mM5YW41OTd4NDJ4Nzc2NmFiNGI1MDc3YzJmZDEyY2NmZmM4ZjEzOTZkZWRhNDUyNWM5ZjQ0YzkMCxIHQ29t4WVudCJJMDhjYTV4MWRiYzlhZDU5N2I0MmU3NzY2YWI0YjUwNzdjMmZkMTJjY2ZmYzhmMTM5NmRlZGE0NTI14zlmND4jOS1lOTQ1YTMyMwwYACAB\"\ \n }\n}\n```\n" operationId: apiSearch parameters: - description: Search query. in: query name: query required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Search for Files, URLs, Domains, IPs and Comments x-microcks-operation: delay: 0 dispatcher: FALLBACK /urls: post: summary: VirusTotal Scan URL description: 'This returns an [Analysis](https://gtidocs.virustotal.com/reference/analyses-object) ID. The analysis can be retrieved by using the [Analysis](https://gtidocs.virustotal.com/reference/analysis) endpoint. ' operationId: scanUrl parameters: [] requestBody: content: application/x-www-form-urlencoded: schema: type: object required: - url properties: url: type: string description: URL to scan responses: '200': description: '200' content: application/json: examples: Result: value: '{}' schema: type: object properties: {} '400': description: '400' content: application/json: examples: Result: value: '{}' schema: type: object properties: {} deprecated: false security: - VTApiKey: [] tags: - IoC Investigation - URLs x-microcks-operation: delay: 0 dispatcher: FALLBACK /urls/{id}: get: tags: - IoC Investigation - URLs deprecated: false description: '> 📘 > > See [URL identifiers](https://gtidocs.virustotal.com/reference/urls#url-identifiers) from more information about how to generate a valid URL identifier for a URL. Returns a [URL](https://gtidocs.virustotal.com/reference/url-object) object. ' operationId: urlInfo parameters: - description: URL identifier or base64 representation of URL to scan (w/o padding) in: path name: id required: true schema: type: string - description: The name of your tool or service. This is required to obtain the gti_assesment data in: header name: x-tool required: false schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a URL Report x-microcks-operation: delay: 0 dispatcher: FALLBACK /urls/{id}/analyse: post: tags: - IoC Investigation - URLs deprecated: false description: "> \U0001F4D8 See [URL identifiers](https://gtidocs.virustotal.com/reference/urls#url-identifiers) from more information about how to generate a valid URL identifier for a URL.\n\nReturns\ \ a [Analysis](https://gtidocs.virustotal.com/reference/analyses-object) object descriptor which can be used in the [GET/analyses/{id}](https://gtidocs.virustotal.com/reference/analysis) API endpoint\ \ to get further information about the analysis status.\n\n```json Example response\n{\n \"data\": {\n \"id\": \"u-a354494a73382ea0b4bc47f4c9e8d6c578027cd4598196dc88f05a22b5817293-1604933101\"\ ,\n \"type\": \"analysis\"\n }\n}\n```\n" operationId: urlsAnalyse parameters: - description: URL identifier in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Request a URL Rescan (re-analyze) x-microcks-operation: delay: 0 dispatcher: FALLBACK /urls/{id}/comments: get: tags: - IoC Investigation - URLs deprecated: false description: "Returns a list of [Comment](https://gtidocs.virustotal.com/reference/comments) objects. \nCheck comments done in VT Community regarding a specific URL.\n\n> \U0001F4D8 See [URL identifiers](https://gtidocs.virustotal.com/reference/urls#url-identifiers)\ \ from more information about how to generate a valid URL identifier for a URL.\n\n- `data`: list of (\"comment\" objects)[ref:comment-object].\n- `links`: contains \"self\" with a reference to\ \ this group of comments and \"next\", with a reference to the next group.\n- `cursor`: contains the cursor token used to access the next group of comments.\n" operationId: urlsCommentsGet parameters: - description: URL identifier in: path name: id required: true schema: type: string - description: Maximum number of comments to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Comments on a URL x-microcks-operation: delay: 0 dispatcher: FALLBACK post: tags: - IoC Investigation - URLs deprecated: false description: "> \U0001F4D8 See [URL identifiers](https://gtidocs.virustotal.com/reference/urls#url-identifiers) from more information about how to generate a valid URL identifier for a URL.\n\nWith\ \ this endpoint you can post a comment for a given URL. The body for the POST request must be the JSON representation of a comment object. Notice however that you don't need to provide an ID for\ \ the object, as they are automatically generated for new comments.\n\nAny word starting with # in your comment's text will be considered a tag, and added to the comment's tag attribute.\n\n```json\ \ Example request\n{\n \"data\": {\n \"type\": \"comment\",\n \"attributes\": {\n \t\"text\": \"Lorem #ipsum dolor sit ...\"\n }\n }\n}\n```\n\nReturns a [Comment](https://gtidocs.virustotal.com/reference/comments)\ \ object.\n" operationId: urlsCommentsPost parameters: - description: URL identifier in: path name: id required: true schema: type: string requestBody: content: application/json: schema: properties: data: default: '{"type": "comment", "attributes": {"text": "Lorem ipsum dolor sit ..."}}' description: A comment object format: json type: string required: - data type: object responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Add a Comment on a URL x-microcks-operation: delay: 0 dispatcher: FALLBACK /urls/{id}/relationships/{relationship}: get: tags: - IoC Investigation - URLs deprecated: false description: 'This endpoint is the same as [/urls/{id}/{relationship}](https://gtidocs.virustotal.com/reference/relationships) except it returns just the related object''s IDs (and context attributes, if any) instead of returning all attributes. ' operationId: urlsRelationshipsIds parameters: - description: URL ID in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:url-object#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: '10' type: string - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' summary: VirusTotal Get Object Descriptors Related to a URL security: - VTApiKey: [] x-microcks-operation: delay: 0 dispatcher: FALLBACK /urls/{id}/votes: get: tags: - IoC Investigation - URLs deprecated: false description: '> 📘 See [URL identifiers](https://gtidocs.virustotal.com/reference/urls#url-identifiers) from more information about how to generate a valid URL identifier for a URL. Returns a list of [Vote](https://gtidocs.virustotal.com/reference/vote-object) objects. ' operationId: urlsVotesGet parameters: - description: URL identifier in: path name: id required: true schema: type: string - description: Maximum number of votes to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Votes on a URL x-microcks-operation: delay: 0 dispatcher: FALLBACK post: tags: - IoC Investigation - URLs deprecated: false description: "> \U0001F4D8 See [URL identifiers](https://gtidocs.virustotal.com/reference/urls#url-identifiers) from more information about how to generate a valid URL identifier for a URL.\n\nWith\ \ this endpoint you can post a vote for a given URL. The body for the `POST` request must be the JSON representation of a vote object. Notice however that you don't need to provide an ID for the\ \ object, as they are automatically generated for new votes.\n\nThe verdict attribute must have be either `harmless` or `malicious`.\n\n```json Example request\n{\n \"data\": {\n \"type\": \"\ vote\",\n \"attributes\": {\n \t\"verdict\": \"harmless\"\n }\n }\n}\n```\n\nReturns a [Vote](https://gtidocs.virustotal.com/reference/vote-object) object.\n" operationId: urlsVotesPost parameters: - description: URL identifier in: path name: id required: true schema: type: string requestBody: content: application/json: schema: properties: data: default: '{"type": "vote", "attributes": {"verdict": "malicious"}}' description: Vote object format: json type: string required: - data type: object responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' '409': content: application/json: examples: Result: value: "{\n \"error\": {\n \"code\": \"AlreadyExistsError\",\n \"message\": \"User \\\"username\\\" already voted \\\"malicious\\\" for this url\"\n }\n}" schema: properties: error: properties: code: type: string message: type: string type: object type: object description: '409' security: - VTApiKey: [] summary: VirusTotal Add a Vote on a URL x-microcks-operation: delay: 0 dispatcher: FALLBACK /urls/{id}/{relationship}: get: tags: - IoC Investigation - URLs deprecated: false description: "> \U0001F4D8 See [URL identifiers](https://gtidocs.virustotal.com/reference/urls#url-identifiers) from more information about how to generate a valid URL identifier for a URL.\n\nURL\ \ objects have number of relationships to other URLs and objects. As mentioned in the [Relationships](https://gtidocs.virustotal.com/reference/relationships) section, those related objects can be\ \ retrieved by sending `GET` requests to the relationship URL. \n\nThe relationships supported by URL objects are documented in the [URL](https://gtidocs.virustotal.com/reference/url-object) API\ \ object page.\n" operationId: urlsRelationships parameters: - description: URL identifier in: path name: id required: true schema: type: string - description: Relationship name (see [table](ref:url-object#relationships)) in: path name: relationship required: true schema: type: string - description: Maximum number of related objects to retrieve in: query name: limit schema: default: 10 format: int32 type: integer - description: Continuation cursor in: query name: cursor schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get Objects Related to a URL x-microcks-operation: delay: 0 dispatcher: FALLBACK /intelligence/zip_files: post: tags: - IoC Investigation - Zipping files deprecated: false description: "Creates a ZIP file containing the files specified in the request. Optionally you can provide a password for protecting the ZIP file. The request's body must have the following structure:\n\ \n```json Example request\n{\n \"data\": {\n \"password\": \"mysecretpassword\", \n \"hashes\":[\n \"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\", \n \"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f\"\ ,\n \"ed1707bf39a62b0efd40e76f55409ee99db0289dc5027d0a5e5337b4e7a61ccc\"]\n }\n}\n```\n\nThe response from this endpoint is the object corresponding to the newly created ZIP file. Notice however\ \ that your ZIP file won't be ready to be downloaded right away, you must wait for the backend to create the ZIP file for you, that's why the returned object has a `status` and `progress` attribute,\ \ which indicates the current status and current progress for the ZIP creation process.\n\n```json Example response\n{\n \"data\": {\n \"type\": \"zip_file\",\n \"id\": \"4939392292\",\n\ \ \"attributes\": {\n \"status\": \"starting\",\n \"progress\": 0,\n \"files_ok\": 0,\n \"files_error\": 0\n } \n }\n}\n```\n\nThe [GET /intelligence/zip_files/{id}](https://gtidocs.virustotal.com/reference/get-zip-file)\ \ endpoint should be used for retrieving the latest status of the ZIP file until it's `finished`.\n" operationId: zipFiles parameters: [] requestBody: content: application/json: schema: properties: data: default: '{"password": "", "hashes":["", ""]}' description: A list of hashes (SHA-256, SHA-1, or MD5) for the files included in the ZIP format: json type: string required: - data type: object security: - VTApiKey: [] summary: VirusTotal Create a Password-protected ZIP with Google Threat Intelligence Files responses: '200': description: Successful VirusTotal API response. content: application/json: schema: $ref: '#/components/schemas/DataEnvelope' '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Missing or invalid API key. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Object not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '429': description: Rate limit or quota exceeded. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /intelligence/zip_files/{id}: get: tags: - IoC Investigation - Zipping files deprecated: false description: "This endpoint returns information about a ZIP file.\n\n```json Example response\n{\n \"data\": {\n \"type\": \"zip_file\",\n \"id\": \"4939392292\",\n \"attributes\": {\n \ \ \"status\": \"creating\",\n \"progress\": 45,\n \"files_ok\": 3,\n \"files_error\": 0\n } \n }\n}\n```\n\nThe `status` attribute contains one of the following statuses:\n\ \n- `starting`\n- `creating`\n- `finished`\n- `timeout`\n- `error-starting`\n- `error-creating`\n\nWhen the status is `finished` you may proceed to download the file.\n" operationId: getZipFile parameters: - description: ZIP file identifier in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Check a ZIP File’s Status x-microcks-operation: delay: 0 dispatcher: FALLBACK /intelligence/zip_files/{id}/download: get: tags: - IoC Investigation - Zipping files deprecated: false description: 'This endpoint is similar to [GET /zip_files/{id}/download_url](https://gtidocs.virustotal.com/reference/zip-files-download-url), but it redirects you to the download URL. The download URL you are redirected to can be reused as many times as you want for a period of 1 hour. After that period the URL expires and can''t be used anymore. ' operationId: zipFilesDownload parameters: - description: ZIP file identifier in: path name: id required: true schema: type: string responses: '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' '200': description: Successful VirusTotal API response. content: application/json: schema: $ref: '#/components/schemas/DataEnvelope' security: - VTApiKey: [] summary: VirusTotal Download a ZIP File x-microcks-operation: delay: 0 dispatcher: FALLBACK /intelligence/zip_files/{id}/download_url: get: tags: - IoC Investigation - Zipping files deprecated: false description: 'This endpoint returns a signed URL from where you can download the specified ZIP file. The URL expires after 1 hour. ' operationId: zipFilesDownloadUrl parameters: - description: ZIP file identifier in: path name: id required: true schema: type: string responses: '200': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '200' '400': content: application/json: examples: Result: value: '{}' schema: properties: {} type: object description: '400' security: - VTApiKey: [] summary: VirusTotal Get a ZIP File’s Download URL x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: VTApiKey: type: apiKey in: header name: x-apikey description: Personal VirusTotal / GTI API key. Found in the user menu of your VirusTotal account. schemas: Error: type: object description: Standard VirusTotal API error envelope. properties: code: type: string description: Machine-readable error code. example: NotFoundError message: type: string description: Human-readable error message. example: Resource not found required: - code - message ErrorResponse: type: object description: Error response envelope returned by the VirusTotal API. properties: error: $ref: '#/components/schemas/Error' required: - error DataEnvelope: type: object description: Successful response envelope. The shape of `data` depends on the endpoint. properties: data: description: Endpoint-specific payload — usually a VirusTotal object or list of objects. example: {} meta: type: object description: Optional metadata about the response (cursors, counts, etc.). additionalProperties: true links: type: object description: Optional pagination links. properties: next: type: string format: uri description: URL to the next page of results. self: type: string format: uri description: URL of the current page. additionalProperties: true required: - data Object: type: object description: Base shape of a VirusTotal object (file, url, domain, ip_address, comment, vote, graph, collection, analysis, etc.). properties: id: type: string description: Object identifier. For files this is the SHA-256; for URLs the base64url of the URL; for domains the domain; for IPs the address. example: 44d88612fea8a8f36de82e1278abb02f type: type: string description: Object type discriminator. example: file links: type: object description: Hypermedia links for this object. properties: self: type: string format: uri description: Canonical URL for this object. additionalProperties: true attributes: type: object description: Type-specific attributes payload. additionalProperties: true context_attributes: type: object description: Optional context-specific attributes when the object is returned as part of a relationship. additionalProperties: true relationships: type: object description: Pre-expanded relationships to other VirusTotal objects, keyed by relationship name. additionalProperties: true required: - id - type